THE CHALLENGES FOR BSA/AML OFFICERS HAVE BECOME ASTRONOMICAL

THE CHALLENGES FOR BSA/AML OFFICERS HAVE BECOME ASTRONOMICAL

The role of a BSA/AML officer has always been stressful – long hours, a constant flow of crises, dealing with a wide range of highly complex issues, making decisions that are necessarily somewhat subjective and can readily be second-guessed, the difficulty of finding and keeping good staff, the struggle to keep up with tech advances, incessant budgetary constraints, a degree of ingratitude or even hostility from the business side, not to mention the specter of personal liability. In the wake of the recent ACAMS annual conference in Las Vegas, it strikes us that the trials faced by a BSA/AML officer have ratcheted up even further in intensity. 

            There are a number of reasons for this – considerations that must be kept in mind and a half dozen of which are briefly reviewed below:

1.              Sanctions have never been more important or complex: Since the start of the Russia-Ukraine conflict in February, there has been a global flood of sanctions, export controls, and prohibitions against providing certain corporate services to Russia and Belarus. The U.S. and western nations are investigating sanctions evasion activity with an eye toward criminal prosecutions. U.S. bank regulators have publicly stated that their examiners will be looking into compliance with the sanctions.


All of this means that financial institutions need to expend considerable tech and human resources to stay on top of and implement round-the-clock surveillance of the growing list of sanctioned entities and individuals, including banks and subsidiaries, oil and gas companies, technology firms, government officials, political elites, and others. Another challenge is comprehending the details in the sanction packages, considering the directives target vast entities and individuals in different territories in Russia and Belarus. The nature and extent of restrictions also vary based on their economic impact, global implications, layers of ownership and control, and timelines. Understanding these tiered directives and resultant action items requires meticulous analysis by experts. 

Adding to the immense challenge is the fact that the lines between sanctions screening and other aspects of AML have become increasingly blurred. For example, there are numerous enumerated red flags that financial institutions need to track and file in their SAR filings as part of the BSA reporting obligations, such as flags that indicate potential evasions through shell companies. Also, FinCEN is strongly encouraging all financial institutions to make full use of their ability to share information in the sanctions context consistent with Section 314(b) of the U.S.A PATRIOT Act. Moreover, FinCEN has encouraged financial institutions to consider how the use of innovative tools and solutions may assist in identifying hidden Russian and Belarusian assets.

All of this means that financial institutions need a comprehensive approach to sanctions screening, involving optimal processes, strong tech tools, and expert teams.

2.              The news rulemakings re ultimate beneficial ownership, and the forthcoming UBO registry: Building out the UBO regime in the U.S. remains a critical regulatory priority, as evidenced by FinCEN’s recent final rule requiring certain legal entities to file reports that identify the beneficial owners of the entity as well as the individuals who filed the application to create or register the entity. Financial institutions soon can expect additional rulemakings governing access to the FinCEN registry and making necessary revisions to the CDD rule. 

To gear up for the expanded UBO regime, financial institutions must have the following in place at a minimum:

·      An effective process for identification of UBO(s)

·      In situations where verification is required, the ability to determine the optimal source and method of obtaining data to identify UBOs and collect basic information on them - these data searches must be sophisticated enough to be performed globally and continuously, and include the tracking of transfers of ownership interests between jurisdictions

·      Continuous monitoring of changes made to the company and UBO registers to keep KYC information up to date and respond to any increases in the risk of a relationship

·      A process for drawing data from the new registry and evaluating against the UBO requirements, including an understanding of financial ownership and control structures, and calculating ownership percentages

·      Assessing jurisdictional risk by considering the level of transparency of beneficial ownership and effectiveness of UBO registers in the jurisdiction of incorporation 

·      Record keeping procedures to meet regulatory requirements and ensure that where there are difficulties in identifying the UBO(s), firms can adequately demonstrate that their actions taken exhausted all possible means

·      Risk-based procedures tailored to the unique businesses, structures, and risks of each organization

·      An update case management system so that the new UBO requirements are integrated into an institution’s internal work flow and reporting processes

·      Integration into a CDD database -- institutions must be able to use this data in the same way as they use other CIP information, such as for OFAC sanctions screening, currency transaction report aggregation, and customer risk rating

·      A UBO training program for employees responsible for completing due diligence, including compliance staff and relationship managers


3.              FinCEN’s publication of AML/CFT priorities and the forthcoming rulemakings re them: FinCEN is working with other regulators to promote rulemakings regarding the AML priorities announced last year: corruption, cybercrime, domestic and international terrorist financing, fraud, transnational criminal organizations, drug trafficking organizations, human trafficking and human smuggling, and proliferation financing. Financial institutions need to begin the work now to assess how to update their AML program and target their AML controls toward the eight threats, even before new rules are promulgated.  Required measures include revising the overall AML risk assessment, reassessing customer risk profiles, implementing new red flags and typologies for transaction monitoring, adding to employee expertise in these areas, enhancing training, and implementing independent testing geared to these priorities.


4.              The explosion in the use and importance of digital assets and cryptocurrencies: The regulators have ratcheted up their focus on AML risks arising from cryptocurrencies, digital activities, and foreign virtual asset service providers, particularly entities and activities emanating from countries not complying with international standards. As an example, the FDIC has formally requested that all of its supervised institutions that intend to engage in, or that are currently engaged in, any activities involving or related to crypto assets provide notice to the FDIC. And there's been an uptick in regulatory actions in the digital asset space. This priority also was reflected in the “Comprehensive Framework for Responsible Development of Digital Assets” issued by the White House in September. 


Digital asset companies and their partners need to ensure that their AML policies, procedures, and operations are properly risk-based and reflect current realities, as failure to do so can result in enforcement actions. More broadly, financial institutions need to reevaluate their exposure to and controls for virtual currency risks in the same manner as discussed above for UBO and the new national priorities.


5.              The rapidly evolving changes in AML RegTech combined with expectations for innovation: A key element of the AMLA Act is the recognition that continued innovation is a necessary component of an AML program, for many reasons including to bolster its real-time nature, enhance efficiencies, and reduce false positives and delays in SAR filings. Moreover, given that financial innovation is rapidly changing the financial markets, RegTech innovations such as blockchain forensics and distributed ledger tech are needed to address new unique risks arising from innovative products such as NFTs, DeFi, and stablecoins. 

Advanced RegTech tools, including behavioral analytics, biometrics, and digitized ID verification, also are essential to address the explosion in fraud-related crimes. Regtech solutions can, for example, analyze scenarios based on past activity, behavior, and warning signs to forecast possible outcomes — including fraudulent activity — rather than just spotting them after the fact. They can also continuously monitor specific cases with elevated threat levels to ensure that over time the same level of vigilance is applied — without requiring additional resources or manual case management.

6.     The ongoing explosion in unstructured data:

The efficient exploitation of unstructured data increasingly is being seen as vital for a deeper, more contextual analysis in arenas such as KYC risk assessment, watch-list management, and alert investigation. Given the volume and diversity of unstructured data sources, automated processing is essential in order to mine it, rapidly and accurately, for relevant information and to uncover patterns and trends that might not surface themselves in traditional structured data. Regtech software also can store the data and then present it in a variety of customized formats. By crunching big data at unprecedented rates and in real-time, investigation times and false positives can be reduced. 

For example, with regard to adverse media screening, AI-based tools such as NLP can extract information from news articles and perform entity analysis, cueing deeper investigation if a strong negative sentiment is detected. AI-based tools also can address the problem of AML analysts spending the bulk of their time simply collecting the necessary data and information to perform the investigation. 

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics