There are many unique challenges to managing an AML compliance program. Depending on the size of the bank or financial institution, each presents a different constellation of compliance factors.
Not to be trite but a lot depends on the size of the business and the accompanying volume of transactions and activities. In comparison to an anti-corruption program where the focus is on interactions between company personnel and foreign officials, the AML compliance program focuses on transactions which can be overwhelming in size and complexity. A money laundering violation involves a “financial transaction.”
For small and big banks and financial institutions, the management solution depends on creating a defined compliance management structure. What do I mean by that?
A compliance management structure includes the following elements: (1) planning; (2) execution; (3) follow-up; (4) reporting; and (5) evaluation. The compliance management structure, which is built around measuring and monitoring transactions must provide accurate information about quality, service and efficiency.
If properly designed and implemented, the compliance structure will reinforce employee accountability at every level and provide transparency to the system performance so that management, at any level, can monitor compliance performance and specific issues.
The actual design of the system is less important than the existence of the system itself. Compliance employees have defined expectation, communications with their respective supervisors, and quantitative measurements of their performance.
The same is true for management of the compliance system. The compliance structure provides measurements to determine staffing needs, set expectations, identify performance and process performance and possible enhancements, and opportunities to communicate with senior management and employees. Moreover, the compliance structure, however defined, will provide immediate performance information which can be used to implement continuous improvements and measurements of such enhancements.
The substance of every AML compliance program must include: risk-based policies and procedures; an empowered and independent chief compliance officer; a training program and independent testing and review of the overall operation of the program. To operate effectively, management of the compliance program must include: estimates of number of employees and work volume; planning for resources and skills needed to carry out the compliance program; executing the work; follow up on work performance; reporting and measurement of performance; and evaluation of performance and trends.
For each compliance function (e.g. SARs review and filing, CTRs, potential OFAC list hits, due diligence of high risk customers), management must understand the precise flow of work, responsibilities and support needed for each function, and the capacity of the organization to support these activities. This is a critical part of any planning function and setting of expectations for the number of operations which can be completed per employee work hour. Accurate forecasting requires a careful calculation of volumes and available resources.
Review and monitoring of employee performance is critical to identifying resource shortfalls, changes needed in metrics and additional resources needed to improve overall compliance output.