By Julie Knudson
As anti-money laundering and Bank Secrecy Act regulatory requirements continue to evolve, community banks are bumping up against the compliance challenges associated with them. Navigating these issues has smaller organizations rethinking everything from staffing to technology as they work to manage their risks and obligations.
Wanted: expertise, new workflows
For community banks seeking someone to lead their AML/BSA programs, the available talent pool of qualified compliance officers often isn’t as deep as they’d like. Larger institutions have staffed up their own financial crimes units, leaving fewer candidates in the marketplace. “Ensuring you have the right talent, with an ability to lead a program and to communicate up, down and across the organization, is a priority,” says ABA SVP Ryan Rasske, CAFP. Finding candidates with the experience and qualifications to lead compliance programs—such as those who hold ABA’s Certified AML and Fraud Professional designation—is proving to be a difficult prospect for smaller institutions.
One of the biggest hurdles that Thomas W. Williams, CRCM—SVP and senior compliance manager at United Bank in Zebulon, Ga.—sees is the continued use of manual practices in compliance programs. “The banks that are on automation are seeing fewer errors and those that are still doing it manually will be subjected to more scrutiny with regulators,” he says.
The decision to maintain these conventional methods of doing business is sometimes tied to a bank’s desire to keep doing what they’ve always done, but more often it’s driven by concerns about cost, efficiency and need. “What is automation going to create for me as a bank?” Williams asks. Institutions still leveraging manual methods may not see enough benefit behind automated alerts and large-scale data analysis to outweigh the need to hire additional staff or spend money on a new system.
Ensuring that the data used for AML/BSA compliance is accurate and complete may also be a challenge for community banks. Model validation continues to create issues. “It’s about tuning the systems and getting all the rules, parameters and thresholds right,” says Alan Abel, risk consulting managing director at Crowe Horwath in Chicago. (ABA endorses Crowe Horwath for risk management and compliance consulting services.) Identifying the rules that will generate effective alerts can be a difficult prospect. “How do you know your rules cover all the things you should be paying attention to?” Abel asks. Too many false positives—or too many alerts that don’t lead to productive investigations—not only defeat the purpose of AML/BSA regulations, but may also prompt auditors to question why potentially suspicious activity wasn’t properly flagged or investigated.
Roadblocks are also popping up around upcoming regulatory changes, such as those related to the final rule on beneficial ownership, scheduled to go into effect in May 2018. “One of the main concerns we hear is that current systems may not comply with the new rule,” says Catherine Lew, EVP at Los Angeles, California-based GlobalVision Systems. (ABA endorses GlobalVision for its Patriot Officer AML/BSA software.) The architecture of some of today’s AML/BSA systems might not fully support the more complex relationships that will soon come under greater scrutiny. These platforms “cannot detect the suspicious activities of a group of companies which have a common beneficial owner,” Lew says. Vendors are working to update their systems and, while the effective date is still a year away, some bank compliance officers are worried they may not be ready to go in time.
Solution: holistic viewpoints
Navigating the hurdles of AML/BSA compliance has been tricky for some institutions, but staffing is one area where community banks are addressing a number of issues. “It’s looking at risk over the organization and then making sure you have right people in place,” Williams says. The right approach to staffing takes monitoring demands and risk levels into account, because merely putting employees in place isn’t as effective as training them to do the job. “We’re investing more resources in training to develop our folks because regulations are changing and we have to stay current with those changes,” Williams says.
Derisking, where a bank exits customer relationships they’ve deemed to be too high risk, is another strategy used in the AML/BSA equation. Expectations around monitoring, scoring and measuring customer risk rates are intense and some community institutions are taking the opportunity to reduce their risk footprint. “There’s been a lot of exiting of relationships,” Abel says. Boards are increasingly under pressure to set the bank’s risk management appetite and the leadership team then operates within those defined risk tolerances.
“Most banks have policies that if there are too many suspicious activity reports, they may exit the relationship,” Abel explains. Routine risk assessments and reports help the management group identify where AML/BSA risks continue to exist, and those relationships may be culled as appropriate.
Forward-looking community banks are also viewing AML/BSA compliance through a broader, more holistic lens. “We’re seeing a lot of emphasis on various operational risks, vendor management, cyber security and model risk,” Rasske says. “The BSA officer has to be a partner with the individuals responsible for those areas to determine how risks are impacting each sector.” Previous distinctions between fraud, cyber and AML/BSA issues are eroding, Rasske notes. “Those things can lead to one another,” he explains. “Those pieces are becoming more connected.”
Tackling the challenges around AML/BSA compliance will help ensure the bank is able to identify and put a halt to suspicious activity—no matter its origin.