How to Avoid Common AML Missteps
Money launderers are hard to detect — and their methods evolve over time. It’s easy for companies to think they’ve done enough to squash criminal activity, when in reality there are cracks in their systems that can be exploited. And regulators are keeping track: in recent years, penalties for Anti-Money Laundering (AML) non-compliance have reached all-time highs.
So what are some recurring errors and mistakes organizations make in their AML efforts? We’ve identified seven common AML oversights your company should be aware of.
1. See the whole picture
In today’s globalized world, there’s a good chance that your customer base and supply chains span numerous jurisdictions. But what counts as compliance in one region isn’t necessarily good enough elsewhere. Inconsistent standards — whether in customer screening and identification, account monitoring, or due diligence — puts companies at risk.
To offset these inconsistencies, err on the side of over-compliance. An investigative report from KYC360º points out that common management oversights include: a lack of clearly-defined roles and responsibilities, a deficit of communication, and infrequent audits of overseas branches and affiliates. Aim to do the opposite. It’s up to organizations to think big in their AML approach while also taking care of the small details.
2. Don’t get distracted by dollar signs
Some organizations are willing to take risks if they see the potential for profit, even when it comes to something as serious as AML — they ignore warning signs or fail to review high-risk transactions. Meanwhile, AML compliance officers are seen as unnecessary and relegated to minor roles.
If caught in non-compliance, the regulatory fines will be the least of your worries. The reputational damage of ignoring criminal activity is steep, and it’s always better to be safe than sorry.
3. Avoid false positives
On the other side of the AML spectrum are organizations that overreport and review abnormal activity that isn’t, in the end, abnormal. This results in huge costs, and frustrates regulators who are stuck processing countless unfounded suspicious activity reports.
Part of the problem is that conventional transaction monitoring systems (TMSs) often follow formulaic, action-based rules to detect anomalous behaviors. Sophisticated criminals know how to skirt them, so over 95% of flagged activities are “false positives”. These cost financial institutions billions of dollars per year in pointless investigations — and while their resources are tied up in chasing dead ends, real criminals can strike.
Rather than being static and predictable like a TMS, a solution like Cognito is dynamic, drawing data from multiple official sources and comparing it in real time to form a more complete view of the customer. In its survey of the banking industry, McKinsey found that half the transactions that were flagged wouldn’t have needed to be investigated if data points could have been connected across the bank’s own divisions.
4. Define identity across departments
“Customer identity” may mean different things to different departments. The “single customer view” that marketers utilize in their work isn’t necessarily the same as the one understood by IT admins — and neither will help you ensure AML compliance.
As your company implements systems for identity authentication and verification, have a conversation with IT leads to make sure your processes are also aligned with proper KYC and AML policies.
5. Empower employees
Companies agree that training is a central pillar of AML, but it poses distinct challenges. The material taught is often too abstract and inaccessible for new learners, and it's difficult to see how theory applies in practice. When it comes to raising team members’ awareness of AML policies, protocols, and procedures, real-life case studies and hands-on learning is every bit as essential as classroom-based training.
6. Identify PEPs early
Some companies aren’t proactive in flagging politically exposed persons (PEPs), either as a result of perceived complexity or because they bring in lots of business. Do your due diligence, and implement systems that help you trace the source of your PEPs’ finances and raise a red flag when transactions don’t fit their profile.
Cognito Watchlist is designed to identify PEPs, automatically re-scanning all customers on a regular basis to catch changes in their status. Even clients that have a longstanding relationship with you can raise their risk profile over time, which is why we’re adding a new feature to Watchlist — automated re-scans.
7. Change with the times
Aggregating customer information can be difficult. McKinsey cites low-quality data, nonstandard data structures, and fragmented sources as common barriers, and many organizations still rely on manual AML activities, like making thousands of monthly calls to customers to keep KYC documents current.
All these manual processes and fragmented data points mean that compliance investigations depend too much on “stare and compare”, instead of taking action. In the U.S., companies spent $25.3 billion managing money laundering risk in 2018, when unifying scattered customer identity information with a solution like Cognito could have saved time and resources.
AML will always involve a multi-stage, collaborative plan of attack, but the right software solution can advance your company’s compliance by leaps and bounds. Cognito can keep you from making common security mistakes.
Our watchlist product takes the stress out of AML compliance so you can focus on your business. Contact us to learn more.