Last month the US Office of the Comptroller of Currency released its 2019 Semiannual Risk Perspective report. While the report is bullish on the strength of the US economy and the banking sector as a whole is buoyant, the associated risks give cause for concern. Of particular concern are operational risks arising from persistent cybersecurity threats and compliance risk from Bank Secrecy Act/anti-money laundering (BSA/AML).
This article concerns itself with a summary of the report’s BSA/AML findings and recommendations.
Banks globally are challenged to effectively manage money-laundering risks in a complex, dynamic, global operating and regulatory environment.
According to the report, BSA/AML compliance risk management systems should be commensurate with the risk associated with a bank’s products, services, customers, and geographic footprint.
The insight around BSA/AML challenges is, that one-size-fits-all, rules-based-solutions from traditional BSA/AML vendors, neither provide the flexibility nor the insight into individual behavior to quickly identify and file suspicious activity reports (SAR’s), without first having to sort through mountains of false-positive alerts. This lack of insight and flexibility has driven a ten-fold increase in the average size of a BSA/AML compliance team over the past 5 years.
While overall trends have been positive, the BSA/AML-related deficiencies identified by the OCC stem from three primary causes:
Inadequate customer due diligence and enhanced due diligence,
Insufficient customer risk identification, and,
Ineffective processes related to suspicious activity monitoring and reporting, including the timeliness and accuracy of Suspicious Activity Report filings.
Talent acquisition and staff retention to manage BSA/AML compliance programs and associated operations present ongoing challenges, particularly at smaller regional and community banks.
Related strategic risks called-out in the report that impact BSA/AML compliance, include rapid industry changes, poor business decisions, imprudent or incomplete change management plans, pressure to reduce expenses and control costs, the burden of some legacy technology systems, resource limitations, and need for scale of operations.
Positive Changes in the Federal Banking Landscape
In the past few years, there has been a trend toward investing in and leveraging technology that is more efficient, reduces costs, and increases speed to market.
Examples include cloud computing, credit partnerships, and mobile banking applications, each of which has been implemented across the industry, regardless of bank size.
Larger organizations are also investing, or considering investing in, artificial intelligence (AI) to automate, augment, or replicate information-gathering or human decision-making processes.
Operational Efficiency Remains a Challenge for Small Banks
Many community and midsize banks rely on older core-processing systems, whether outsourced or in-house. Cloud-based solutions are more prevalent now and are offering efficiency and agility to address legacy systems, which include core processing and other applications. Cloud- based solutions may provide more efficient integration with other systems and the ability to implement new and innovative technologies.
Problems with Legacy Systems
The transition from legacy systems, however, can be complex and expensive. Community and midsize banks’ movement to cloud-based solutions has been slow and calculated, focusing on less critical systems and applications. This reticence stems from the significant investment (time and money) required to change core systems, limited choices of core system providers, and management’s reluctance to move critical activities to unproven solutions.
A Slow-adopter Strategy is Risky
A slow-adopter strategy adds risk because the speed of change, combined with the lengthy process to evaluate and implement newer technology solutions, can result in loss of customers or market share before the bank can respond.
Technology Challenges for BSA/AML/OFAC
Compliance risk related to BSA/AML remains high. Complex, dynamic money laundering, terrorist financing, and other criminal activities challenge banks in complying with BSA/AML requirements.
Bank management should periodically reassess and, when necessary, adjust BSA/AML compliance risk management systems commensurate with the risk associated with their products, services, customers, and geographic footprint.
Illicit transaction activity is no longer just associated with traditional financial products and services. Virtual currency and crypto assets present novel vulnerabilities that criminals can exploit as well.
The OCC has identified improvements in banks’ BSA/AML risk management systems, including risk assessments, policies and procedures, and associated controls. The identified improvements are generally commensurate with changes in risk profiles associated with growth (organic and through mergers and acquisitions), the introduction of new products and services, substantial changes in customer volume or types, and significant increases in transaction volume.
Increasing Scrutiny of Sanctions Lists
The OCC expects banks to monitor changes to regulatory requirements and to implement system or process changes, as appropriate, to comply with those requirements.
One such change is the Financial Crimes Enforcement Network’s final rule on “Customer Due Diligence Requirements for Financial Institutions” implemented in May 2018. Necessary updates to training, quality assurance, independent testing, and controls are expected to be in place during the FY 2019 examination cycle.
The OCC reviews banks’ systems for managing risks related to complying with U.S. economic and trade sanctions programs administered and enforced by the Office of Foreign Assets Control (OFAC).
The complexity of the requirements underlying these programs poses challenges for some banks. It is important for banks to maintain effective policies and procedures for screening against OFAC’s Specially Designated Nationals and Blocked Persons List and other sanctions lists.
Bank management should have processes for diligently reviewing and monitoring for the comprehensive prohibitions under sectoral and geographic, as well as list-based, sanctions programs to effectively manage associated compliance and operational risks.
Money laundering is a $4Tn problem that adversely affects nearly every individual on earth and every enterprise engaged in the delivery of financial and payment services.
While regulators increase scrutiny, banks struggle to stay compliant with outdated legacy technology and rigid, people-intensive process.
What bankers' need is an agile compliance system that uses big-data, cognitive analytics, machine-learning, predictive analytics and other advances to solve this problem and reduce operational risk. In so doing, drastically reducing people-related compliance costs, legacy-drag and identifying bad actors, who today, are undetected.
We provide a SaaS-based AML solution which we call Lucre, to solve this problem.