How does one measure value when value is different for everyone? Look at the non-fungible token, the digital work of art that sold for $69.3 million at Christie’s,¹ or the Beanie Babies craze of the 1990s. This applies to anti-money laundering (AML) programs as well. For example, the Office of the Comptroller of the Currency (OCC) has conducted horizontal peer financial institution (FI) examinations covering topics such as AML training and risk assessments. The OCC will provide a report to each FI included in the examination that includes leading and lagging practices, offering unique insight into what other FIs find valuable and allowing them to deploy these ideas and strengthen their own AML programs.

Keeping the OCC’s approach in mind, what constitutes value to an AML program cannot come from the perspective of one individual. In the spirit of collaboration, transparency, innovation and risk-based approaches—now codified in The Anti-Money Laundering Act of 2020 (AMLA)²—a number of forward-thinking AML professionals in different industries and FI asset sizes (most less than $50 billion) provided insights into three areas that have brought the most foundational value to their AML programs: AML risk assessment, staffing and training. These value-added practices can help FIs get ahead of the AMLA and the Financial Crimes Enforcement Network’s (FinCEN) advanced notice of proposed rulemaking (ANPRM) on AML program effectiveness, regulations, aid law enforcement and pave the path away from more technical “check-the-box” processes.

AML Risk Assessment

The AML risk assessment is the first step in building a valuable AML program and is one of the more complicated and time-consuming program activities. The risk assessment methodology is approached in a vastly different manner at each FI. No matter if the risk assessment is 300 pages or 50, the question boils down to whether the risk assessment guides the FI in building an effective and efficient AML program. One would expect with so much time and effort put into risk assessment that it would provide valuable results. However, many AML professionals have agreed that it feels more like a “check-the-box” exercise, resulting in a document with too much “filler” content that distracts from the intent, further reducing its value. In addition, in many cases, the risk assessment gets stored away until requested by auditors or examiners. If either situation exists, take it as a professional red flag and revamp the risk assessment into a process that produces value.

The AML risk assessment is the first step in building a valuable AML program and is one of the more complicated and time-consuming program activities

FinCEN’s ANPRM would require an FI’s risk assessment methodology to include the identification and analysis of money laundering, terrorist financing and other illicit financial activity risks and to consider the AML and counter-terrorist financing (CTF) strategic priorities issued by FinCEN. Furthermore, the AMLA promotes taking a risk-based approach that focuses on higher-risk customers and activities. FIs should take this as an opportunity to reassess their risk assessment methodology to focus on their FI’s risk priorities and FinCEN’s anti-money laundering/counter-terrorist financing (AML/CTF) strategic priorities.

Some FIs have already developed or are moving toward such a methodology. One FI’s primary risk assessment document focuses on the highest-risk customers, products as well as services and geographies. For areas that are lower risk, a separate document is maintained for coverage. Another FI recently kicked off a target operating model gap assessment to prepare for the transition from the current “book report” risk assessment approach into an analytical model. Both approaches leverage the “National Strategy for Combating Terrorist and Other Illicit Financing,”³ among other documents, to inform their risk assessment. These FIs feel as though their approach will meet and go beyond the new AML regulatory mandates and support alignment with AML/CTF strategic priorities. This approach is sound, particularly in light of a comment from FinCEN’s Director of Regulatory Policy, Barry Emmert, “I don’t think there’ll be any surprises as these priorities are going to be consistent with Treasury’s ‘National Illicit Finance Strategy’ as required by Congress.”⁴

Targeted and adaptable methodologies allow an FI to move away from an annual risk assessment exercise that is already out of date when the work begins. It also supports the AML program in being nimble when responding to new or evolving risks. One example is an AML risk assessment focused on human trafficking that depicts a clear understanding of the human trafficking risks specific to the FI. Instead of building broad human trafficking controls and monitoring scenarios, the FI is more risk-based, efficient and responsive. Another example is to update the risk assessment regularly as new risks emerge or if there is a new product/service offering. Updating the risk assessment immediately will ensure it is always up to date and the AML program can evolve and adjust as needed.

Finally, including the business units into the risk assessment process upholds accountability and provides the line of business (LOB) an opportunity to address risks specific to business operations. Holding touchpoints with the LOBs provides much needed support during the data collection and information gathering process. In addition, it will ensure details in the risk assessment are accurate, and the LOB can effectively challenge findings and readily act against those findings. Finally, hold individual close-out meetings with all appropriate staff and senior management to discuss the final risk assessment findings and action plans.

