Anti-Money Laundering and Sanctions Compliance. You Can t Afford the Risks

Transcription

1 Anti-Money Laundering and Sanctions Compliance You Can t Afford the Risks Audit / Tax / Advisory / Risk / Performance Smart decisions. Lasting value.

2 The Risks Associated With AML and Sanctions Compliance Are Just Too Great to Ignore Continued increases in regulatory scrutiny and rigorous enforcement have turned compliance with the U.S. and global sanctions and anti-money laundering (AML) regimes into a front-burner issue for providers of financial services. The Bank Secrecy Act (BSA), USA PATRIOT Act, laws relating to the Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury, European Union AML directives, Wolfsberg Principles, and guidance from the Financial Action Task Force compose a subset of the laws and regulatory guidance governing the global AML environment. These regulations and guidelines require businesses to be vigilant in identifying and reporting suspected money laundering, sanctioned activities, terrorist financing, and other criminal activities. 2

3 Congressional investigators and law enforcement have called on regulators to look more closely for compelling evidence of good governance, effective model risk management, strong business processes and controls, and robust program documentation. Failing programs mandate immediate corrective actions that, more often than not, pose considerable one-time and recurring costs to the institution. Crowe Horwath can help you create a risk-based AML and sanctions program tailored to your specific needs in today s complex environment. From large global banks and broker-dealer organizations to credit unions and community banks, from gaming and casino operations to money transmitters and money services businesses, from startup financial technology companies to established payment processors and other financial services companies, Crowe specialists draw on years of experience and thought leadership to create customized and scalable solutions for all types and sizes of financial services companies. The risks of noncompliance are substantial: Reputation risk Regulatory compliance risk A broad range of operational and strategic risks High-value customer risk Earnings and performance risk With compliance requirements and expectations stemming from unique risk profiles, meeting evolving AML and sanctions requirements has become a complex exercise involving a moving target. As businesses struggle to comply, regulatory requirements and expectations pose another challenge: how to meet compliance obligations without damaging customer relations or impeding business growth and innovation. Addressing Compliance Requirements Can Offer Significant Benefits Demonstrated commitment to protecting the global financial system Reduced risk of reputation damage from regulatory action and negative publicity Increased protection of corporate and shareholder value and goodwill Proactive human and technology resource planning on AML and sanctions initiatives rather than regulator-driven compliance projects Cost-effective compliance with AML and sanctions laws, regulations, and regulatory expectations Effective decision-making and risk management through use of analytics Leading providers of financial services are also looking at the impact of an AML and sanctions program on competition and customer relationships, viewing compliance as an opportunity to expand their knowledge of customers and deliver a higher level of service. Customized and Scalable Solutions crowehorwath.com/aml 3

4 Crowe CLAMP Model: Our AML Operating Model for Regulated Financial Services Companies The Crowe CLAMP (Closed-Loop Anti-Money Laundering Program) operating model allows financial services companies to achieve a high level of capability maturity in nine AML and sanctions areas and is designed to verify that each area interacts with the others to provide appropriate and ongoing feedback. These nine areas are highlighted in the exhibit and described in detail on the following pages. Crowe CLAMP Operating Model Corporate Governance/Enterprise Risk Management Enterprisewide Compliance Risk Assessment AML Risk Assessment Risk Profile Policies Written Procedures Staffing/Training Program, Project, and Regulatory Relationship Management Risk-Based Customer Due Diligence Investigations and Reporting Suspicious Activity Monitoring Single Customer View & Data Analytics Data and Document Management Model Validation and Calibration Model Development, Implementation, and Use Model Risk Management and Model Governance Effective Internal Controls Monitoring/Self-Testing Independent Audit 4

