Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Anti-Money Laundering (AML) Risk Assessment Process

9,420 views

Published on

A robust risk assessment process is central to maintaining a strong Anti-Money Laundering (AML) compliance program. In this new Accenture presentation we explore how financial services firms can set-up an effective process. Visit our fraud and financial crime blog post for more on AML risk assessment program: http://bit.ly/2aPlQQ7

Published in: Economy & Finance
  • Be the first to comment

Anti-Money Laundering (AML) Risk Assessment Process

  1. 1. Anti-Money Laundering Risk Assessment Process August 2016
  2. 2. A robust risk assessment process is central to maintaining a strong Anti-Money Laundering (AML) compliance program. The assessment should provide a comprehensive analysis of AML risks associated with the products and services offered by the lines of business, and act as an aggregated estimate of the AML risks across the enterprise. • Banks are periodically required to evaluate the AML risks of their individual business units and across the enterprise. The objective of the risk assessment is to determine the risk profile of the bank and evaluate the adequacy of the controls in place to mitigate risks. The risk assessment should identify areas of vulnerability to money laundering, identify weaknesses or gaps in the existing control environment, support informed decisions on risk appetite, and highlight the bank’s AML risk and control environment for all key stakeholders, including senior management and regulators. • The risk assessment is bank-specific with particular risk-factors and categories unique to a bank’s products, services, customers, entities and geographic locations. Banks should favour a sustainable, effective, and cost efficient AML risk assessment process that leverages a data-driven approach to risk scoring. A mature risk assessment process should be executed cyclically, and when triggered by a significant event, using a Factory Model to decrease costs, increase efficiency, and heighten delivery certainty through the use of dedicated resources. • A mature risk assessment process evolves with the organization, increasing in impact, sophistication and maturity. Financial institutions should take a pragmatic approach to implementing a high-performing enterprise-wide risk assessment program and approach. • To develop an enterprise-wide risk assessment program, a structured approach is encouraged so the appropriate rigor is practiced to identify, document and validate AML risks and controls. As an output from the risk assessment process, a control testing approach should be developed to monitor AML risks. Executive summary Copyright © 2016 Accenture All rights reserved. 2
  3. 3. An AML risk assessment identifies (i) a bank’s inherent risks across a range of categories, (ii) gaps and the level of risk that is acceptable and in line with the bank’s risk appetite, and (iii) the required controls to mitigate risk. What is an AML risk assessment? Copyright © 2016 Accenture All rights reserved. 3 Identify Mitigate AML Risk Assessment Analyze Products Geographies Transactions Entities Define and agree on the risk appetite and the risk factors being assessed. Identify specific products, services, customers, entities, and geographic locations unique to the bank and that should be appropriately weighted to the bank’s business model. Communicate and report findings on identified issues. Formulate action plans to resolve issues. Implement or strengthen controls to avoid, mitigate or reduce the inherent risks faced by the firm. Customers Services Assess Determine the inherent risk to the firm through detailed analysis of the data obtained on the specific risk factors. Augment findings on inherent risk with outputs from internal audits and regulatory exams. Assess the data to determine whether sufficient controls exist to address the inherent risk of the firm, thereby aligning with its risk appetite. Define Banks are required to periodically determine the AML risks of their individual business units and, when banks have a consolidated AML compliance program, this needs to be done enterprise-wide. A bank’s AML compliance program should be structured and enhanced to adequately address its risk profile and align to its risk appetite, as identified through the risk assessment. Appropriate policies, procedures, standards and processes to monitor and control AML risks should be developed or updated based upon the outputs of the risk assessment.
  4. 4. A mature AML risk assessment program helps provide banks with the opportunity to identify and plan for emerging risks and changes in the bank’s risk profile. The program should leverage a clear, consistent, data-driven methodology across the enterprise to quantify AML risks in an easily reportable way. How should an AML risk assessment program be structured? Copyright © 2016 Accenture All rights reserved. 4 People • Include a variety of subject matter specialists (SMSs) across the business and Financial Crimes Compliance to allow for a broader view on risk and issue management across the firm. • Leverage a dedicated team, and, where possible, utilize a center of excellence (CoE) and / or the factory model with offshore capability to reduce costs. Governance and Framework • A single enterprise- wide operating model, consistent across lines of business and geographies, with ownership within the business. • Formally defined structures, taxonomies, and reporting forums for senior management review of risk assessment outputs. North America Asia PacificEurope Latin America Governance and Framework People Process Technology and Data AML Risk Assessment Retail Banking Commercial Banking Private Banking Corporate & Investment Banking