Staffing

Hiring within the AML field has seen an exponential growth in the past 10 years due in large part to inefficient monitoring technology as well as regulatory actions and expectations. This growth, and the pressure AML programs have been under, have made it difficult to place, train and provide a meaningful growth path for these hires. However, there are some successful methods that have been deployed to counteract these concerns.

When hiring new employees, placing significant weight on the individual’s thought process over experience can be fruitful. How an individual thinks can determine how they approach a topic—is it a puzzle to solve or a problem to fix? Finally, an individual should be teachable, willing to pursue learning and should challenge the status quo.

Consider moving to a staffing model that promotes collaboration. For example, many AML programs maintain separate AML investigation and enhanced due diligence (EDD) teams even though there is a lot of overlap in the work performed. One FI completed an overlap assessment that resulted in merging the teams to focus on all risks and typologies. The FI is also actively working on finding collaboration opportunities between the AML, economic sanctions and fraud teams to create a rapid response team that can focus on significant investigations. Both approaches have allowed employees broader careers paths and more challenging work.

Develop agile investigation teams well-versed on specific predicate crimes, AML/CTF national priorities and specific crimes within the FI’s footprint. Agile investigation teams should be responsive enough to handle any investigation, capable of supporting when a surge in alerts or EDD reviews occur and proactively seek out risks. More importantly, it can be a hindrance to place an employee in a role and leave them there. There can be a lot of value gained in exposing employees to other functions. Building a rotation schedule that allows employees to work on each team can bring new challenges, provide a fresh set of eyes on customer activity and identify process efficacies.

At one FI, an investigator had an interest in AML governance and risk assessments. As part of the rotation program, the investigator was able to assist with a project and as a result of the work product, was moved onto the team full time. In another instance, an investigator had interest in analytics and tuning but did not have a background in data science. The investigator developed a proposal on how they could support rule tuning from a non-data perspective by providing insights into why suspicious activity reports were being filed. After implementing the idea, the employee proved to be invaluable to the team and a new role was created. Thus, effectively prioritizing engagement can reduce the risk of burnout and promote cross-training.

AML programs should develop dedicated roles for tasks such as:

1. Keeping tabs on what is happening in the industry and the regulatory landscape
2. A point of contact for exams, audits and other reviews
3. A primary liaison with law enforcement and other FIs
4. Quality assurance/control testing
5. Data analysts
6. Trainer

Finally, take the time to think through the big picture the AML program needs. When it comes to hiring, the default is to backfill a position, but is that adding value to the AML program? Where does the risk assessment guide the AML program, what are the merging risks? Staffing models are developing into more innovative structures that allow for agility within roles or the creation of new roles that can ultimately contribute to efficiencies. The AMLA promotes innovation, so embrace the opportunity to incorporate an innovative staffing model. If hiring is not plausible, seek out individuals within the organization that can contribute to efficiencies (e.g., a project manager or business developer) and build out investigative tools or automate data collection.

Training

After assessing needs through the risk assessment and putting the right staff in place, training needs to happen to make it all come together. While AML training opportunities have come a long way from basic online courses, effective and appropriate AML training is not easy. For example, AML conferences, where training is plentiful, are typically attended by senior AML managers. Hardly do junior staff or non-AML department employees attend and if they do, it is likely the one opportunity they will have, effectively cutting key staff off from these great training opportunities. While this happens for several reasons including cost, which could be hard to overcome, there are equitable training opportunities FIs can adopt.

One approach in building AML training curriculum for new hires is to require the employee to build a solid AML foundation of knowledge before they can advance. Rather than just being an “expert” at a specific job function, employees should understand the bigger picture and how their job function ties in. New hires should cross-train with other AML roles in order to understand and respect other AML department functions. One cross-training success involves the AML and the economic sanctions teams learning and working together about the function each team plays. This could include having the teams collaborate on case investigations that involve AML and economic sanctions risk. Cross-training can also provide a solution to closing a gap identified in the risk assessment.

Build highly customized and interactive training courses with real life examples that will have employees engaged. Explain why AML is important and how the “why” directly pertains to their role and business operations. Feedback from employees at one FI that took this approach has been extremely positive. The FI also regularly updates the training with new schemes or regulatory guidance/updates, preventing employees from taking a course with stale information.

Going one step beyond industry certifications, one FI developed an internal AML certification that focuses on the FI’s customers, products and services, geographic footprint, controls and risks. Employees can receive three certifications, each with an increasing level of difficulty and time commitment. Successful completion of each comes with incentives (e.g., vacation days, pay increase). Employees walk away with a deep understanding of the risks faced by the FI.

