Fighting on Two Fronts: Navigating the Demands of Regulators While Controlling the Costs of Anti-Money Laundering Compliance

Save this PDF as:

Size: px
Start display at page:

Download "Fighting on Two Fronts: Navigating the Demands of Regulators While Controlling the Costs of Anti-Money Laundering Compliance"


1 An Oracle White Paper November 2013 Fighting on Two Fronts: Navigating the Demands of Regulators While Controlling the Costs of Anti-Money Laundering Compliance

2 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.

3 Executive Overview... 1 Introduction... 1 Monitoring and Compliance are Maturing... 3 Seeking Greater Value... 7 A New Compliance Rubric... 7 Investing Wisely... 8 Conclusion... 11

4 Executive Overview The U.S. Department of Treasury has stepped up enforcement of anti-money laundering (AML) surveillance requirements. The agency sent a strong message to the financial services industry in 2012, when it levied billions of dollars in fines in several high-profile cases involving money laundering activities. Regulators are taking a closer look at firms AML compliance programs. In addition to monitoring timeliness in reporting suspicious activity, they are increasingly focused on the structure and governance of compliance initiatives as well as the technology that supports these programs. Financial services organizations, working to ensure compliance while reducing costs, are taking a fresh look at their AML systems with an eye toward expanding automation, improving performance, standardizing processes, and improving transparency. Firms that invest wisely can create a compliance environment that meets immediate and future AML requirements and serves as a platform for improving overall governance and risk management. Introduction An estimated $1.6 trillion was laundered in 2009, according to a United Nations (U.N.) Office on Drugs and Crime report published in October In its authoritative report, the U.N. also notes that only 1% or $580 billion of illicit transactions globally are seized and frozen. Once illegal money has entered the global and financial markets, it becomes much harder to 1 United Nations Office on Drugs and Crime, Estimating illicit financial flows resulting from drug trafficking and other transnational organized crimes, October

5 trace its origins, and the laundering of ill-gotten gains may perpetuate a cycle of crime and drug trafficking, according to the report. In many respects, financial institutions are the eyes and ears in those efforts because they are on the front lines as organized crime attempts to use financial services organizations and their networks to hide its ill-gotten gains. Financial institutions have become the de facto deputies in global efforts to thwart money laundering. Stemming the rising tide of money laundering activity requires constant vigilance and investment an increasingly expensive and time-consuming proposition for financial services organizations. Today, financial firms are focused on navigating an increasingly complex and demanding regulatory environment with the goal of ensuring compliance, reducing risk, and controlling costs.. 2

6 Monitoring and Compliance are Maturing AML requirements are not new, with modern codification beginning in 1970, with passage of the U.S. Currency and Foreign Transactions Reporting Act also commonly known as the Bank Secrecy Act (BSA). The BSA enlists U.S. financial institutions in efforts to identify and prevent money laundering to support criminal activity. Most notably, the act mandated that financial institutions keep records of cash purchases of financial instruments, file reports of cash transactions of more than $10,000, and report suspicious activity. Following the September 11, 2001, terrorist attacks, AML requirements were updated and strengthened significantly in the far-reaching USA PATRIOT Act of For example, the act criminalized financing of terrorism and expanded the BSA framework by strengthening customer identification procedures. It also expanded due diligence procedures; subjected all financial institutions to AML requirements; and mandated that financial services organizations respond to regulator requests within 120 hours. A few years later, the Intelligence Reform & Terrorism Prevention Act of 2004 amended the BSA further to expand reporting requirements for certain cross-border electronic funds transmissions. 2 2 History of Anti-Money Laundering Laws, U.S. Financial Crimes Enforcement Network, U.S. Department of the Treasury. 3

