3 keys to a stronger AML compliance program

Many AML compliance programs only perform an AML and sanctions risk assessment on an annual basis. But by integrating a more continual approach to risk assessments, organizations can better identify emerging or evolving AML risks earlier and more often.

A shift toward continual risk assessments often begins with an increased cadence – maybe semiannual or quarterly instead of once per year. And along with a faster cadence of risk assessments, organizations should identify triggering events that require an AML risk assessment in response, such as:

• A new business model or strategic partnership
• A new product offering
• Expansion into a new geographic area
• A change in relevant regulations

As an example, consider a scenario in which your organization wants to launch a new product. But what if its existing AML compliance technology doesn’t have the right capabilities to manage the increased AML risks that arise from that product? Not having the right technology in place might lead to delaying a new product launch to avoid unacceptable AML risk or regulatory fines.

In this situation, a nimble enterprise risk assessment process could help:

• Identify weaknesses in the control environment and the resulting increase in residual risk, which could exceed the organization’s risk tolerance
• Enable faster, real-time reporting to determine if the additional risk is reasonable
• Shape interim or secondary transaction monitoring controls that can manage residual risk while the organization works to identify a longer-term solution

Most organizations outgrow the capabilities of their AML technology at some point, whether through a merger, acquisition, or steady growth. Some signs that it might be time for new technology include:

• A high percentage of alerts closed with no follow-up actions and no suspicious activity detected
• A lack of success in reducing false positives through tuning and optimization
• A new product, partnership, or strategic initiative that current AML technology doesn’t accommodate

Purchasing new AML technology represents a major investment that could reduce expenses in many ways. The right tool could improve the efficiency of the AML program, reduce the cost of outsourced review services, and deliver powerful new capabilities, such as the ability to automatically hibernate alerts that are unlikely to represent suspicious activity.

To settle on a right-sized tool with appropriate capabilities, compliance teams need to understand the organization’s growth strategy and long-term priorities. For example, if part of the bank’s strategy involves building more relationships with fintechs, then the organization needs AML technology capabilities, such as strong customer risk ratings, to manage the differences between their own AML approach and that of a fintech partner.

With a technology-supported AML compliance program that efficiently uses resources, organizations can increase stakeholder confidence in the program, streamline compliance, and devote more resources to strategic initiatives that support the bottom line.