BEST PRACTICES FOR A STRONG CULTURE OF AML COMPLIANCE

Instances of financial institutions harming their reputation over the years through AML violations are innumerable, and often quite damaging. Often, the violations tie directly to a poor culture of compliance. That’s because, even where strong AML systems are in place, they can be undermined, and attendant controls can be circumvented, by staff taking a ‘tick a compliance box’ approach rather than truly attempting to identify and mitigate risk. 

Regardless of size or business model, a financial institution with a poor culture of compliance is likely to have shortcomings in its AML program. A prominent example regards Danske Bank, which in November 2018 announced plans to revamp its culture in the wake of one of biggest money laundering scandals of all time (€200bn of questionable money from Russia and other ex-Soviet countries flowed through Danske’s Estonian branch over a decade.) 

The importance of maintaining a sound culture of compliance is a concept that’s gained much attention from AML/CFT regulators and financial institution officials globally. On the regulatory side, one of many examples is OFAC’s “Framework for Compliance Commitments,” released in 2019, which confirmed that senior management’s commitment to a risk-based sanctions compliance program is one of most important factors in determining its success. Compliance leaders have expressly recognized that it can help identify issues early and lead to more efficient compliance solutions. Business leaders understand that good compliance is a prerequisite for a good business. In other words, a culture of compliance creates value.

What is an organization's “culture”? It might be defined as the beliefs and behaviors that determine how its employees and management interact and do business day-to-day. Culture is expressed through combination of policy, tolerances, and behaviors. A poor culture of AML compliance is, stated by the U.K. Financial Conduct Authority: “A failure to embed a culture where financial crime is not acceptable, money laundering risks could not be articulated, there were insufficient AML resources, and senior management held limited understanding of AML risk.” 

What measures should be in place to ensure a sound culture of AML compliance? They include:

·      Tone from the C-suite that helps ensure the AML program receives adequate resources, legitimizes the program, and empowers personnel;

·      Senior executives who are visible in communicating the company’s commitment to AML requirements; 

·      AML compliance staff are empowered with sufficient authority and autonomy, including being “at the table” to balance the business case in line with risk appetite tolerances and providing challenge where appropriate;

·      Business and support area  staff who make relevant info in their possession readily available to AML compliance staff;

·      Incentives, including bonus and promotions, are tied to ethical behavior and advancement of AML culture and compliance; 

·      AML training that covers the context and purpose of AML requirements in addition to their specific obligations (in other words, ensuring that staff understand not only the “what” for compliance, but also the “why”);

·      Ethics training that’s widely provided and participated in by senior management;

·      Testing of the AML program is done by a party that’s independent, qualified, unbiased, and does not have conflicting business interests;

·      Ensuring sufficient human and tech resources, with such resourcing regularly reviewed to confirm it’s right-sized for the organization's scale, complexity and risk;

·      The ability of all personnel to report AML issues to management without fear of reprisal;

·      Effective AML controls are integrated into business processes so that compliance becomes part of BAU and not an ‘add on’ to other parts of the business;

·      Use of independent, anonymized surveys that assist in understanding employee perceptions and offer valuable insight into their thinking and a sense of problem areas; and,

·      Revenue and profit goals never outweigh AML compliance requirements.

The bottom line is that a strong culture of compliance reflects a work environment that fosters adherence to laws, rules, and regulations - not just to the letter but, also, the spirit of the law. It’s an environment in which profits do not trump compliance, and people comply with internal policies and procedures not only because they have to but, also, because they want to and believe it’s right thing. Proper ethics is at core of compliance culture; that is, individual and organizational decision-making and actions tied to ethical behavior.