Financial Services Maturity Model (FSMM) for Anti-Money Laundering

Overview

Dr. Tom O’Kane

University College Cork

Ireland October 2013

Governance, Risk and Compliance Technology Centre (GRCTC)

• The Governance, Risk and Compliance Technology Centre (GRCTC) is an industry led research and innovation centre hosted by University College Cork (UCC), Ireland

• Our research is focussed on developing a capability maturity model for AML and CFT practices

• UCC Academic Partners

– Tom O’Kane – Tara Casserly – Peadar McCartney

• Industry Partners*

– Citibank – Allied Irish Bank – Bank of Ireland – BAE Systems Detica

2

Governance, Risk and Compliance Technology Centre (GRCTC)

*The centre is open to additional participants

• FATF estimates: ML = 2-5% of global GDP ≡ $1.5 to $3.5 trillion p.a.

• Banks are still falling foul of regulators despite massive AML spending ($5.8bn globally in 2013*).

• So why is this happening?

3

The Money Laundering Problem

* Katkov, N. (2011) ‘Trends in Anti Money Laundering 2011’, Celent Report, http://www.celent.com/reports/trends-anti-money-laundering-2011 **www.bankersaccuity.com/AMLfines

**

Sample Bank Fines for AML Violations ($m) 2009-2012

4

‘Culture will eat Strategy for Breakfast’*

The prevailing strategy is one of focusing on passing compliance audits

It's not enough to have policies… procedures…(and) good intentions…. compliance must be an embedded part of your firm's culture. It is critical that firms establish a strong culture…that guides and reinforces employees as they make decisions. (U.S. SEC, 2003)

Ethical culture is vital to the effectiveness of integrity control measures…(Dutch Central Bank, Dec. 2011)

“In some banks, we found that the dominant culture appeared to undermine the effective implementation of AML policies.” (FSA, June 2011)

“What marks out a good board is its activism in embedding a strong risk culture … Behaviours, not structure.” (Ian Laughlin, Australian PRA, May 2013)

*attributed to Peter Drucker

5

So we need to Change the Culture

Banks must start focusing on embedding a culture of consistently following good processes to do what is ethically correct and making

good AML judgements across the entire organization.

The problem is that existing Compliance models are not designed to embed an ethical Culture of strong and challenging decision making where the spirit of the law is respected as much as the letter of the

law.

By contrast, our model incorporates factors to drive for good AML processes and the embedding of cultural change in a manner that can

be verified.

Our model is the Financial Services Maturity Model for Anti Money Laundering - FSMM(AML)

*attributed to Peter Drucker

• An enterprise wide, collaborative non-adversarial approach

that informs an organization of its AML process strengths and

weaknesses

• It drives for a culture of adherence to both the spirit and letter

of the law

• It can facilitate independent and anonymous peer

benchmarking

• It is not another compliance audit model rather it assesses the

organization’s “capability to be compliant.”

6

The Financial Services Maturity Model (AML) - Key Features

Capability maturity models:

• Describe how an organization can develop its processes from under-performing immature processes that give highly unpredictable results to high performing processes that generate superior results.

• Embed the processes into the DNA of an organization

• Are proven improvement techniques in a diverse range of businesses

7

Capability Maturity Modelling?

Level 1 Process Capability

Level 2 Process Capability

Level 4 Process Capability

Poor or ad hoc process Inconsistently followed Unpredictable results

Basic process Usually followed Fair results

No Established Process Capability

Good process Almost always followed Good results

Excellent process Always followed Outstanding results

Level 3 Process Capability

Very good process Always followed Very good results

8

Audit Models versus Maturity Models

9

FSMM Overview

Process Area

Capability Growth

Implementation

Integration

Forecast Outcomes

Activities: • Functions Performed • Procedures Enacted

Institutionalization Factors: • Principles & Policies • Process Owners • Resources & Funding • Process Training • Verification • Management Review • Measurements & Analytics • Quantitative Management • Process Optimization

Goal Satisfaction

Process Embedding

Cultural Adoption

Process Area Structure and Intent

10

11

What do the Capability Levels mean?

12

Maturity Model Profiles

13

Business Advantages of this Approach

Increasing process capability reduces the possibility of AML infringements and of failing regulatory reviews

Identifies processes where remedial action is required

Reduced AML process variability – consistently doing the right thing

Independent and anonymous Peer Benchmarking

High quality risk management from embedding a risk aware and compliance culture across the organization

14

Embedding a Cultural solution

No amount of technology, no amount of strategy and planning, can ever protect a company 100 % from poor AML judgements if the underlying culture is not consistent with the espoused values

and risk appetite of the organization.

Question: How can excellent compliance outcomes be achieved consistently?

Answer: The FSMM (AML) is a holistic enterprise-wide approach to process improvement. Processes are embedded and become verifiably part of the organizational culture via institutionalization factors that ensure the culture reflects the espoused values and behaviours of the organization.

Thank you very much!

t.okane@ucc.ie

t.casserly@ucc.ie

p.mccartney@ucc.ie

15

The Financial Services Maturity Model (AML)