Hue Dang: Revamping ACAMS Risk Assessment

Hue Dang: Revamping ACAMS Risk Assessment™

Hue Dang, CAMS-Audit, global head of New Ventures and the senior Asia Pacific (APAC) leader for ACAMS, took time to talk with ACAMS Today to discuss the association’s latest efforts in risk assessments in anti-money laundering (AML)/sanctions/suspicious activities. With New Ventures, Dang is the association’s lead for incubating new anti-financial crime (AFC) services by creating new, market distinctive offerings—leveraging off ACAMS’s unique position as an industry-standing body—that add to the ACAMS ecosystem of AFC solutions. Risk Assessment (RA) reflects her work to expand ACAMS’ reach beyond training/education and community-building efforts. She spearheads the effort to promote ACAMS’ next standardization endeavor with a consensus-built AML risk assessment methodology to address the fundamental question of demonstrating effectiveness and risk appetite while enabling both the industry and the regulator to do comparative analyses across their respective areas of responsibility/jurisdiction. Her focus is to develop and provide solutions to assist regulated entities in meeting their AFC regulatory obligations with solutions to lessen risk with a systematic approach. She also assists regulators in meeting their expanding supervisory responsibilities as more sectors are incorporated into AML regimes to meet global standards set by the Financial Action Task Force (FATF). After joining ACAMS in 2008, Dang established ACAMS’ APAC office as head of APAC and launched its business in the region. In her 12 years in that role, she encouraged the development of the AFC community by building relationships with key stakeholders, including regulators, law enforcement, financial institutions (FIs), and industry associations and working groups. Dang has led numerous AML training programs throughout Asia and is a frequent speaker in APAC, the U.S. and Europe.

ACAMS Today (AT): What does a typical workday look like for you?

Hue Dang (HD): My global role means that the typical workday is driven by the start of working hours of the three regions—APAC, EMEA (Europe, Middle East and Africa) and the Americas—and thus typically only ends at around midnight. I typically start the day with a quick review of the latest regulatory and industry developments in the AFC space, especially with a focus on recent enforcement actions and any discussions on AFC program effectiveness, which in turn is the focus of my role as global head of New Ventures currently addressing the issue of demonstrating AFC program effectiveness through the money laundering RA process. I have at least two to three meetings with key stakeholders, whether from the regulatory or industry sectors to emphasize ACAMS’ mission to assist regulated entities and regulators in meeting their AFC obligations through standardization in training/education—and, more recently, in the AML/sanctions/suspicious activities RAs.

I also work closely with the RA business development team of four that covers the three regions—one based in Singapore, another in the U.K. and a team of two based in the U.S.—and join in on client meetings where discussions focus on how ACAMS can assist in addressing some of the client’s pain points. And my day is not complete without touching base with the product/technology team leader, Tanya Montoya, to discuss developments from her team, especially listening to feedback from our current ACAMS Risk Assessment™ (ARA) customers, which contributes to our continual enhancements of the tool.

I am reminded to close the computer for the day when the daily alarm on my phone goes off at midnight.

AT: How has the area of RA changed during the last 15 years you have been with ACAMS?

HD: AML RAs were not a part of AML compliance programs in many countries/jurisdictions 15 years ago, and if such AML RAs were conducted, they were completed in a perfunctory manner—as a check-the-box exercise—and not utilizing the RA process to measure, understand and explain the institution’s money laundering vulnerabilities as it was intended. Most regulated entities simply built the AML compliance program without necessarily understanding the money laundering risks the program is intended to mitigate.

Also, AML RAs were not a regulatory requirement in many countries/jurisdictions until the last five to seven years, particularly until after 2012, when the Financial Action Task Force (FATF) revised its mutual evaluation methodology to go beyond technical compliance with the 40 recommendations to also include effectiveness compliance based on 11 immediate outcomes. The emphasis on demonstrating the effectiveness of AML/counter-terrorist financing (CTF) regimes at the country/jurisdiction-level by the FATF put pressure on the regulators to understand the systemic money laundering risks within their supervisory ecosystem, which in turn put pressure on the industry to demonstrate their AFC program effectiveness with the AML RA process.

The U.S. is one of the earliest countries to specify clearly that their FIs must conduct an AML/Bank Secrecy Act (BSA) RA. This is the first item listed on the scoping and planning process of the onsite examination in the Federal Financial Institutions Examination Council’s (FFIEC) manual, which was first published in 1979. What is most interesting is that though the AML/BSA RA requirement has been around for many decades, its usefulness is not clear to the regulator, as reflected in the Financial Crimes Enforcement Network’s (FinCEN) September 2020 “Advanced Notice of Proposed Rulemaking (ANPRM)” on “what constitutes an effective and reasonably-designed AML program.” One would have expected regulators to already have a clear view on this question, given that the AML/BSA RA requirement has been around for decades, but it is clear that without common standards to conduct the AML/BSA RA, the U.S. regulator is not able to analyze the results from the AML/BSA RA reviews to answer the fundamental question of demonstrating effectiveness, which is the primary objective of all AML RA.

AT: ACAMS Risk Assessment™ was launched in January 2014. What had ACAMS observed in the AML space that compelled it to introduce an AML RA software solution?

