The federal government has concluded that the laws and regulations of the past 30 years for detecting and deterring money laundering have not done the job.
Beyond the requirement for banks to maintain records of certain transactions and to file currency transaction reports, efforts to fight money laundering are focused on reporting suspect activity to authorities and on know-your-customer practices and transaction monitoring.
Know-your-customer rules that sought to strengthen these efforts were withdrawn by regulators after a proposed requirement that banks develop, maintain, and monitor customer "profiles" ignited a firestorm of privacy concerns. However, the absence of regulatory guidance has intensified supervisory risk.
Add to this the clear likelihood of tougher and farther-reaching legislation, and the problem becomes unignorable. Regulators are signaling that they expect managers to develop risk-based anti-laundering frameworks for businesses like private banking, correspondent banking, funds transfer, and retail banking.
The formal consent orders entered into this year by state and federal regulators lay out the supervisors' expectations for anti-laundering management. Examiners will use these orders as the minimum management standard. In addition to defining the categories of client whose transactions do not warrant monitoring because of their routine nature, banks are expected to:
- Determine the level of enhanced due diligence for clients that require monitoring.
- Understand the client's normal and expected transactions.
- Identify any unusual transaction that may require the filing of a suspicious-activity report.
- Capture all relevant customer activity for monitoring, be it funds transfer, cash, or check.
- Establish effective computer systems to support anti-laundering activity.
- Embed anti-laundering analysis in new product/business approval processes.
- Maintain compliance and audit departments that can effectively test for compliance.
- Develop effective training for all relevant employees.
These are the core elements of an effective program to combat money laundering.Failed programs generally suffer from some or all of the following weaknesses: an inability to identify unusual activity because of insufficient understanding of the client's expected transactions, fragmented transactions systems that turn monitoring into a manual nightmare, management information systems that do not adequately support compliance, and training programs ill-tailored to how employees might encounter money-laundering situations.
Against this backdrop, management inertia can be perilous and costly. At best, it risks rebuke by examiners through their reinvigorated investigations of problems managers previously may have overlooked or discounted. At worst, it can let a problem surface unexpectedly in the press, forcing executives to practice damage control.
To adopt and maintain effective anti-laundering programs, institutions must:
- Identify the sources of risk and the attendant key controls for each business line.
- Improve the effectiveness of due diligence and transaction-monitoring across all businesses that pose appreciable risk.
- Capture and evaluate customer information in a way that avoids alienating good customers and identifies opportunities as well as risks.
- Balance the need for customer information against legitimate privacy concerns.
- Establish clearly articulated roles and responsibilities for anti-laundering activities.
The regulators, for their part, must avoid creating disincentives to action by drawing undue attention to weaknesses uncovered by management in its effort to improve. If regulators fail to recognize that these efforts reflect effective risk management, they will discourage banks from acting. That would be an unfortunate step backward.Mr. Vangel is a partner and director of bank regulatory advisory services in the risk management and regulatory practice of Ernst & Young LLP in New York.
