Ten Points Regulators Will Be Looking For On Your Next AML Exam

Transcription

1 ABA BRIEFING PARTICIPANT S GUIDE Ten Points Regulators Will Be Looking For On Your Next AML Exam Tuesday, September 20, 2016 Eastern Time 2:00 p.m. 3:30 p.m. Central Time 1:00 p.m. 2:30 p.m. Mountain Time 12:00 p.m. 1:30p.m. Pacific Time 11:00 a.m. 12:30 p.m.

2 American Bankers Association Ten Points Regulators Will Be Looking For On Your Next AML Exam Tuesday, September 20, :00 3:30 p.m. ET DISCLAIMER This Briefing/Webcast will be recorded with permission and is furnished for informational use only. Neither the speakers, contributors nor ABA is engaged in rendering legal nor other expert professional services, for which outside competent professionals should be sought. All statements and opinions contained herein are the sole opinion of the speakers and subject to change without notice. Receipt of this information constitutes your acceptance of these terms and conditions. COPYRIGHT NOTICE USE OF ACCESS CREDENTIALS 2016 by American Bankers Association. All rights reserved. Each registration entitles one registrant a single connection to the Briefing by Internet and/or telephone from one room where an unlimited number of participants can be present. Providing access credentials to another for their use, using access credentials more than once, or any simultaneous or delayed transmission, broadcast, re-transmission or re-broadcast of this event to additional sites/rooms by any means (including but not limited to the use of telephone conference services or a conference bridge, whether external or owned by the registrant) or recording is a violation of U.S. copyright law and is strictly prohibited. Please call if you have any questions about this resource or ABA membership.

3 American Bankers Association Ten Points Regulators Will Be Looking For On Your Next AML Exam Tuesday, September 20, :00 3:30 p.m. ET Table of Contents TABLE OF CONTENTS... II SPEAKER & ABA STAFF LISTING... III SPEAKER BIOGRAPHIES... IV PROGRAM OUTLINE... V CONTINUING EDUCATION CREDITS INFORMATION... VI CPA SIGN-IN/SIGN-OUT SHEET... VII INSTRUCTIONS FOR RECEIVING CERTIFICATES OF ATTENDANCE.. VIII PROGRAM INFORMATION... ENCLOSED PLEASE READ ALL ENCLOSED MATERIAL PRIOR TO BRIEFING. THANK YOU. The Evaluation Survey Questionnaire is available online. Please complete and submit the questionnaire at: Thank you for your feedback. II

4 American Bankers Association Ten Points Regulators Will Be Looking For On Your Next AML Exam Tuesday, September 20, :00 3:30 p.m. ET Speakers and ABA Staff Listing Speaker and Moderator Gary Lindsey Principal Crowe Horwath LLP One Columbus Columbus, OH (614) Speakers John Epperson Principal Crowe Horwath LLP 225 West Wacker Chicago, IL (630) ABA Briefings Staff Cari Hearn Senior Manager (202) Linda M. Shepard Senior Manager (202) American Bankers Association 1120 Connecticut Avenue, NW Washington, DC www. III

5 American Bankers Association Ten Points Regulators Will Be Looking For On Your Next AML Exam Tuesday, September 20, :00 3:30 p.m. ET Speaker Biographies GARY LINDSEY Gary is the National Practice Leader for BSA/ AML Audit Services as part of Crowe Horwath LLP s overall Risk Practice, with more than 17 years of experience leading BSA/AML audits and reviews. In this role Gary is responsible for the oversight and maintenance of service standards, staff development, quality assurance and technical standards for approximately 150 BSA/ AML recurring audits conducted by the Firm each year. Gary is also responsible for the direct oversight and performance of BSA/AML audits for the Firm s largest and most complex bank and non-bank financial institutions and serves as a trusted advisor to their Board of Directors and Audit Committees. JOHN EPPERSON John is a principal with Crowe Horwath LLP specializing in the areas of financial institution risk management, model risk management (MRM), auditing/internal controls, and Anti-Money Laundering (AML) regulatory compliance. John leads Crowe s Payments regulatory compliance practice and maintains a leadership role within the firm s national AML and MRM practices. John is responsible for designing and executing regulatory compliance audit and system validation testing plans, implementing and enhancing enterprise wide compliance programs for bank and non-bank financial service companies and a trusted advisor in leading projects that have withstood examination in some of the most intense regulatory environments in recent history. IV