  5. 5. A mature AML risk assessment program helps provide banks with the opportunity to identify and plan for emerging risks and changes in the bank’s risk profile. The program should leverage a clear, consistent, data-driven methodology across the enterprise to quantify AML risks in an easily reportable way. How should an AML risk assessment program be structured? Copyright © 2016 Accenture All rights reserved. 5 Process • A clear globally consistent and standardized methodology or process across all lines of business and geographies. • The process should include standard language or taxonomies to describe risk factors across all lines of business. • Where possible, incorporate both automated scoring and judgmental decisioning. Technology and Data • Implement the AML risk assessment within a strategic technology to support automation of data feeds, thus reducing ad hoc data requests and data collation periods. • Define standard risk factors and identify the data elements required to measure risk factors. Conduct trend analysis around control environments to allow control improvements to be made. North America Asia PacificEurope Latin America Governance and Framework People Process Technology and Data AML Risk Assessment Retail Banking Commercial Banking Private Banking Corporate & Investment Banking
  6. 6. What is the path to a mature AML risk assessment program? Copyright © 2016 Accenture All rights reserved. 6 Rudimentary Limited formal governance, fragmented infrastructure and inconsistent processes Operational Centralized governance with partially consolidated infrastructure and processes High-Performing Market leading AML risk assessment practices, enterprise-wide methodology, with formally defined and adopted infrastructure and processes Governance and Framework • Limited or no formally defined governance structures or decision-making bodies to provide oversight and approvals. • Geography or line of business specific operating model, with limited integration. • No clear articulation or risk appetite, risk factors, or control categories. • No clear ownership of AML risk components. • Defined governance structures in place for approval of AML risk assessment results. • Enterprise-wide standards for risk and control taxonomies. • Identified key-risk factors, and risk appetite. • Fragmented operating model covering major lines of business. • Formally defined governance structures and decision-making bodies for approvals, planning, and read-outs to senior management. • Enterprise-wide operating model, consistent across lines of business and geographies. • Established risk and control taxonomies, risk factors, and risk appetite. • Business ownership of most AML risk components. A mature risk assessment program evolves with the organization, increasing in impact, sophistication and maturity. Financial institutions should take a pragmatic approach to implementing an enterprise-wide risk assessment program and approach.
  7. 7. What is the path to a mature AML risk assessment program? Copyright © 2016 Accenture All rights reserved. 7 Rudimentary Limited formal governance, fragmented infrastructure and inconsistent processes Operational Centralized governance with partially consolidated infrastructure and processes High-Performing Market leading AML risk assessment practices, enterprise-wide methodology, with formally defined and adopted infrastructure and processes People • Senior management aware of AML risk assessment needs, but no dedicated risk resources. • AML risk assessment performed by line resources on a part time basis. • Senior management aware of AML risk assessment, structured review conducted leveraging line resources and compliance personnel. • Management has adequate industry experience in executing AML risk assessments. • Senior management view AML risk assessment as integral component of AML compliance program. • AML risk assessment has dedicated resources leveraging the factory model for operational activities, with oversight from highly trained AML specialists. Process • Ad-hoc AML risk assessment processes. • Limited enterprise-wide methodology or approach. • Bespoke AML risk assessment methodologies per line of business or geography. • Mainly manual processes, no automation. • Partially standardized processes across lines of business and geographies. • AML risk assessment viewed as a requirement but applied superficially and focused on fulfilling regulatory expectations. • Ad-hoc risk assessments conducted on higher risk areas. • A defined globally consistent process across lines of business and geographies, supported by workflow. • Standardized AML risk assessment methodology and approach. • Automated risk scoring coupled with judgmental decisioning.
  8. 8. What is the path to a mature AML risk assessment program? Copyright © 2016 Accenture All rights reserved. 8 Rudimentary Limited formal governance, fragmented infrastructure and inconsistent processes Operational Centralized governance with partially consolidated infrastructure and processes High-Performing Market leading AML risk assessment practices, enterprise-wide methodology, with formally defined and adopted infrastructure and processes Technology and Data • Little or no technology used to facilitate the AML risk assessment. • Limited data availability and no agreed upon system of record. • Static reporting without analysis or action orientation. • Technology may or may not be used to drive AML risk assessment routines. • Limited data availability. • Reporting is proactive and analyzed to drive organizational improvements. • AML risk assessment process implemented within a strategic technology tool. • Agreed data sources and systems of record for data extraction. • Central repository and standards data dictionary leveraged. • Automated and dynamic reporting allowing for on-going and periodic assessment.
  9. 9. To develop a robust AML risk assessment program, a structured approach is suggested to give the firm a proper understanding of its risks and the effectiveness of the controls over those risks. What is the approach for an effective AML risk assessment program? Copyright © 2016 Accenture All rights reserved. 9 Deliver executive summary Mobilize and prepare data points Document key AML risks and controls Identify improvement opportunities Obtain SMS validation / approval Define and agree on risk appetite Identify systems of record for extracting data Agree on specific risk factors and data elements needed Identify and document AML risks and controls Conduct risk scoring to identify critical focus areas “Sense check” data outputs with business and compliance SMSs Map focus areas against current state catalogs and processes Map focus areas against current controls framework Document risk and control matrix Aggregate evidence for baseline controls test Validate risk and control matrix with SMSs Conduct stakeholder workshops to identify additional pain points Develop dashboards presenting risk assessment outcomes Document executive summary of AML risk assessment findings AML Risk Assessment Program Stakeholder communications Traceability to controls and monitoring and testing plans Planning and program governance Agree on standardized templates and taxonomies Agree on weights for risk factors Develop action plans to address gaps and high risk areas Incorporate audit findings and prior risk assessment findings
