Information abounds. The internet, social media, and web 3.0 are full of content and it’s available with a few finger taps. Alongside the rise of consumer and media produced content, more and more governments are pushed to be transparent and increase access to electronic records, lists, regulatory actions, etc. While the increase in the quantity of data available is astounding, so is the propensity for mis and disinformation to creep into data streams and overwhelm accurate and legitimate sources.
This and other threats can make it challenging for Anti-Money Laundering (AML) compliance teams to identify facts within the data flow and plethora of results. Additionally, it’s even more difficult in high stakes situations when business priorities face off against compliance demands.
To be effective, compliance teams need to be able to turn down the noise in order to make sound risk management decisions related to critical aspects of the compliance program like Know Your Customer (KYC) reviews and investigations. Because this isn’t an easy thing to do and typically involves competing priorities — such as cost versus speed — we advise our clients to use a strategy grounded in sound analytic judgement to derive the best results.
This article focuses on three steps to effective due diligence in AML compliance. Below is the strategy based on years of experience conducting investigations, building teams, and advising global banks through complex, high-pressure situations with regulators.
1. Ask Better Questions
In AML due diligence and investigations work, there is no cut-and-dried, one-size-fits-all approach to interrogating data and transaction information. It is usually best to approach the tasks the way a journalist might dig out a story. The analyst can examine the prospective or existing customer documents, ask probative questions to verify sources of wealth and uncover pertinent history, review transaction activity (if available), examine associates from different vantage points, and scrutinize the purpose for the account. Technology is an important tool in this process; the speed with which automated solutions generate results and potential alerts is critical to maintaining an efficient compliance process. That said, while it’s true technology has increased the pace with which searches can be conducted, it hasn’t eliminated the need to ask high quality questions in order to identify risks, mitigate red flags, and make it work more effectively for you – the analyst and team.
2. Understand the Data Sources
Not all data is created equally nor is it of equal value to your analysis or processes. It’s critical when selecting due diligence and data platforms to ensure you know the data sources being used so you can have confidence in the reliability, accuracy, and integrity of the results that will inform compliance and risk management decision-making. This can entail asking questions to verify if the data platform provider purchases data from third-parties and resells it or if the provider relies on only primary sources or a combination of both. Knowing the vendor of your vendor (fourth-party risk) is just as important to your compliance operations especially when misinformation and disinformation are increasing alongside the amount of information available on the internet. It’s important to conduct due diligence on your data platform providers just as you would on prospective customers.
3. Train and Evolve Constantly
Prioritize efforts to train and educate your investigative teams to keep pace with rapid technological advancements, counteract cognitive bias (those pesky mental shortcuts we take), and challenge existing thought processes. Don’t neglect this pillar of your compliance program. Present team members with a diverse portfolio of options to select from, offer material and content delivered via different channels and methods, and solicit honest feedback upon completion.
a. Channels include in-person, online, and hybrid options; and each offers its own benefits depending on the nature and type of content.
b. Methods vary based on the channel. For example, in-person training can occur in short form (one-hour, to half-day, to full, or multi-day options). Online options include both live and self-paced and self-study variations. Each has its own pros and cons that need to be considered alongside the needs of the team members.
c. Distribute long form articles to promote deeper thinking on relevant topics. Encourage team members to be conscientious about the information they consume on a daily basis and share strategies to combat analysis fatigue.
d. It’s also worth considering informal learning options that are more practical (less expensive and low stakes) and conducive to the fast-paced nature of compliance options. These can include things like a post audit or program review discussion; or an in-house lunch-and-learn about a recent regulatory update or enforcement action.
e. Finally, solicit feedback at the end of the courses or opportunities. Knowing what works and what doesn’t is a key ingredient in the creation of a successful training program.
Informed risk management and compliance decisions are the strongest when grounded in analytic rigor and backed by facts. The best way to ensure teams have the best tools in place to derive the conclusions – apply the above strategy. Ask better questions of your data and information; evaluate and understand where your sources get their information; continue to learn and train and you’ll be setting your team up for success with AML compliance cases.
We would like to thank Anne Walton for providing insight and expertise that greatly assisted this research.
Anne Walton is a Senior Director providing Anti-Money Laundering services under J.S. Held’s Global Investigations Practice. Anne specializes in building and monitoring anti-money laundering (AML) and sanctions compliance programs. Her prior investigative and risk management experience involved evaluating financial crimes compliance (AML / BSA / OFAC) cyber and physical security policies and programs. Anne’s past clients include financial institutions in APAC, Europe, and the Middle East; Fortune 500 companies; Fintech; banks serving crypto firms; non-governmental organizations; and local, state, and federal government.
Her expertise also includes Know Your Customer (KYC) evaluations and file reviews and testing; due diligence investigations of entities and high-profile and high-net-worth individuals, physical security risk assessments of critical infrastructure, Department of Homeland Security (DHS) cybersecurity tabletop exercises, and training law enforcement and intelligence analysts via the DHS Advanced Analytic Technique Workshop.
Anne can be reached at [email protected] or +1 248 564 2301.
This article examines the risks to Fintechs and how to create an AML and sanctions program that complies with regulatory requirements....