You Can t Afford the Risks

Transcription

1 Anti-Money Laundering You Can t Afford the Risks Audit Tax Advisory

2 The Risks Associated With AML/Sanctions Compliance Are Just Too Great to Ignore Continued increases in regulatory scrutiny and rigorous enforcement have turned compliance with the global and U.S. sanctions and anti-money laundering (AML) regimes into a front-burner issue for providers of financial services. The European Union Anti-Money Laundering Directives and implementing legislation, global sanctions regulations, Wolfsberg Principles, and guidance from the Financial Action Task Force comprise a subset of the laws and regulatory guidance governing the global AML environment. These regulations and guidelines require businesses to be vigilant in identifying and reporting suspected money laundering, terrorist financing, and other criminal activities.

3 Anti-Money Laundering: You Can t Afford the Risks Parliament and law enforcement have turned up the heat, calling on regulators to look more closely for compelling evidence of good governance, effective model risk management, strong business processes and controls, and robust programme documentation. Failing programmes mandate immediate corrective actions which, more often than not, pose considerable one-time and recurring costs to the institution. Crowe Horwath can help you create a risk-based AML programme tailored to your specific needs in today s complex environment. From large global banks and organisations challenger banks to building societies and credit unions; from gaming and casino operations to money transmit ters and money services businesses; from startup financial technology companies to established payment processors, and other financial services companies; Crowe services draw on years of experience and thought leadership to create customised and scalable solutions for all types and sizes of financial services companies and institutions. The risks of noncompliance are substantial: Reputation risk Regulatory compliance risk A broad range of operational and strategic risks High-value customer risk Earnings and performance risk With compliance requirements and expectations stemming from unique risk profiles, meeting evolving AML requirements has become a complex exercise involving a moving target. As businesses struggle to comply, regulatory requirements, and expectations pose another challenge: how to meet compliance obligations without damaging customer relations or impeding business growth, and innovation. Addressing AML Compliance Requirements Offers Significant Benefits Demonstrated commitment to protecting the global financial system Reduced risk of reputation damage from regulatory action and negative publicity Increased protection of corporate and shareholder value and goodwill Proactive human and technology resource planning on AML initiatives rather than regulator-driven compliance projects Cost-effective compliance with AML laws, regulations, and regulatory expectations Effective decision-making and risk management through AML analytics Leading providers of financial services are also looking at the impact of an AML programme on competition and customer relationships, viewing AML compliance as an opportunity to expand their knowledge of customers and deliver a higher level of service. crowehorwath.com 3

4 Crowe Horwath Crowe CLAMP : Our AML Operating Model for Regulated Financial Services Companies The Crowe CLAMP (Crowe Closed-Loop Anti-Money Laundering Programme) operating model allows financial services companies to achieve a high level of capability maturity in nine AML areas and is designed to verify that each area interacts with the others to provide appropriate and ongoing feedback. Our model includes: 1. A Strong Enterprise Foundation Surrounding an organisation s AML programme is an enterprise foundation that determines an organisation s ability to respond to changes in both the busi ness and regulatory environments. The foundation consists of four components: corporate governance/enterprise risk management, model risk management, and model governance, independent audit, and the ability to establish effective policies that have been approved by the board. 2. Principal Capabilities Four principal capabilities serve as the backbone of an organisation s AML programme: an enterprisewide compliance risk assessment weighs the risk of legal or regulatory sanctions, financial loss, or damage to reputation and franchise value; comprehensive processes guide the development, implementation, and use of models for AML compliance; effective monitoring and self-testing of AML controls by the AML group prepares the organisation for review by indepen-dent audit; and written procedures reflect the institution s current AML programme. 3. Demonstrated Execution Every AML programme must demonstrate the ability to execute on the plan and the designed organisational components. An AML risk assessment produces a risk profile based on products, geography, distribution channels and customer, and account characteristics, resulting in a guide for organisational priorities. Effective internal controls demonstrate a history of adequate and sound responses to areas in need of attention. Staffing and training take place at all levels of the organisation, especially at those with responsibility for the AML programme. Models and systems relied upon for AML compliance must be calibrated and validated to ensure their accuracy and effectiveness. 4. Customer Due Diligence The goal of customer due diligence (CDD) is to identify, screen, and manage the organisation s new and existing customers that present a higher risk for money laundering and terrorist financing. CDD provides the mechanism to implement the due diligence and sanctions screening processes required for every customer and the enhanced due diligence processes required for customers posing a higher risk. 5. Activity Monitoring The goal of AML activity monitoring is to identify potentially suspicious or prohibited customer activity through high-quality alerts while minimising false positives. Meaningful transaction analysis requires leveraging rulesbased, profiling, or machine learning technologies, as well as advanced analytics. Transaction monitoring systems must consider an organisation s unique risk profile and inte grate with CDD to effectively detect unusual and suspicious activity. Structured analysis, tracking, and follow-up are required in order to properly manage each potential suspicious incident. 6. Investigations and Reporting Suspicious activity, regardless of its origin, requires detailed investigation and documentation by qualified individuals. Requests for investigations may be initiated through the organisation s CDD efforts, sanctions screening, activity monitoring systems, or fraud detection processes, or externally via production orders and subpoenas or other avenues. Unusual activity deemed to be suspicious is reported to law enforcement on a suspicious activity/transaction report. 4

