AML compliance checklist: best practices for due diligence
A robust Anti-Money Laundering (AML) compliance programme is essential to ensuring business resiliency.
Everyone in your organisation should be on board with the compliance programme, but what that programme looks like can be more contentious. Know Your Customer (KYC) processes are renowned for slowing down customer onboarding, and monitoring customer activity requires a lot of heavy lifting. While the largest banks have staffed up compliance teams to include thousands of analysts to cope with this workload, scale up and mid-tier financial services providers don’t have this luxury. As a result, the manual process of sifting through disparate data sources to get the information they need to identify potential money-launderers in their customer base can result in slow onboarding, delayed customer transactions and inadequate regulatory reporting.
Regulation, including the EU’s Fourth Money Laundering Directive and the US Bank Secrecy Act, require a risk-based approach to compliance. This ambiguity can make it difficult for regulated firms to understand exactly what their internal compliance policies should cover and how to develop and implement a robust AML compliance programme.
There are commonalities in the most successful AML compliance programmes however, which we explore further in this blog.
AML compliance checklist
Since different jurisdictions have different regulations, we’ll take a top-level view that can be applied anywhere. For more in-depth guidance, we strongly recommend you look at resources supplied by the regulatory bodies where you do business.
do you have a written AML compliance policy?
Your policy should be recorded and accessible to your senior management, board, staff and regulators. This document forms the backbone of your programme. As a minimum, it should outline the following:
- which regulations you are complying with
- your KYC and identification policies
- what reporting you’ll create to monitor compliance
- what constitutes suspicious activity
- your internal auditing procedure and frequency
- who is responsible for your compliance programme
The policy needs to be carefully aligned with legal requirements. It should outline the what, who and how of your compliance program.
who is responsible for your AML compliance program?
AML policies need business-wide buy-in. You’ll need someone at the top of the chain who will make sure that:
- your policies are being followed consistently
- your processes are aligned with the programme
- your customer files are always accurate, complete and up to date
- your training is comprehensive and staff are up to speed.
The risks around AML compliance programmes are significant. The steering required means most banks choose a senior-level chief compliance officer or director. This role should be someone who has top-down influence on all stakeholders so that the programme is in safe, consistent hands from implementation to review.
are your tools and processes up to the job?
Whether you are upgrading an existing programme or starting from scratch, now is a good time to review your onboarding and monitoring processes. What works well? How long does it take to onboard a new customer today? How much does it cost? Can you reduce onboarding times and/or costs by adjusting your processes? Are you taking full advantage of new technologies?
If your AML compliance programme has been in place for a while it’s likely that you rely heavily on manual processes. New technologies, such as intelligent process automation and artificial intelligence, are playing an increasingly important role in compliance and offers significant benefits in terms of both cost and time-savings. You should investigate how this technology could be integrated into your existing tools and processes.This is the perfect time to take stock of the systems you have in place and look for new solutions where your current people and technology have blind spots and inefficiencies.
are the right people properly trained in best practices?
Anyone who deals with your customers and transactions needs to be trained. The training can take many forms but the more hands-on, the better.
Your team needs to understand:
- your jurisdiction-specific AML legal requirements
- common techniques used by money launderers
- what checks they should make during onboarding and transactions
- how to report suspicious activities
Consider running workshops, creating video tutorials and tests to get everyone up to speed. Back up the interactive training with easy access to your policy documents and compliance officer. If you have a knowledge management system or intranet, use it to help your staff look up frequently asked questions and other resources.
Keep training up-to-date with policy changes and new technology implementations. Make sure you have the tools for new people to quickly get up to speed with your existing team.
do you have regular AML compliance reviews?
If you’ve been running your compliance programme for some time, you might feel like your work is done. But compliance is not a once and done activity and your programme needs to evolve in line with your risk profile and relevant regulation. Finding out there’s a misstep in your program the hard way carries hefty penalties. You should have regular internal audits to make sure that your records, reports and processes are on point.
Ideally, you should also have an independent auditor on an annual basis. If that’s not an option, consider someone from within your bank that does not have responsibility for AML compliance to ensure you’re getting an unbiased view.
Automating your AML processes can ensure all steps are carried out consistently, with less room for error. The right technology can free up valuable time, onboarding new customers more efficiently and cost-effectively. To learn more about how technology can improve your AML compliance program, download our white paper: Transforming Know Your Customer Operations.
transforming know your customer operations
This whitepaper investigates the process of Know Your Customer (KYC) onboarding to suggest that identifying activities that are candidates for automation offers a way forward for regulated firms looking to improve outcomes for all involved in KYC processing.
Encompass’ intelligent process automation conducts live document and data collection, analysis and integration from public and premium sources to bring transparency to complex corporate structures and ultimate beneficial ownership, delivering the most accurate and complete KYC on demand.