5 1. A Strong Enterprise Foundation Surrounding an organization s AML program is an enterprise foundation that determines an organization s ability to respond to changes in both the business and regulatory environments. The foundation consists of four components: corporate governance and enterprise risk management, model risk management and model governance, independent audit, and the ability to establish effective policies that have been approved by the board. 2. Principal Capabilities Four principal capabilities serve as the backbone of an organization s AML program: An enterprisewide compliance risk assessment weighs the risk of legal or regulatory sanctions, financial loss, or damage to reputation and franchise value; comprehensive processes guide the development, implementation, and use of models for AML and sanctions compliance; effective monitoring and self-testing of controls by the AML and sanctions group prepares the organization for review by independent audit; and written procedures reflect the institution s current AML program. 3. Demonstrated Execution Every program must demonstrate the ability to execute on the plan and the designed organizational components. An AML and sanctions risk assessment produces a risk profile based on products, geography, and customer and account characteristics, resulting in a guide for organizational priorities. Effective internal controls demonstrate a history of adequate and sound responses to areas in need of attention. Staffing and training should take place at all levels of the organization, especially at those with responsibility for the AML and sanctions program. Models and systems relied upon for compliance must be calibrated and validated to verify their accuracy and effectiveness. 4. Customer Due Diligence The goal of customer due diligence (CDD) is to identify, screen, and assist with the accounts of the organization s new and existing customers that present a higher risk for money laundering and terrorist financing. CDD provides the mechanism to implement the due diligence and sanctions screening processes required for every customer and the enhanced due diligence processes required for customers posing a higher risk. 5. Activity Monitoring The goal of activity monitoring is to identify potentially suspicious or prohibited customer activity through high-quality alerts while minimizing false positives. Meaningful transaction analysis requires using rules-based, profiling, or machine learning technologies, as well as advanced analytics. Transaction monitoring systems must consider an organization s unique risk profile and integrate with CDD to effectively detect unusual and suspicious activity. Structured analysis, tracking, and follow-up are required in order to properly address each potential suspicious incident. 6. Investigations and Reporting Suspicious activity, regardless of its origin, requires detailed investigation and documentation by qualified individuals. Requests for investigations may be initiated through the organization s CDD efforts, sanctions screening, activity monitoring systems, or fraud detection processes, or externally (such as via Section 314 of the USA PATRIOT Act). Unusual activity deemed to be suspicious should be reported to law enforcement on a suspicious activity/transaction report. crowehorwath.com/aml 5

6 7. Single Customer View An organization must have the ability to demonstrate that it understands its customer information and has properly associated linked relationships both within a line of business and across subsidiaries. The convergence of expected and actual risk requires that an organization not only understand who the customer is, but also what he or she is doing. A robust single customer view will help drive use of advanced analytics to further address AML risk and increase program efficiency. 8. Data and Document Management The Customer Identification Program and other mandates require maintenance of documents and historical data for minimum durations. Backups and archives must be set up to allow retrieval in an organized and timely manner. Audit trails track data and enable document capture to assist with information and document warehousing, which in turn help improve management and operational reporting, as well as compliance and litigation support. 9. Program Management Effective program management includes project and regulatory relationship management. Organizations should demonstrate an ability to plan, organize, and manage AML projects through a program office. Furthermore, projects must be consistently executed on time and within budget to create regulator confidence in an institution s ability to deliver on what is promised. 6

7 Crowe Offers a Comprehensive Closed-Loop AML Solution Crowe brings together an integrated team of financial services industry professionals, specializing in the areas of: Regulatory compliance Enterprise risk management Business process management Customer experience management Technology systems integration and implementation Our unique combination of in-depth industry knowledge, broad-based business competencies, and the Crowe CLAMP operating model offers our clients a comprehensive, closed-loop AML solution. Our solutions are configurable: They can be implemented holistically for organizations with high regulatory expectations or as point solutions targeting specialized areas of need for organizations with specific regulatory requirements. crowehorwath.com/aml 7

8 AML and Sanctions Solutions to Match Your Risk Profile Our team of AML and sanctions specialists can help you create a risk-based compliance program tailored to your organization s specific needs. Because there is no such thing as a one-size-fits-all program, Crowe solutions can be customized to your organization based on risk profile, business model, size, location, customer base, corporate culture, delivery channels, products, and service offerings. Crowe AML and Sanctions Services and Solutions At Crowe, we view compliance as a continual process of vigilance grounded in a proactive program that can raise red flags when significant changes, variances, and contradictions occur. Our AML and sanctions solutions can be implemented as a comprehensive compliance program or customized to focus on specific challenges. Model Risk Management Financial institutions are required to adapt their existing AML risk management programs to the most current industry and regulatory standards. Crowe has an established model risk management methodology and framework that help organizations meet regulatory expectations. These services include: Identifying and supporting the model inventory Assessing model risks Developing and implementing models and systems Validating models relied upon for AML and sanctions compliance Calibrating or optimizing AML and sanctions system parameters Establishing governance and oversight for the model risk management program AML Analytics and Reporting Enhanced analytics and statistical techniques are necessary to effectively analyze and calibrate AML models to provide accurate customer risk rating, transaction monitoring, and sanctions screening capabilities. Other critical components of a strong AML and sanctions program include data warehousing, integration, and governance, as well as effective data visualization and dashboards to provide management with enhanced visibility. Crowe services include: Defining analytics programs Establishing program KPIs and KRIs Calibrating system parameters Designing and developing management reporting capabilities 8