5 Anti-Money Laundering: You Can t Afford the Risks CLAMP and the CLAMP AML framework diagram are protected intellectual property of Crowe Horwath LLP. 7. Single Customer View An organisation must have the ability to demonstrate that it understands its customer information and has properly associated linked relationships both within a line of business and across subsidiaries. The convergence of expected and actual risk requires that an organisation not only understand who the customer is, but also what he or she is doing. A robust single customer view will help drive use of advanced analytics to further manage AML risk and increase programme efficiency. 8. Data and Document Management The Money Laundering Regulations 2007 and other mandates require maintenance of documents and historical data for minimum durations. Backups and archives must be set up to allow retrieval in an organised and timely manner. Audit trails track data and enable document capture to assist with information and document warehousing, which in turn help improve management and operational reporting as well as compliance and litigation support. 9. Programme Management Effective programme management includes project and regulatory relationship management. Organisations should dem onstrate an ability to plan, organise, and manage AML projects through a programme office. Furthermore, projects must be consistently executed on time and within budget to create regulator confidence in an institution s ability to deliver on what is promised. crowehorwath.com 5

6 Crowe Offers a Comprehensive Closed-Loop AML Solution Crowe brings together an integrated team of financial services industry professionals specialising in the areas of: Regulatory compliance Enterprise risk management Business process management Customer experience management Technology systems integration and implementation Our unique combination of in-depth industry knowledge, broad-based business competencies, and the Crowe CLAMP operating model offers our clients a comprehensive, closed-loop AML solution. Our solutions are configurable: they can be implemented holistically for organisations with high regulatory expectations or as point solutions targeting specialised areas of need for organisations with specific regulatory requirements.

7 Anti-Money Laundering: You Can t Afford the Risks AML Solutions to Match Your Risk Profile Our team of AML specialists can help you create a risk-based AML compliance programme tailored to your organisation s specific needs. Because there is no such thing as a one-size-fits-all programme, Crowe AML solutions are customised to your organisation based on risk profile, business model, size, location, customer base, corporate culture, delivery channels, products, and service offerings. Crowe AML/BSA Services and Solutions At Crowe, we view AML compliance as a continual process of vigilance grounded in a proactive programme that raises red flags when significant changes, variances, and contradic tions occur. Our AML solutions can be implemented as a comprehensive compliance programme or customised to focus on specific challenges. Model Risk Management With the legislation from the Fourth Money Laundering Directive and SYSC rules, financial institutions, need to adapt their existing AML risk management programmes to the most current industry and regulatory standards. Crowe has an established model risk management methodology and framework that help organisations meet regulatory expectations. These services include: Identifying and managing the AML model inventory Assessing AML model risks Developing and implementing AML models and systems Validating models relied upon for AML compliance Calibrating or optimising AML system parameters Establishing governance and oversight for the model risk management programme AML Analytics and Reporting Enhanced analytics and statistical techniques are necessary to effectively analyse and calibrate AML models to provide accurate customer risk rating, transaction monitoring, and sanctions screening capabilities. Other critical components of a strong AML programme include data warehousing, integration, and governance, as well as effective data visualisation and dashboards to provide management with enhanced visibility. Crowe services include: Defining AML analytic programmes Establishing programme KPIs and KRIs Calibrating AML system parameters Designing and developing management reporting capabilities Independent AML Testing Services Crowe conducts annual AML/CFT and sanctions independent testing services for more than 100 financial institutions around the globe through a dedicated professional team with AML and audit experience. The Crowe approach is designed to adapt to each of our clients unique AML risk profiles, empowering institutions to satisfy regulatory requirements while applying our leading perspectives. Our experiences and approach have withstood the scrutiny of examination and review in some of the most intense regulatory environments in recent history. crowehorwath.com 7