  10. 10. The AML risk assessment is central to maintaining a robust AML compliance program. However, many banks face regulatory scrutiny as well as difficulties in executing such a review due to process, data, talent and time constraints. What common challenges do firms face in executing AML risk assessments? Copyright © 2016 Accenture All rights reserved. 10 Limitations with current processes Timeline pressures Limited availability of data  Limited availability of experienced AML talent at scale in local markets.  Over reliance and key- man risk on longstanding AML managers’ experience and subjective analysis.  AML risk assessment perceived as a “tick-box” activity.  Regulators are increasingly demanding more frequent and periodic AML risk assessments.  The time between requesting AML data and completing the risk assessment is often significantly long. This often results in stale or outdated results.  Limited availability of data required to complete the AML risk assessment.  Non-repeatable processes to collect quantitative data.  Limited data granularity impacting the appropriateness and suitability of the data in the AML risk assessment. Resource constraints with competing priorities  AML risk assessment process may not be adequately defined and documented to support robust analysis.  Risk categories and factors not defined or weighted appropriate to the bank.  Complexities and risk in business processes not adequately defined. In light of these and other challenges, financial institutions are looking for better approaches to manage their AML risk assessment programs and deliver repeatable, scalable, and cost efficient execution of AML risk assessments on a cyclical basis.
  11. 11. There are a number of common challenges that impact the effectiveness of an AML risk assessment. Potential solutions to these challenges have been developed via key lessons learned from AML risk assessment programs. How can the common challenges be addressed? 11 Challenges Potential Solutions Timeline pressures  Automate or partially automate risk scoring to facilitate an ongoing view of the bank’s risk profile based on geographies, lines of business, products and services, and customer segments.  Implement data feeds from systems of record to automated tools that perform ongoing risk scoring to reduce elapsed time between data requests and generation of risk assessment results.  Adopt a risk-based approach to scheduling AML risk assessments so that high risk areas are more frequently monitored and reviewed. Resource constraints with competing priorities  Leverage a center of excellence model to reduce resource demands by centralizing repeatable, resource-intensive activities, and implementing a change management process to help schedule AML risk assessments throughout the year without undue demands being placed on line managers.  Require lines of business to assume accountability by formally accepting or presenting detailed plans to mitigate high / critical risk events.  Prioritize the AML risk assessment as an important tool in risk identification and regulatory reporting. Risk culture should be supported by senior leadership, and staffing and budgeting plans should reflect the needs of the AML risk assessment program. Copyright © 2016 Accenture All rights reserved.
  12. 12. There are a number of common challenges that impact the effectiveness of an AML risk assessment. Potential solutions to these challenges have been developed via key lessons learned from AML risk assessment programs. How can the common challenges be addressed? 12 Challenges Potential Solutions Limitations with current processes  Implement the AML risk assessment methodology via a tool (vendor solution or custom build) and create standardization across regions and lines of business. Leverage case management to create additional efficiencies as well as supporting audit and reporting capabilities.  Utilize standardized taxonomies to identify risks and controls and a standard rating scale to determine impact, likelihood, and effectiveness measures. Limited availability of data  Incorporate all available information into the assessment. Firms should leverage internal and external data and compare risk and controls to internal metrics (key performance indicators / key risk indicators).  Develop standard data dictionary that can be consistently used by all stakeholders including the lines of business, Operations, Compliance and Technology.  Recognize the subjective nature of the AML risk assessment, but drive consistency through standardized terminology and the overall assessment process. Copyright © 2016 Accenture All rights reserved.
  13. 13. 13 Copyright © 2016 Accenture All rights reserved. For More Perspectives on AML Accenture Fraud & Financial Blog: – Anti-Money Laundering (AML) Risk Assessment Process • http://fsblog.accenture.com/finance-and-risk/building-a-strong-anti-money- laundering-risk-assessment-process Accenture Point of View: – Reducing the Cost of Anti-Money Laundering • https://www.accenture.com/AMLCompliance – Building a Sustainable Back Secrecy Act and Anti-Money Laundering Program • https://www.accenture.com/us-en/insight-anti-money-laundering-and-bank- secrecy-act
  14. 14. Anti-Money Laundering Risk Assessment Process 14 Copyright © 2016 Accenture All rights reserved. Disclaimer This presentation is intended for general informational purposes only and does not take into account the reader’s specific circumstances, and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this presentation and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals. About Accenture Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 375,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com Accenture, its logo, and High Performance Delivered are trademarks of Accenture.

×