6 American Bankers Association Ten Points Regulators Will Be Looking For On Your Next AML Exam Tuesday, September 20, :00 3:30 p.m. ET TIMES PROGRAM OUTLINE SESSION AND SPEAKERS 1:45 2:00 p.m. ET Pre-Seminar Countdown 2:00 2:02 p.m. Welcome and Program Introduction 1Source International 2:02 2:10 p.m. Opening Comments and Speaker Introductions Program Agenda and Background Gary Lindsey, Crowe Horwath LLP 2:10 2:25 p.m. Segment 1 Exploring recent trends in AML supervision Discussing areas of intensified regulatory scrutiny John Epperson, Crowe Horwath LLP Gary Lindsey, Crowe Horwath LLP 2:25 2:45 p.m. Segment 2 Identifying practical approaches for meeting regulatory expectations Discussing operational impact of new regulatory guidance John Epperson, Crowe Horwath LLP Gary Lindsey, Crowe Horwath LLP 2:45 2:50 p.m. Questions & Answers 2:50 3:20 p.m. Segment 3 Practical tips for your next AML Exam John Epperson, Crowe Horwath LLP Gary Lindsey, Crowe Horwath LLP 3:20 3:30 p.m. Questions & Answers Wrap-up V

7 American Bankers Association Ten Points Regulators Will Be Looking For On Your Next AML Exam Tuesday, September 20, :00 3:30 p.m. ET Continuing Education Credits Information The Institute of Certified Bankers (ICB) is dedicated to promoting the highest standards of performance and ethics within the financial services industry. The ABA Briefing, Ten Points Regulators Will Be Looking For On Your Next AML Exam has been approved for 2.0 continuing education credits towards the CRCM and CAFP designations. To claim these continuing education credits, ICB members should visit the Member Services page of the ICB Website at You will need your member ID and password to access your personal information. If you have difficulty accessing the Website and/or do not recall your member ID and password, please contact ICB at or American Bankers Association is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: CPE credit hours (Business Management & Organization) will be awarded for attending this group-live Briefing/Webcast. Participants eligible to receive CPE credits must sign in and out of the group-live Briefing/Webcast on the CPA Required Sign-in/Sign-out Sheet included in these handout materials. A CPA/CPE Certificate of Attendance Request Form also must be completed online. See enclosed instructions. Continuing Legal Education Credits This ABA Briefing/Webcast is not pre-approved for continuing legal education (CLE) credits. However, it may be possible to work with your state bar to obtain these credits. Many states will approve telephone/ audio programs for CLE credits; some states require proof of attendance and some require application fees. Please contact your state bar for specific requirements and submission instructions. VI

8 American Bankers Association Ten Points Regulators Will Be Looking For On Your Next AML Exam Tuesday, September 20, :00 3:30 p.m. ET CPA Required Sign-in/Sign-out Sheet CPAs may receive up to 1.5 hours of Continuing Professional Education (CPE) credit for participating in this group-live Briefing/Webcast. INSTRUCTIONS: 1. Each participating CPA must sign-in when he/she enters the room and sign-out when he/she leaves the room. 2. Name and signature must be legible for validation of attendance purposes as required by NASBA. 3. Unscheduled breaks must be noted in the space provided. 4. Each participating CPA must complete, online a CPA/CPE Certificate of Completion Request Form (instructions found on page VIII). 5. Individuals who do not complete both forms and submit them to ABA will not receive their Certificate of Completion. This CPE Sign In/Out Sheet must be scanned and uploaded with the CPE / CPA Request for Certificate of Completion form (instructions found on page VIII of this kit) in order for the CPA to receive your Certificate of Completion. FULL NAME (PLEASE PRINT LEGIBLY) SIGNATURE TIME IN TIME OUT UNSCHEDULED BREAKS American Bankers Association is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: Please note: CPE credits are ONLY awarded to those who have listened to the live broadcast of this Briefing/Webcast. VII