A cost-saving approach to industry conferences is to create an internal AML conference that focuses on the FI’s specific risks as well as industry-related risk and practices. Invite staff from the AML department and the LOB as speakers and/or attendees. External speakers from local law enforcement, anti-human trafficking organizations, etc., can provide great value and interest. One FI even included a mock investigation, challenging teams to find the most red flags in the shortest amount of time.

Develop a training program that provides all AML employees various external training opportunities including earning industry certifications. For example, junior investigators are required to attend at least four webinars and one conference/seminar per year. Senior investigators are required to attend four webinars, two conferences/seminars, one peer group meeting and attain a certification within 24 months.

Training AML staff should not be limited to the latest AML/CTF typologies. If an FI wants longevity from employees, expanding their engagement beyond the walls of the AML program can pay dividends. Offer collaboration with other LOBs on projects or day-to-day functions. For example, an FI partnered with the compliance department to perform testing for 10 to 30 hours a year. This has driven positive engagement on all fronts by providing AML staff new experiences and understanding of the organization while supporting an LOB that is short on resources. Another FI built a rotational AML program where AML and non-AML staff change positions to learn more about each other’s roles (i.e., Walk-A-Mile).

Finally, do not forget leadership development. Focusing on communication to build confidence and better communicate with LOB staff on information requests or sit on organizational projects with senior leaders can go a long way. It demonstrates the FI’s commitment and investment in employees and builds on employee engagement. An engaged employee can add tremendous value to the AML program.

Value for Law Enforcement

With the passage of the AMLA and FinCEN’s ANPRM, collaboration, transparency and information sharing between the private and public sectors should see a big boost. The first positive impact is the issuance of the AML/CTF strategic priorities. As such, the three foundational aspects of an AML program will be critical for FIs in adopting and executing an innovative, risk-based AML program that targets the AML/CTF strategic priorities faced by their FI and ultimately provides law enforcement with information that has a “high degree of usefulness.” These efforts should also lead to state and local law enforcement agencies (e.g., regional FBI, Post Master Inspector General, IRS-Criminal Investigation) fostering stronger and open relationships. This allows for an opportunity to better understand what region-specific typologies are a focus, assess if the AML program has a means to detect or control the associated risk, and get the right information into the hands of law enforcement.

A lot of good will come out of the AMLA and FinCEN’s ANPRM, however, it is up to the FIs and law enforcement to execute on these opportunities. Building a strong foundation will help in achieving that goal.

Conclusion

The ideas shared by these forward-thinking AML professionals are by no means exhaustive. The intent of this information is to lay the foundational framework by performing a needs assessment through the risk assessment, hiring and placing the right staff, as well as providing the proper initial and ongoing training. These three elements will feed into the rest of an FI’s AML program, allowing for the movement toward a more effective, risk-based AML program. Finally, no matter where an FI is at in the maturity of their AML program development, taking a step back to truly assess these three areas, and where improvements can bring value to the AML program, should be a continuous effort.

Part two will focus on how to bring value to an AML program from a technology, data and process perspective.

Chris Bagnall, CAMS-FCI, CFE, Sojourn Technologies, Bagnall@sojourn-technologies.com

Jamie Thomas, CAMS-FCI, Fulton Bank, jthomas@fultonbank.com

1. “Now That Christie’s Has Sold An NFT For $69.3 Million, The Time Has Come For Artists To Make NFTs Meaningful,” Forbes, March 16, 2021, https://www.forbes.com/sites/jonathonkeats/2021/03/16/now-that-christies-has-sold-an-nft-for-693-million-the-time-has-come-for-artists-to-make-nfts-meaningful/?sh=7c4b3b473f70
2. “H.R. 6395 (116th): National Defense Authorization Act for Fiscal Year 2021,” U.S. Government Publishing Office, December 2020, https://docs.house.gov/billsthisweek/20201207/CRPT-116hrpt617.pdf. Stakeholders include, but are not limited to, federal functional regulators, law enforcement authorities, financial institutions, technology experts, intelligence community, etc.
3. “National Strategy for Combating Terrorist and Other Illicit Financing,” U.S. Department of the Treasury, 2020, https://home.treasury.gov/system/files/136/National-Strategy-to-Counter-Illicit-Financev2.pdf
4. Valentina Pasquali, “FinCEN Anticipates Busy Regulatory Year,” ACAMS Moneylaundering.com, April 13, 2021, https://www.moneylaundering.com/news/fincen-anticipates-busy-regulatory-year/