How do you demonstrate your AML/CTF Program is Effective?
The Wolfsberg Group recently published a paper on how Financial Institutions (FI’s) can demonstrate the effectiveness of their AML/CTF Program. The paper looks at how supervisors and FI should focus on the practical element of whether the Program and controls are making a material difference in preventing, detecting and reporting ML/TF risks in the sectors, industry and jurisdictions in which they operate.
As you well know, the primary purpose of your AML / CTF Program is to identify, manage and mitigate money laundering and terrorism financing risks. For those of you who have had an Independent Review of your Program, you will know that demonstrating technical compliance is one thing (just follow the Rules) however, demonstrating how effective your program is at identifying, managing, and mitigating risks is much harder.
So, what insights can we gather from the Wolfsberg latest paper?
The Group identify the following factors in evaluating and demonstrating the effectiveness of your Program.
- Complying with Laws and Regulations– this should be a given, so we won’t spend too much time here.
- Providing Useful Information to Government Authorities in Priority Areas – Government authorities identify priority areas in a number of different ways, e.g., in National Threat Assessments, typologies, public/private partnerships, enforcement actions and guidance.
How you demonstrate and assess effectiveness in providing useful information will vary depending on the type of entity you are and the sector you operate in. Ways to demonstrate effectiveness include:
- Quality (rather than quantity) of your Suspicious Matter Reporting (SMRs) or where you don’t submit many SMR’s what other quality information (e.g., KYC, ECDD) do you have that may assist Government authorities if required.
- Implemented risk-based systems and controls that enable you to both prevent your organisation from being used to facilitate illicit activity, as well as to detect and report illicit activity
- Applying lessons learnt from regulatory engagement to improve or enhance controls – can you demonstrate that you have taken on board and actioned feedback and guidance applicable to you.
- Judge effectiveness of outcomes rather than process – be able to demonstrate, and explain to regulators, auditors etc how controls actually mitigate risk and/or provide useful information to the government to do the same. Whether controls are reasonable, and risk based will vary over time – it is not a set and forget. This will require ongoing tweaking, reviewing and consideration of whether controls should be retired if they are unable to demonstrate how they identify, manage and mitigate your ML/TF Risks.
Here at MWC, we have looked at how this might be applied to your existing ML/TF Risk Assessment, Program and Control environment. We often say it is all about drawing the links so we thought we would demonstrate how you might do this to demonstrate effectiveness.
The Wolfsberg Group is an association of thirteen global banks that aims to develop frameworks and guidance for the management of financial crime risks. This is particularly in respect to Know Your Customer, Anti-Money Laundering and Counter-Terrorist Financing policies. For more information on the Wolfsberg Group, see www.wolfsberg-principles.com.