9 American Bankers Association Ten Points Regulators Will Be Looking For On Your Next AML Exam Tuesday, September 20, :00 3:30 p.m. ET Instructions for Receiving Certificates of Attendance CPA/CPE Certificate of Attendance Submission of a sign-in/sign-out sheet AND electronic request for a certificate of attendance are required for the validation process to be completed. NASBA requires ABA to validate your attendance BEFORE you will receive your certificate of attendance. 1. COMPLETE a CPA / CPE Certificate of Completion Request Form online at: 2. SCAN AND UPLOAD the completed CPE / CPA Required Sign-in/Sign-out Sheet (enclosed) and include it with the REQUEST for CPE/CPA Certificate of Completion form found in Step SUBMIT completed Request Form and Sign-in/out Sheet 4. VALIDATION ABA Briefing Staff will VALIDATE your attendance within 10 days from receipt of Request Form and Sign-in/out Sheet 5. A personalized certificate of completion will be ed to you once your attendance is validated 6. QUESTIONS about your certificate of completion? Contact us at briefingcertificates@. General Certificate of Completion 1. REQUEST a General Certificate of Completion at: 2. A personalized certificate of completion will be ed to you within 10 days of your request. 3. QUESTIONS about your certificate of completion? Contact us at briefingcertificates@. VIII

10 Ten Points Regulators Will Be Looking For on Your Next AML Exam ABA Briefing/Webinar Tuesday, September 20, 2016 Disclaimer This Briefing will be recorded with permission and is furnished for informational use only. Neither the speakers, contributors nor ABA is engaged in rendering legal nor other expert professional services, for which outside competent professionals should be sought. All statements and opinions contained herein are the sole opinion of the speakers and subject to change without notice. Receipt of this information constitutes your acceptance of these terms and conditions. 2 1

11 With You Today Gary Lindsey, Principal Crowe Horwath LLP Global AML Audit Practice Leader AML Regulatory Order Response FS Regulatory Compliance Consulting /Audit John Epperson, Principal Crowe Horwath LLP Diversified Payment / Fintech Practice Leader AML Model Risk Management FS Regulatory Compliance Consulting /Audit 3 Learning Objectives Exploring recent trends in AML supervision Discussing areas of intensified regulatory scrutiny Identifying practical approaches for meeting regulatory expectations Discussing operational impact of new regulatory guidance 4 2

12 AML Regulatory Landscape Regulatory supervision and focus on AML compliance programs remains high Many are reporting continued or increased examiner presence as it relates to AML supervision Continued headlines, public actions, fines, and penalties Heighted expectations increasingly seen at smaller organizations Crowe Horwath LLP 6 3

13 Point #1: Past Observations and Recommendations Question: Have you remediated all past issues/ findings? 7 Past Observations/ Recommendations The most common exam planning points Past observations and recommendations can derive from several sources: Report of Examination Supervisory Letter Consent Order/ Formal Agreement Internal Audit Reports Self Testing Reports Examiners focus on understanding how issues have been resolved, including the sustainability of the controls View point that past observations/ recommendations are not closed / remediated until adequately tested or validated by Internal Audit Important to have well documented plans and strategy for longer term corrective action project 8 4

14 Past Observations/ Recommendations How to Prepare for Your Next Exam Inventory all open Internal Audit, Self Testing, and Regulatory observations/ recommendations Ensure remediation efforts are complete and well documented in terms of resolution For remediation activities that are still ongoing, ensure that appropriate documentation is retained to support remediation progress Ensure the organization s testing program has tested remediation efforts and concluded on their achievement/ success 9 Point #2: Changes in Risk Profile Question: Have you experienced a significant event that has caused a change in your AML risk profile? 10 5