7 While it has been more than a decade since the passage of the USA PATRIOT Act, enforcement efforts have begun to mature noticeably in recent years. Expectations are changing, and regulators are becoming more aggressive in efforts to root out and stop money laundering. In doing so, they are asking more of financial institutions. For example, regulators are now looking more closely at the processes and systems institutions use in AML monitoring and compliance efforts, and how they are updated and maintained to reflect new requirements and changing modes of financial crime. The Federal government has demonstrated that it will bring the full force of its enforcement powers to bear on organizations that do not take what it views as appropriate measures to monitor and prevent money laundering. The U.S. Treasury s Financial Crimes Enforcement Network and the Office of the Comptroller of Currency (OCC) have stepped up enforcement activities. In 2012 alone, the 4

8 Department of the Treasury levied billions of dollars in penalties to financial institutions in several high-profile cases involving money laundering activities. The decision to engage in aggressive enforcement and impose huge penalties is a clear indication that financial institutions can expect a growing level of scrutiny from regulators who are demanding that they take extraordinary efforts to combat the criminals who try furtively to move illicit funds into financial markets. Regulators are also calling for even more stringent governance and AML surveillance. In March 2013, Comptroller of the Currency Thomas J. Curry testified before the U.S. Senate Committee on Banking, Housing & Urban Affairs about the state of AML compliance within financial institutions. He said regulators have uncovered surprising deficiencies in anti-money laundering efforts at the nation s largest banks. 3 In focusing on compliance governance breakdowns, he cited four root causes, which include: Lack of a strong culture of compliance within banks Failure to commit sufficient and expert resources to BSA/AML compliance Weaknesses in IT and monitoring processes Lack of sound risk management Curry also shared that the OCC was working on detailed guidance concerning sound corporate governance processes for BSA/AML compliance, including business line accountability and greater independence of the compliance function. In September 2013, the OCC communicated that large national banks can no longer do the bare minimum to meet their regulatory responsibilities, and simply checking regulatory boxes is no longer good enough. 4 3 Witkowski, Rachel. Regulators to Squeeze Banks on Anti-Laundering Policies, American Banker, March 8, Witkowski, Rachel. Satisfactory Won t Cut It at Big Banks, OCC s Curry Warns, American Banker, September 23,

9 6 Fighting on Two Fronts: Navigating the Demands of Regulators while Controlling the Costs of Anti-Money Laundering Compliance

10 Seeking Greater Value The message is clear. Higher compliance and governance thresholds are here to stay, and financial institutions must respond or risk costly sanctions. It is important to consider that, looking beyond the mandate, there are new opportunities for forward-looking financial institutions. By rethinking their approach to AML strategy and governance, financial institutions stand to reduce direct and indirect financial and reputational risk significantly and strengthen overall compliance and risk management initiatives. Viewed from the outside, a financial institution s willingness to work with regulators and take strides to meet the stringent demands of the BSA to root out money laundering illustrates a higher level of corporate responsibility. Financial institutions must understand the optics of embracing efforts to stop money laundering. The practical impact of AML monitoring and compliance is clear. The secondary effect building goodwill arguably has an even greater impact on an organization s reputation in the industry and community. A New Compliance Rubric Within a few years of the USA PATRIOT Act s enactment, virtually every tier-one and tier-two financial services institution had an AML system in place, whether a custom-built application or a commercial-off-the-shelf solution. These first-generation solutions largely met organizations immediate compliance needs, but circumstances have changed significantly. While the pressure to do more to stop money laundering increases, the job of AML monitoring and compliance grows more complicated. Today s large banks process hundreds of millions of transactions each day and growth continues unchecked. At the same time, financial crime schemes grow ever more sophisticated. Many AML solutions cannot scale as organizations and transaction loads have grown exponentially. As a result, firms have deployed multiple systems to support AML compliance across different lines of business. This approach adds significant direct technology costs, as well as IT management and analyst expenses, to already ballooning compliance budgets. As important, this siloed approach precludes the enterprise-wide visibility that has become essential as financial crime becomes more sophisticated. In his March 2013 testimony, Comptroller Curry specifically cited the need for an enterprise-wide management information system that provides reports and feedback that enables management to more effectively identify, monitor, and manage the organization s BSA risk on a timely basis. Further, organizations are finding that transaction monitoring is no longer enough. They are looking to automate analysis of alerts in a way that can reduce false positives, and ultimately, cut analyst costs. In 2012, the number of suspicious activity reports from legacy depository institutions increased approximately 7%, from 798,688 to 860,858, according to the Treasury Department s Financial Crimes 7