HD: My earlier answer referred to the FATF’s meaningful revision of its mutual evaluation methodology to include effectiveness compliance by its members during onsite mutual evaluation reviews. This was one of the key drivers behind ACAMS’ engagement with the industry to help it answer the expected question from the regulators on how to demonstrate the effectiveness of the institution’s AML compliance program. ACAMS also observed the increasing strident conversations between regulators and their regulated entities. On the one hand, regulators are saying to their regulated entities that they are not doing enough, and the regulated entities’ response is that the regulators are “compliancing” them out of business—to use “compliance” as a verb. This led ACAMS to evaluate how to bring the seemingly opposing sides closer together in an attempt to close the gap of understanding between the regulator and their regulated entities. As an industry-standard-setting body, ACAMS is in the unique position of being able to engage with all the key stakeholders on this issue to arrive at a consensus-built AML RA methodology, establishing a common standard that allows both the industry to be able to do comparative analyses on its AFC program effectiveness benchmarked against its peers, and at the same time also allows the regulator to conduct similar comparative analyses to identify the systemic risk in their supervisory ecosystem.

AT: How is ACAMS Risk Assessment™ able to adapt to the RA needs of FIs of all sizes and geographic footprints?

ACAMS Risk Assessment™ is a software as a service (SaaS) solution that offers FIs a standardized means for measuring, understanding and explaining their money laundering risks beyond a checkbox approach to compliance. The solution’s global AML RA standards are based on internationally recognized recommendations and guidance and the consolidated input of high-level compliance experts in the public and private sectors.

Through an intuitive and user-friendly interface, ACAMS Risk Assessment™ helps institutions identify and assess their AML, sanctions and suspicious activity risks, including the establishment of a standardized inherent risk related to their products, services, delivery channels, customer types and geographies. It also facilitates self-assessments of the effectiveness of their mitigating internal controls resulting in residual risks unique to the institution.

Perhaps most critically, once user inputs are completed, the tool generates an automated RA report outlining how compliance controls were comprehensively assessed across business lines to reach a final residual risk score. Users can then choose to draft forward-looking action plans that can be submitted to auditors and regulatory examiners to demonstrate an institutional understanding of risk exposure and proactive risk mitigation.

AT: What value does ACAMS Risk Assessment™ offer its members?

HD: The value offered by our solution can be bucketed into three areas: Measuring money laundering risks, substantiating compliance decisions and compliance plan execution.

In measuring risk, ACAMS Risk Assessment™ establishes a standardized, self-assessment framework of money laundering risks across various product lines, geographies and customer types, with input from a committee of AFC experts and the ACAMS Advisory Board. In contrast to tools that take a checkbox approach to compliance, ACAMS Risk Assessment™ helps institutions comprehensively assess their risk exposure to money laundering threats, including related risks involving sanctions, suspicious activity and underlying predicate crimes.

The tool’s RA standard is informed by industry guidance and best practices established by the FATF, the FFIEC, the Wolfsberg Group, financial supervisory bodies and other governmental and nongovernmental organizations from around the world.

Through a simple input process that accounts for mitigating controls and effectiveness factors, end users can evaluate and quantitatively score the residual risks of specific product lines and customer types or assess their compliance vulnerabilities on an enterprisewide scale.

In substantiating compliance decisions, the tool’s reports include narrative fields that allow end users to explain unique risk perspectives and control program effectiveness, including when an institution has determined that it has no risk exposure to a particular product or geography. The result is a solution that facilitates the adoption of the risk-based approach while providing users with narrative fields to justify their risk decisions in a standardized format that is easy for regulators to review.

And last but not least, with compliance plan execution, ACAMS Risk Assessment™ helps institutions present risk-mitigation action plans through free text narrative fields allowing the institution to detail their expectations of risk and how the institution plans to address the risk. By assessing money laundering risks across multiple business lines and according to product and customer types and relevant geographies, ACAMS Risk Assessment™ allows users to identify an institution’s most pressing threats.

AT: As you attend various global ACAMS events, what is the common theme or challenge AFC professionals face when it comes to AML RAs?

HD: The common themes/challenges from AFC professionals I often have conversations with are the “EE” issues—demonstrating effectiveness and achieving efficiencies. With limited resources, how does the FI demonstrate that it is allocating its resources effectively and efficiently? AML RAs, if done right, should be able to assist senior management and their boards of directors in articulating what is the bank’s current risk profile as well as its risk appetite. And during business activities, periodic RAs should enable the FI to determine how that risk profile has increased, and if the status quo is desired, additional resources can be argued for. That is what a good RA should be able to succinctly identify—whether and what additional resources are required.

AT: What do you like to do during your time off?

HD: Exercise is quite important to my physical and mental health, based on my 16-18-hour days with the global role and my pre-pandemic work travel. I enjoy doing cardio-type activities, such as biking, hiking, jumping rope, calisthenics, etc., combined with the occasional yoga. I like reading, especially biographies of historical figures who have contributed positively to humanity. I also write for myself; I have kept a journal since I was 13. My most favorite activity is cooking—it speaks to the chemist in me. I can spend hours in a supermarket shopping for ingredients and thinking of new recipes to try. I spent two years working as a chef in a restaurant in my late teens. Hosting dinners for a small group of family and friends is the best way to spend time and build and strengthen relationships. We all have the same 24 hours, and I like to spend mine strengthening relationships—whatever form that takes. Life is just too short for anything else.

Interviewed by: ACAMS Today editorial, ACAMS, editor@acams.org

Leave a Reply