15 Changes in Risk Profile There is a continued emphasis from Regulators on an organization s ability to identify and respond to changes in their AML risk profile. Failure to understand AML risk associated with new products, services, and customer segments is an underlying theme of most enforcement actions Examiners are focusing not just on the identification and response to changes in AML risk, but how timely the organization is able to both identify and respond to these changes. Measuring, analyzing, and responding to risks through the annual risk assessment process presents challenges and does not meet Regulator s increased expectations. 11 Changes in Risk Profile Changes in an organization s AML risk profile may occur periodically and may be the result of both internal and external events. Examples include: Implementation of new software or technology; Turnover or changes in staff; Introduction of new products or services; Geographic expansion; Acquisitions or combinations; Growth in high risk product or customer segments; and Changes in geographic risk. An effective response to changes starts with a comprehensive and transparent assessment of risk, not just an exercise of compliance The identification of changes, and their assessment of risk, should effectively allow for the flow of resources, investment, and infrastructure to manage the change in risk to the organization. 12 6

16 Changes in Risk Profile How to Prepare for Your Next Exam Revisit how your organization identifies events or changes in risk. Do you have effective process for timely, or proactive, identification of risk changes? Understand any significant changes or events that have occurred since your prior examination. Ensure the risks associated with any changes or events have been assessed and well documented. Evaluate the sustainability of any controls implemented as a result of AML risk profile changes. 13 Point #3: AML Systems and Tools Question: Are your systems prepared to meet the growing complexity of AML processes and growing regulatory expectations? 14 7

17 AML Systems AML systems are increasingly the cornerstone of an effective AML program The failure of systems relied upon for AML compliance is the leading factor associated with fines, penalties, and enforcement actions Examples of AML systems include transaction monitoring, customer risk rating, and sanctions list screening The dynamics and sophistication of AML systems have advanced significantly over the last several years Strong system/model governance overseeing aspects of system development/implementation, validation, and ongoing use. 15 AML System Risks Risk Design and Development Risk Implementation Risk Input Processing Risk Performance Risk Output and Use Risk Example The system is not aligned to identify typologies of money laundering and financial crime consistent with products, services, and geographies System is incorrectly configured to account for relevant business and regulatory requirements System data is inaccurate, incomplete, or stale Product or customer risks change overtime with adjustments not properly applied to the system Poor business decisions are applied to the system output 16 8

18 System/Model Risk Management Do we have the right system controls to ensure the performance of the model overtime? Have we identified all of our AML models? Did we implement the model correctly and do we have documentation to prove it? Have we independently validated that the model is performing as intended? Are we calibrating the model thresholds and parameters overtime? 17 AML Systems How to Prepare for Your Next Exam Ensure you have inventoried and identified all the systems and models used to support the organization s AML compliance program Ensure system or model output is up to date and free of back logs Verify that supporting systems and models have been tested and/ or validated Ensure AML system and model governance controls are aligned to bank wide governance policies Ensure that past findings from model validations or system testing have been fully remediated 18 9

19 Point #4: Independent Testing Question: Does your internal audit staff have the capabilities required to effectively assess AML compliance? 19 AML Independent Testing AML/BSA and Sanctions audit is the most frequently cited violation Evaluated by Regulators during the exam planning, but also throughout the exam Examiners are increasingly leveraging audit results and workpapers to shape an examination Expanding AML qualifications are needed to satisfy increasing regulatory demands Increased focus on the depth, quality, and coverage of testing performed 20 10