11 Enforcement Network. 5 To accommodate growing transaction volumes, today s tier-one financial services institutions have thousands of analysts looking at and investigating alerts a very laborintensive and expensive process. In addition, financial services organizations find that they must now defend the models and methodologies used in automating analysis, as well as across their broader AML compliance programs. Many legacy systems do little to support these emerging requirements. Finally, system performance has become increasingly important on several fronts. Regulators are requiring faster responses to their inquiries a challenge that grows as data expands exponentially. As such, organizations seek to optimize performance of their analytical environments just as they look to expand automation. Investing Wisely The industry is embarking on a second wave of AML solution investment to meet changing requirements. Financial services firms that invest wisely have the opportunity to gain a new level of transparency, insight, and automation, which can significantly reduce risk and compliance costs. Considerations to keep in mind when planning for a next-generation AML environment include: Focus on data quality. In the first wave of AML investment, many organizations had to implement their solutions very rapidly and did not have the opportunity to fully study the long-term implications of the types and quality of reference data they were gathering. Today firms have the luxury of learning from experience. For example, organizations want to ensure that they can truly identify a single customer across all lines of business. It is also important to integrate a wide range of internal and external data, including criminal records, white lists, and black lists, and not only identify customers on those lists but also determine when a customer might be transacting with an individual on a watch list. This wide range of information is required to meet today s compliance standards. Ensure flexibility and scalability. It is safe to assume that data will continue to multiply rapidly and compliance requirements will grow increasingly complex. As such, organizations require AML solutions that have the flexibility to accommodate new requirements and data sources that can scale with data and organizational growth. Make the most of automated analytics. Financial institutions are looking to automate analytics to improve alert accuracy and reduce compliance costs. With regulators giving more scrutiny to the methodologies behind AML compliance programs, firms must be equipped to 5 FinCEN SAR Activity Review, Issue 18, May

12 defend the models used to automate analysis. As such, firms seek solutions with models and algorithms that have proven themselves in the market. Performance is critical. When it comes to AML compliance, time is of the essence. Service level requirements abound, such as the mandate to report a suspicious transaction within 30 days. To meet these objectives, organizations require a high performance environment that can process tens of millions of transactions for alerts in six hours or less, allowing analysts to conduct their work in a timely manner. Firms that deploy high-performing platforms also stand to optimize their overall IT investment. If an institution can process batches 20%-30% faster, it can free capability for other tasks and optimize overall IT investment. Consider portability. The adage build once and deploy often holds true when it comes to investing in an AML solution. It is important to consider ease of portability as businesses enter new markets and lines of business. Ensure a closed-loop process. Regulators are focused on process standardization and improvement in AML compliance. New guidelines call for a strong BSA/AML audit function that ensures identified deficiencies are promptly addressed and corrected. Compliance solutions can be instrumental in advancing the governance process that is a top priority for regulators. Evaluate investment optimization potential. Compliance and risk management are expensive propositions, yet share many of the same data requirements. Investing in a solution with a data foundation that can support multiple compliance and risk management objectives not only optimizes investment but also improves data quality and expands transparency. 9

13 10 Fighting on Two Fronts: Navigating the Demands of Regulators while Controlling the Costs of Anti-Money Laundering Compliance

14 Conclusion The landscape has changed quickly. Financial crime has grown dramatically, and regulators have tried to keep pace with an increasing number of threats by imposing significant mandates on the industry. Financial institutions truly are fighting a battle on two fronts. As challenges on both sides have grown, organizations technology requirements are also evolving. Today s financial firms seek AML solutions that deliver a unified view, enable new levels of analytical automation and process standardization, ensure scalability, and support a closed-loop compliance program. 11

15 Fighting on Two Fronts: Navigating the Demands of Regulators while Controlling the Costs of Anti-Money Laundering Compliance November 2013 Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA U.S.A. Worldwide Inquiries: Phone: Fax: Copyright 2013, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group