Know Your Strategy: Assessing AML Compliance, Risk Appetite, and the Onboarding Lifecycle

For anti-money laundering (AML) authorities, the decade finished with a bang: more than $8 billion in AML fines were served in 2019, doubling the number handed out the year before.

You could see this jump as being both very good and very bad. Good, because it shows that regulators across the globe are on high alert when it comes to financial crime. Bad, because it proves that criminal enterprise is still widespread and going strong. In the U.K., which had the second-highest number of penalties in 2019, the amount of money laundered each year is equivalent to 4% of the country’s GDP.

Whether regulators are pushing you to or not, your company needs to establish clear anti-money laundering protocols. When you don’t, you put yourself and your customers at risk.

As we look ahead to the 2020s and beyond, you can bet that the businesses that will survive are the ones that prioritize compliance on an ongoing basis. But the good news is, implementing new processes and ensuring frictionless screening for your customers doesn’t need to be onerous. Here’s what you need to know in order to minimize risk and maximize reward.

1. Review your regulations

AML regulations have evolved with the times, and for compliance officers looking to stay aligned, an understanding of the major milestones can be a smart place to start. And while it can feel like there’s a lot to absorb, a solution like Cognito Watchlist covers all the screening bases for you.

Here are just some of the regulations we comply with.

• The U.S.’s Bank Secrecy Act (BSA). The starting point for many companies? Ensuring that cash transactions over $10,000 are actively reported and paper trails are maintained.

• The U.S.’s Patriot Act. Section 352 mandates that all financial institutions have robust compliance programs, including internal controls, AML compliance officers, independent audits, and ongoing training.

• The recommendations laid out by the international Financial Action Task Force (FATF).

• The requirements of the Office of Foreign Assets Control (OFAC). In the U.S., continuous monitoring of customers is now mandatory regardless of risk profile.

The changing regulatory landscape in the U.S. is mirrored in countries around the world. Many have their own independent AML systems, some of which go beyond the global standards outlined by the FATF. Companies conducting international business need to comply with regulations not only in their own jurisdiction, but anywhere they operate.

Ensuring you have systems in place to detect suspicious activity is essential, including customer identification capabilities that have been externally tested.

2. Determine your risk appetite

In spite of high regulatory standards worldwide, AML compliance is not one-size-fits-all. Different companies have different tolerances for risk, depending on how they operate, where they operate, and what they offer. Compliance officers should focus on identifying the levels of exposure a company is comfortable accepting when it comes to compliance. You can start by considering specific factors as they relate to your organization:

• The types of products and services your company provides
• The kinds of customers you serve
• The geographic location of your organization, as well as the locations in which it conducts business globally

All of these factors inform your company’s risk appetite. This measurement is often more difficult to quantify than other aspects of your overall risk tolerance, due to the need to balance customer privacy and fair treatment with strict regulatory compliance.

But remember: it’s never a good idea to skimp on compliance. As a general rule, your risk appetite should be sufficiently stricter than your country’s legal obligations; only then can you be confident that the rules you’ve set are acceptable in all jurisdictions.

3. Optimize the customer onboarding lifecycle

If you want to embed a higher degree of certainty and security into your compliance strategy, start with customer onboarding. This is one of the simplest stages to find any red flags, since you’re screening customers for the first time. Ineffective onboarding opens your company up to unacceptable risks — and spotting potential bad actors is far easier in the early stages, before they’re exploring and exploiting your systems from the inside.

Protect your business with Know Your Customer (KYC) processes by having the following systems in place:

• A Customer Identification Program (CIP) so you can correctly identify the customer.
• Customer Due Diligence (CDD) to verify the customer’s identity with valid information and documentation, and gauge the purpose of their transaction or request.
• Enhanced Due Diligence (EDD), which is key in suspicious or higher-risk situations where you need to obtain more information, especially if your customer has surfaced as a politically exposed person.
• Account opening procedures in which it’s standard to onboard high-profile clients in person.
• Regular review of account and transactions, with recurring checks.

4. Implement an AML compliance program

Thanks to digital technology, companies have all the data and documentation they need in order to properly identify and verify customers. The only problem is information overload: how do you ensure comprehensive reporting, record-keeping, and training when you’re managing thousands — or even millions — of customer accounts?

If you’re going to implement risk-based, global AML compliance programs that are effective, versatile, and cost-efficient, you’ll require automation. The good news is that solutions like Cognito Watchlist streamline and simplify the complexity of AML, making the manual aspects of assessment and reporting effortless.

• Watchlist compares the customers you’re onboarding against extensive, regulated databases from around the world, making it far more likely that any AML-related conflicts or issues will be surfaced early on in the process.
• By leveraging data normalization technology and powerful search algorithms, Watchlist also uncovers more potential matches for your customers and helps you understand the quality and likelihood of each one, while also taking day-to-day edge cases into account.
• Watchlist re-scans your users on a regular basis to automatically uncover any changes in their status, and non-intrusively screens hundreds of millions of accounts each month.

Streamline your AML processes with the right partner

While AML policies are necessary and mandatory, they can be expensive, with some of the major banks paying hundreds of millions — or even billions — of dollars to enforce them every year. And the nebulous nature of criminal enterprise makes it difficult to prove that these huge expenditures are actually helping to fight and prevent money laundering.

That’s why finding a technology partner that knows the AML space is critical: automation allows you to cut the costs of compliance so you can reinvest those funds in your people, products, and services. Even better, it improves the accuracy of your onboarding and re-screening processes so you can have more confidence in your risk-management efforts — and your customers can have a more seamless experience.

Cognito’s watchlist product is designed to keep your company AML compliant. Contact us to learn more.