20 AML Independent Testing Auditors are increasingly challenged to audit to not just to regulations, but also to examiner expectations Including credible challenge to established policies, procedures, and controls Increased attention to audit s ability to audit changes in risk, remediation of past issues, and new regulations and guidance Regulatory view point that past regulatory and audit issues remain open until effectively tested or validated The most successful organizations look to AML audit as an opportunity to flush out and address issues prior to an examination 21 AML Independent Testing How to Prepare for Your Next Exam Ensure you have the right mix of both AML and internal audit professionals completing audit activities Includes both internal and external resources Determine if the remediation of any past regulatory exam or audit issues have been successfully tested/ validated by internal audit Verify that internal audit personnel are informed of significant changes in your AML risk profile Verify that significant changes in your AML risk profile have been tested or evaluated by internal audit Includes new products and services, acquisitions, combinations, etc

21 Point #5: AML Resources/ Staffing Question: Does your bank have a plan in place to help leaders address and resolve AML risks? 23 AML Resources and Staffing AML professional expertise is in significant demand The depth and quality of AML resources is a significant exam evaluation point Increased focus on AML professionals ability to effect change and influence Examiners are looking for indicators of insufficient resources during the examinations Past due reporting, backlogs, slow response to change, etc Increased regulatory focus on reporting channels and communication lines Sufficient access to board and be sufficiently empowered to be effective and have sufficient, competent resources 24 12

22 AML Resources and Staffing Increased regulatory focus on the resources supporting the compliance program, not just staffing Includes enabling technology, tools, and systems supporting the compliance program The degree and complexity of needed resources may increase as an organization s risk profile changes Examiner focused on understanding that the right level of technology and tools are maintained commensurate with an organization s risk profile Examples may include transaction monitoring systems, customer risk scoring systems, case management platforms, etc Enabling technology and tools should align with an organization s current business and regulatory needs, as well as align to the strategic direction of the organization 25 AML Resources/Staffing How to Prepare for Your Next Exam Verify that resumes and CVs for AML professionals are up to date and current Perform capacity assessment or employ use of capacity model to monitor resource needs Document resource or capacity plans for areas of significant turnover Establish documented plans to remediate compliance requirements outside of established procedural timeframes or Service Level Agreements (SLAs) Evaluate if defined business needs are able to met through existing tools, resources and systems Evaluate if existing tools and resources are in line with strategic direction of the organization 26 13

23 Point #6: Transaction Monitoring Processes Question: Are your transaction monitoring processes effective in identifying suspicious activity? 27 Transaction Monitoring Performance Enhanced monitoring of third party risks (correspondent banking, payment processing, TPPP) Focus on monitoring all risks which may be more than just customers (e.g. customer s customer, device) More information and insight on SAR decision making Advancements in machine learning, cognitive learning, and advanced analytical monitoring Knowing when a model is not performing as expected 28 14

24 Tuning and Optimization 29 Tuning and Optimization Triggering Events 30 15

25 Transaction Monitoring Performance How to Prepare for Your Next Exam Map relevant AML typologies to transaction monitoring coverage whether that be automated, manual, or LOB control Ensure the maintenance of prescriptive and statistically valid tuning and optimization methodology and processes Maintain documentation to demonstrate empirical evidence that your thresholds and parameters are appropriate How and when are you going to tune and optimize thresholds overtime (e.g. event based metrics and measures to support performance monitoring overtimes) Demonstrate effective segregation of duties throughout tuning processes 31 Point #7: Third Party AML Risks Question: How are you managing Third party AML risks that might exist at your organization? 32 16

26 Third Party AML Risks Increased industry reliance on third parties for management of certain BSA/AML functions Fintech and digital disruption resulting in new and emerging riks Bank partnerships Bank account reliance Increasing compliance risks on not just flow of funds, but the flow of information Reliance on vendor systems and algorithms 33 Third Party AML Risks How to Prepare for Your Next Exam Strong documented oversight and testing of effectiveness of controls when relied upon by third party Define roles, responsibilities, resources when partnering with non bank financial institution Demonstrate due diligence on marketing and sales methods when engaged with TPPP Assess risks that exist with not just the flow of funds but the retention of transactional information Maintain documentation to support black box vendor supported systems 34 17