9 Independent AML and Sanctions Testing Services Crowe conducts annual AML/ combating the financing of terrorism (CFT) and sanctions independent testing services for more than 100 financial institutions around the globe through a dedicated professional team with AML, sanctions, and audit experience. The Crowe approach is designed to adapt to each of our clients unique risk profiles, empowering institutions to satisfy regulatory requirements while applying our leading perspectives. Our experiences and approach have withstood the scrutiny of examination and review in some of the most intense regulatory environments in recent history. Regulatory Response and Remediation Crowe has extensive experience working with regulators to help institutions address examiner concerns and offers a broad array of AML and sanctions-specific services for institutions facing regulatory issues and enforcement actions. These well-established and respected services include: Independent third-party monitoring services AML look back reviews Consent order validation and independent testing services Financial investigation services for either ongoing support or special assignments Program assessment and enhancement Exam preparation and support Regulatory remediation planning and assistance AML Program Enhancement Services As part of its broad AML program enhancement services, Crowe frequently is called upon to provide program oversight and compliance integration services in addition to specific enterprise risk assessment efforts. Crowe services include: Enterprise compliance, AML, and sanctions risk assessment Formulation of policies, procedures, and program standards Program assessment and futurestate road map documentation Formation and optimization of financial intelligence units Convergence of financial crimes programs Merger and acquisition support Ongoing advisory services and thought leadership Business-as-usual support and optimization Annual and ongoing AML and sanctions training Crowe also has extensive experience helping institutions with exam preparation and assistance and maintaining compliance with OFAC requirements and other global trade and economic sanctions. crowehorwath.com/aml 9

10 Customer Due Diligence Know your customer (KYC), CDD, and accurate customer risk rating capabilities are essential components of an effective AML program. Crowe offers in-depth knowledge and technological expertise in helping institutions: Establish enhanced due diligence (EDD) processes and procedures Support business-as-usual EDD reviews Design and develop customer risk rating models Implement CDD and singlecustomer-view systems Design and execute calibration for customer risk rating models Validate CDD and customer risk rating models Suspicious Activity Monitoring Crowe offers ongoing support in the design, development, and implementation of transaction monitoring systems, including system assessment, system enhancement, and pre- and postimplementation calibration and validation. Services include: Performing triage in response to clients alerts to support business-as-usual processes Designing, developing, and implementing suspicious activity monitoring models Designing and executing calibration for suspicious activity models Validating suspicious activity models Investigations and Reporting Along with supporting regulatorymandated look backs, Crowe provides suspicious activity monitoring, enhanced due diligence, and sanctions alert review services. Crowe brings experienced investigators to support businessas-usual processes and also assists with the optimization of AML compliance operations teams and investigations units. Data Management As AML and sanctions programs increase their reliance on technology for effective and efficient compliance, data management and quality grow in importance. Crowe provides services to assist with: Mapping and integrating data sources to compliance systems Assessing data quality and completeness Developing data management strategies Using data visualization tools to support AML and sanctions compliance and reporting Technology Through coordination with clients and extensive experience, Crowe has developed technology solutions that support and bring efficiency to AML program components. This technology includes: Crowe Model Risk Manager assists institutions with supporting an end-to-end model risk management program Crowe Dynamic Customer Insight facilitates the collection of customer information, evaluation of customer risk rating, and execution of enhanced due diligence and high-risk customer reviews Crowe Caliber assists institutions in calibrating their transaction monitoring systems and the associated parameters, ad ding efficiency to the tuning process Crowe Activity Review System uses dynamic questioning and automated narrative generation to significantly reduce the amount of effort required to review suspicious activity alerts Crowe Collaborative Risk Manager facilitates the AML and sanctions risk assessment by identifying, measuring, and monitoring key risk areas, allowing for better risk identification and evaluation 10

11 crowehorwath.com/aml 11

12 Learn More Vicky Ludema Managing Director About Us Crowe risk professionals instill sustainable strategies to help businesses transform governance and maintain efficient compliance. We collaborate with our clients to confirm that their people, systems, and technology work together to strengthen their organization. Crowe invests in tomorrow because we know smart decisions build lasting value for our clients, people, and profession. crowehorwath.com/aml In accordance with applicable professional standards, some firm services may not be available to attest clients Crowe Horwath LLP, an independent member of Crowe Horwath International crowehorwath.com/disclosure RISK A