8 Crowe Horwath Regulatory Response and Remediation Crowe has extensive experience working with regulators to help institutions address examiner concerns and offers a broad array of AML-specific services for institutions facing regulatory issues and enforcement actions. These credible and respected services include: Independent third-party monitoring services AML look-back reviews Consent order validation and independent testing services Financial investigation services for either ongoing support or special assignments Exam preparation and management AML Programme Enhancement Services As part of its broad AML programme enhancement services, Crowe frequently is called upon to provide programme oversight and compliance integration services in addition to specific enterprise risk assessment efforts. Crowe services include: Enterprise compliance, AML, and sanctions risk assessment Formulation of policies, procedures, and programme standards AML programme assessment and future-state road map documentation Formation and optimisation of financial intelligence units Convergence of financial crimes programmes Merger and acquisition management Ongoing advisory services and thought leadership Business-as-usual support and optimisation Annual and ongoing AML, and Sanctions training Crowe also has extensive experience helping institutions with exam preparation and management and maintaining compliance with global trade and economic sanctions requirements. Customer Due Diligence Know your customer (KYC), CDD, and accurate customer risk rating capabilities are essential components of an effective AML programme. Crowe offers in-depth knowledge and technological expertise in helping institutions: Establish enhanced due diligence (EDD) processes and procedures Support business-as-usual EDD reviews Design and develop customer risk rating models Implement CDD and single-customer-view systems Design and execute calibration for customer risk rating models Validate CDD and customer risk rating models 8

9 Anti-Money Laundering: You Can t Afford the Risks Suspicious Activity Monitoring Crowe offers ongoing support in the design, development, and implementation of transaction monitoring systems, including system assessment, system enhancement, and pre- and post-implementation calibration and validation. Services include: Alert triage to support business-as-usual processes Designing, developing, and implementing suspicious activity monitoring models Designing and executing calibration for suspicious activity models Validating suspicious activity models Investigations and Reporting Along with supporting regulatory mandated look-backs, Crowe provides suspicious activity monitoring, enhanced due diligence, and sanctions alert review services. Crowe brings experienced investigators to support business-as-usual processes and also assists with the optimisation of AML compliance operations teams and investigations units. Data Management As BSA/AML programmes increase their reliance on technology for effective and efficient compliance, data management, and quality grow in importance. Crowe provides services to assist with: Mapping and integrating data sources to AML systems Assessing data quality and completeness Developing data management strategies Leveraging data visualisation tools to support AML compliance and reporting Technology Through collaboration with clients and extensive experience, Crowe has developed technology solutions that support and bring efficiency to AML programme components. This technology includes: Crowe Model Risk Manager assists institutions with supporting an end-to-end model risk management programme Crowe Dynamic Customer Insight facilitates the collection of customer information, evaluation of customer risk rating, and execution of enhanced due diligence, and high risk customer reviews Crowe Caliber assists institutions in calibrating their transaction monitoring systems and the associated parameters, adding efficiency to the tuning process CARS (Crowe Activity Review System) solution leverages dynamic questioning and automated narrative generation to significantly reduce the amount of effort required to review suspicious activity alerts crowehorwath.com 9

10

11 Anti-Money Laundering: You Can t Afford the Risks Crowe Horwath LLP: The Unique Alternative Crowe Horwath LLP ( is one of the largest public accounting, consulting, and technology firms in the United States. Under its core purpose of Building Value with Values, Crowe uses its deep industry expertise to provide audit services to public and private entities while also helping clients reach their goals with tax, advisory, risk, and performance services. With offices coast to coast and 3,000 personnel, Crowe is recognised by many organisations as one of the country s best places to work. Crowe serves clients worldwide as an independent member of Crowe Horwath International, one of the largest global accounting networks in the world. The network consists of more than 200 independent accounting and advisory services firms in more than 120 countries around the world. crowehorwath.com 11

12 Contact Information Clayton Mitchell +44 (0) Crowe Horwath Global Risk Consulting, Independent Member of Crowe Horwath International RISK B