Enhance your AML audits to get more value from compliance

Gary W. Lindsey, Jacob M. Rivkin
7/26/2023
Enhance your AML audits to get more value from compliance

An AML internal audit can be something your organization has to do – and wants to do.

A Bank Secrecy Act (BSA) and anti-money laundering (AML) internal audit is an investment proposition: You get out of it what you put into it. Some financial services companies only want a check-the-box compliance audit and nothing more, and that’s what they receive.

But financial services companies that enhance their AML and sanctions independent testing with outside expertise and perspectives can realize business value and competitive advantages that extend far beyond baseline regulatory compliance.

Get the latest financial crime insights
Sign up to get news and insights delivered directly to your inbox.

A comprehensive AML audit can help you understand your risk ecosystem

A comprehensive AML audit can help you understand your risk ecosystem
Goals for AML testing should go beyond meeting requirements.

For most banks and many other financial services companies, AML and sanctions independent testing – which is essentially an internal audit of AML and sanctions compliance – is a nonnegotiable regulatory requirement. To get that requirement fulfilled, organizations need a qualified team that can provide experienced, knowledgeable resources with the understanding needed to execute on the requirement.

But just because a compliance process is required doesn’t mean meeting that requirement should be the only goal of that process. Take, for example, AML internal audits in which savvy financial services companies treat the requirement as a starting point. A comprehensive and probing AML internal audit can help organizations develop a fuller understanding of their entire risk ecosystem.

An organization’s risk ecosystem includes risks presented by:

  • Products
  • Services
  • Geographies
  • Customers
  • Outside stakeholders and third-party relationships (such as fintech partnerships)

So, it’s important for organizations to ask: Have we identified all the risks associated with these elements, and are we taking appropriate mitigation steps?

Part of the AML internal audit process should involve making sure any financial, reputation, and regulatory risks are accounted for and mitigated – whether they pose an immediate danger of regulatory enforcement action or not.

The AML internal audit process can result in continual organizational improvements

The AML internal audit process can result in continual organizational improvements
Is testing effective, efficient, and adding value?

Organizations must ask whether AML and sanctions independent testing is being performed and whether that testing is effective, efficient, and adding value. This evaluation process should also include exploring areas in which the organization could improve efficiency by either rethinking processes or deploying new tools and technology.

For example, has your organization considered how and where data analytics software, artificial intelligence, machine learning, and robotic process automation (RPA) might help your AML compliance program move faster and eliminate potential errors?

That’s not always an easy question to answer in a vacuum, which is why it’s critical to work with a team that can provide benchmarking based on peer groups, experience with peer organizations, and knowledge of the latest regulatory concerns and developments. Even if an organization’s internal audit groups have the resources and experience to conduct an AML audit, they might not be able to provide an outside perspective of what others in the field are doing, including how they are deploying new techniques and technology.

Peer comparisons and benchmarking initiatives should be comprehensive and ongoing. With a window into other organizations’ best practices, organizations can be confident that up-to-date controls are in place and compliance spending is being used to its fullest. And, if not, organizations can quickly identify inefficiencies and areas where resources could be better allocated.

AML leaders should lean on detailed reporting to show value

AML leaders should lean on detailed reporting to show value
A strong BSA/AML compliance program can build stakeholder and customer confidence.

Some financial services boards see compliance as a nonrevenue-generating function and slash compliance spending wherever possible. So, AML leaders must take a proactive approach when communicating the value of the compliance work being done.

That communication should begin with detailed board and management reporting that shows exactly where AML compliance spending and AML audits are helping the organization identify and mitigate risks that could affect the organization’s health and profitability.

AML program leaders and chief audit executives need to make clear the bottom-line benefits of a proactive AML compliance and risk management approach. Regulatory violations related to anti-money laundering can generate fines, penalties, and reputational harm and force the bank into a reactive, defensive position where growth and strategic options become very limited. Regulatory concerns over an organization’s AML compliance practices can halt a planned merger or acquisition.

In addition, a strong BSA/AML compliance program can build stakeholder and customer confidence, which is more critical than ever in the current environment. In light of recent high-profile bank failures and bank seizures, many organizations are refocusing on risk and compliance. Decision-makers are taking more seriously the consequences that might occur when innovation and growth strategies outpace the organization’s risk and compliance protocols.

An ongoing review of effective AML audit processes and controls can demonstrate the strength of the business to stakeholders and regulators alike. So, yes, organizations should check the boxes when it comes to AML – but they should do it effectively, efficiently, and thoughtfully to build confidence with stakeholders and demonstrate the strength of the compliance program to regulators.

Your organization can use the strength of AML compliance as a growth enabler and point of differentiation

Your organization can use the strength of AML compliance as a growth enabler and point of differentiation
Compliance can serve as a critical element for growth and profitability.

The push and pull between compliance and sales is a common dynamic in financial services companies. The business-line teams at banks and other financial services organizations want foremost (as they should) to go out and grow their business. However, business teams also need to understand that compliance can and should serve as a critical element of the organization’s strategy for sustainable growth and profitability.

Many smaller and midsized banks today see themselves as relatively low risk and straightforward in terms of their operations. But more and more, banks of all asset sizes rely on extensive fintech partnerships and other third-party vendor relationships that can dramatically increase their risk profile. As a result, more organizations than ever can benefit from a more expansive and thoughtful approach to AML and sanctions independent testing.

Organizations should consider viewing AML and sanctions testing and the AML audit process as a compliance exercise and an opportunity to:

  • Operate more efficiently, both through the refinement of processes and the application of data analytics tools, RPA, and other technologies
  • Receive timely feedback on controls and risk management processes
  • Get benchmarking and peer insights
  • Learn more about customers and their behaviors
  • Stay one step ahead of evolving regulatory expectations
  • Create efficient lines of communication between business and BSA/AML compliance teams that allow new products, services, and strategic initiatives to roll out more quickly and smoothly

As banks and other financial services companies grow and evolve, they need to continually ask: How can we expand our controls and the scope of our risk management activities to make sure the bank is positioned for stable, sustainable growth in the future?

With the right approach and mindset in place for AML independent testing, organizations can build stakeholder confidence and customer trust, save money and time, and channel valuable resources elsewhere in the organization.

Get in touch and let’s unlock the value in your compliance requirements

Staying compliant with AML and sanctions independent testing can require significant resources, so organizations should try to realize the greatest value from them.

Get in touch today, and let’s figure out how to generate more value from the compliance activities you’re already performing.

Contact us

Gary Lindsey - social
Gary W. Lindsey
Principal, Consulting
Image - Jacob Rivkin at Crowe.
Jacob M. Rivkin
Principal, Consulting