At the ACAMS Annual AML & Financial Crime Conference in early October, there were a number of informative sessions with great takeaways for anyone in the BSA/AML industry. One session, in particular, a regulatory roundtable represented by FinCEN, OCC, FDIC, OCIE and FRS, was rich with AML hot topics that the supervising institutions are seeing while examining financial institutions.
Here are some of the key takeaways of exam findings to consider at your own financial institution:
1) Risk Assessments
- They are not robust enough and need a deeper dive into all aspects of institutional risk.
- They are not supported by transactional data. Remember, it’s not fact unless you can prove it with data.
- They are not current, especially upon a merger or acquisition.
- Institutions are not coming to the conclusion for the true risk of the institution. Are you too close?
2) Suspicious Activity Monitoring
- Institutions are not staffing sufficiently, resulting in alerts not worked in a timely manner. As they noted, 30 days is too long before sending alert to case.
- Adjusting your AML system parameters to meet the number of alerts current staff can work is not acceptable. You need to appropriately staff for the number of alerts you receive.
- Institutions provide insufficient documentation on why an alert or case was cleared as not suspicious.
- Your AML system is not optimized; too many false alerts or too few alerts suggests possible undetected suspicious activity.
- Insufficient risk scoring of higher risk countries
- Executive management is often found not “walking the walk.”
- The tone in the middle must be compliance supportive, not only from executive management but for all lines of business
- The BSA Officer does not have independent, proper decision-making authority.