27 Point #8: High Risk Customer Administration Question: Are you effectively identifying and mitigating high risk customers? 35 High Risk Customer Administration Movement toward creative uses of alternative data or tech enabled KYC Beneficial Ownership ruling impact Maintenance of relevant KYC/CDD information overtime Reliance on Third Party CDD/CIP/KYC Tuning and validation of customer risk scoring models Continued focus on EDD documentation standards 36 18

28 High Risk Customer Administration How to Prepare for Your Next Exam Justification of tech enabled EDD or reliance on third parties Ensure your EDD processes are tailored to specifically address the unique risk factors presented by varying customer types Retain documentation to support and justify reasonableness of customer risk scoring model and its overt linkage to your risk assessment Define risk based collection of beneficial ownership, roadmap to compliance with beneficial ownership ruling Strong processes and quality assurance supporting adherence to EDD documentation standards and timeliness 37 Point #9: Single Customer View Question: Are you able to monitor and assess AML risks through a single customer view? 38 19

29 Single Customer View Siloed and legacy banking systems and lines of business impact ability to assess and monitor enterprise AML risk Beneficial Ownership ruling impact Integration of single customer view into AML system (e.g. monitoring and customer risk rating) Concerns in leveraging third parties to support aspects of CDD/CIP/KYC 39 Single Customer View How to Prepare for Your Next Exam Identify risks and corresponding controls to consolidate key KYC/CDD information to conclude on consolidated risk of customer Define any applicable technology roadmap that seeks to consolidate and streamline a single customer view Be prepared to discuss tactical and strategically means to comply with beneficial ownership ruling better to vet now than in two years from now Assess linkage of shared relationships across the enterprise (e.g. customer residing in multiple businesses or services 40 20

30 Point #10: Sanctions Program Question: Are you able to monitor and assess AML risks through a single customer view? 41 Sanctions Program Significant gaps, oversights, and intention circumvention of global sanctions compliance has raised the bar for all financial institutions Clear focus on Sanctions compliance system integrity, performance, and management controls Increasing focus on third party sanction risks New methods and means in targeting sanctioned entities Evaluation and documented acceptance of any risks 42 21

31 Sanctions Programs How to Prepare for Your Next Exam Adherence to system/model risk management practices Strong knowledge as to how the screening system conduct the screenings and it s sensitivity to name variations Test, tune, and optimize sanctions screening tools to ensure they appropriately mitigate changes in exposure Clearly identify the type and quality of the data being screened, source of the data inputs, and understanding of the elements included in the lists. Clear audit trail to support evidence of sanctions screening (including third parties) and documentation to support clearing potential listed names 43 Questions and Answers If you are participating on the Web: Enter your Question in the Box Below and Press ENTER / SUBMIT. If you are participating by Phone: your Question to: aba@1source-intl.net 44 22

32 Thank you John Epperson, Principal Phone Gary Lindsey, Principal Phone In accordance with applicable professional standards, some firm services may not be available to attest clients. This material is for informational purposes only and should not be construed as financial or legal advice. Please seek guidance specific to your organization from qualified advisers in your jurisdiction Crowe Horwath LLP, an independent member of Crowe Horwath International crowehorwath.com/disclosure 45 23

33 Online Training for AML and Fraud Professionals Two new online certificates will provide in-depth training to individuals about the types of criminal behavior commonly used against banks and the applicable U.S. laws and regulations. Courses cover a comprehensive list of anti-money laundering and fraud topics, including: Program governance and oversight Customer onboarding, monitoring, detecting, responding Regulatory reporting requirements. Taken together, the two financial crimes online training programs will provide the eligibility requirements for certain candidates preparing for the Certified AML & Fraud Professional (CAFP) exam. They also provide more experienced candidates an opportunity to refresh their knowledge in preparation for the exam. All courses are accessible anytime, anyplace on desktops, laptops and most mobile devices! /FCOT