AML, Fraud, Cyber: A 360-Degree Approach to Financial Crimes

The title of “Bank Secrecy Act officer” may soon become less an actual job description and more of a regulatory relic, as BSA and anti-money laundering compliance becomes increasingly intertwined with the bank’s fraud protection and cybersecurity risk management functions. This more holistic focus on financial crimes is reshaping how banks handle AML/BSA compliance. We spoke with ABA SVP Ryan Rasske about these changes and how banks are responding to them.

Q. The worlds of money laundering and fraud have grown more intertwined than ever. How are these functions within banks evolving and interacting?

A. The idea of consolidating a bank’s anti-money laundering department with its fraud unit is definitely not new. However, the execution of a successfully integration for these functions has always been and continues to be a challenge for many.

Criminals have continued to evolve their approach and are not afraid to blur the lines between acts of laundering illicit gains or committing fraud in order to support their overall activities. Similar to startup companies, which are frequently recognized for their nimbleness and innovative technology, criminals are rapidly learning and leveraging new advancements in technology. Fraud attacks, movement of funds, and manipulating internal emails or other forms of communication are sophisticated and fast-moving schemes which are becoming increasingly difficult to detect. This is especially true for those banks that find themselves constantly reacting to criminal activities or loss events and then moving to the next fire.

Lately there appears to be a growing momentum across several banks toward reorganizing into an enterprise-wide approach for monitoring and reporting criminal activity. This is consistent with the enterprise risk management framework. Approaching these risks holistically allows senior management and the board to discuss potential impacts of these risks and take appropriate action to protect the bank. It’s also a regulatory imperative: the Financial Crimes Enforcement Network has released an advisory encouraging institutions to promote “greater communication and collaboration among their internal AML, business, fraud prevention and cybersecurity units.”

Q. How are banks retooling to respond to this momentum?

A. Many banks already have or are planning to establish a formal “financial crimes risk management unit”—designed to consolidate the reporting structure and oversight of financial crimes for all lines of business, subsidiaries, and affiliates including the Bank Secrecy Act/AML, customer due diligence, sanctions and with external and internal fraud investigations. In fact, some of these units are enhancing their capabilities even further by opening communication channels and information sharing with their cybersecurity teams. This allows everyone to gain a basic understanding of the different criminal threats facing the institution and hopefully connect some dots that otherwise would have been overlooked.

While this approach may work for some institutions, the consolidation of these units does not have to be an “all or nothing” approach. Sometimes the idea of integrating these units makes strong business sense and can influence a bank to move forward too quickly, resulting in frustration and possible failure due to a lack of planning. This is why a bank should take the time to develop its financial crimes strategy and determine which functions are either not in sync or could benefit from cooperation with others. It also allows the bank to explore a possible holistic view across their various lines of business, products, services and the various types of customers within their portfolio.

To supplement this approach, more and more software vendors are providing monitoring systems and case management tools that can combine AML and fraud investigations. This allows analysts and investigators to review each others’ case notes, generate reports to identify emerging trends and identify potential relationships between customers and transactions.

Improving visibility into criminals’ behavior and encouraging a broader conversation is one of the primary reasons that the American Bankers Association and the American Bar Association’s Criminal Law Section decided to change the name of our conference from the Money Laundering Enforcement Conference to the ABA/ABA Financial Crimes Enforcement Conference. Along with our member banks, we recognized the value of bringing financial crimes professionals together in order to discuss emerging money laundering, fraud and cyber-enabled crimes.

Q. What are the biggest roadblocks for bankers in integrating fraud, AML compliance and cybersecurity?

A. The cost of failure within the financial crimes space continues to escalate with potential fines, public consent orders and negative impact to the bank’s reputation. While this can drive wanting to execute the integration of financial crimes correctly, there are several different types of roadblocks that could derail its success. These include not having a strategic roadmap or timeline, devoting insufficient resources within one or more of the units, maintaining a poor risk culture without accountability, providing too little support or communication from top leadership, failing to integrate consistent nomenclature or processes between units, leaving systems separate for too long, geographically separating units and failing to be transparent.

Q. As more banks switch to an integrated financial crimes approach, what opportunities do you see for banks? Do you see benefits for the business side of the bank when fraud, cyber risk and AML are aligned?

A. If banks take the time to develop a strategic roadmap and evaluate the various functions within their AML, fraud and cybersecurity units, there are potentially several opportunities, especially on the business side. These include the ability to cross-train employees and provide career advancement options, efficiencies from consolidating systems and processes, the ability to identify more sophisticated and complex schemes, aggregated reporting to senior management and the board, stronger partnerships with law enforcement and better customer and public trust.

Q. As financial crimes enforcement evolves, what are the biggest challenges banks are facing in terms of human capital?

A. It’s safe to assume the detection of financial crimes will become increasingly complex and banks will depend more and more on the use of technology solutions. While traditional check fraud and structuring of cash still exists, criminals are quickly leveraging new platforms or channels, including the use of virtual currency or operating through the dark web, making it difficult for banks to monitor criminal activity or identify a suspect. This has presented two unique challenges to institutions: finding and retain experienced and knowledgeable financial crimes professionals and automating manual or inefficient processes with emerging technology to stay competitive.

Q. Are there regtech solutions to help address these challenges?

A. It is unclear at this point how much impact regtech solutions will have on the financial crimes profession, which has experienced a significant increase in headcount over the past several years. However, this is definitely an area to watch because it has the potential for changing the traditional compliance or risk management skill sets individual rely upon today.

Q. As monitoring costs grow, where can banks best focus limited resources to maximize effectiveness?

A. Banks can succeed by leverage existing systems and supplement existing gaps with appropriate technology—and upgrading when possible. They should also recognize frontline and operational areas when they escalate risks or communicate unusual behavior and really communicate emerging threats, criminal schemes or fraud trends across the organization. Individuals throughout the bank should know about have cross-training in financial crimes.

I also recommend networking with other financial crimes professionals (both within your area of expertise and outside of it) and attending external conferences to learn about emerging trends. Financial crimes professionals can invest in themselves through continual training and professional designation, such as ABA’s Certified AML and Fraud Professional certification.