financial services maturity model 24 october/parallel... · 2013-10-23 · financial services...
TRANSCRIPT
Financial Services Maturity Model (FSMM) for Anti-Money Laundering
Overview
Dr. Tom O’Kane
University College Cork
Ireland October 2013
Governance, Risk and Compliance Technology Centre (GRCTC)
• The Governance, Risk and Compliance Technology Centre (GRCTC) is an industry led research and innovation centre hosted by University College Cork (UCC), Ireland
• Our research is focussed on developing a capability maturity model for AML and CFT practices
• UCC Academic Partners
– Tom O’Kane – Tara Casserly – Peadar McCartney
• Industry Partners*
– Citibank – Allied Irish Bank – Bank of Ireland – BAE Systems Detica
2
Governance, Risk and Compliance Technology Centre (GRCTC)
*The centre is open to additional participants
• FATF estimates: ML = 2-5% of global GDP ≡ $1.5 to $3.5 trillion p.a.
• Banks are still falling foul of regulators despite massive AML spending ($5.8bn globally in 2013*).
• So why is this happening?
3
The Money Laundering Problem
* Katkov, N. (2011) ‘Trends in Anti Money Laundering 2011’, Celent Report, http://www.celent.com/reports/trends-anti-money-laundering-2011 **www.bankersaccuity.com/AMLfines
**
Sample Bank Fines for AML Violations ($m) 2009-2012
4
‘Culture will eat Strategy for Breakfast’*
The prevailing strategy is one of focusing on passing compliance audits
It's not enough to have policies… procedures…(and) good intentions…. compliance must be an embedded part of your firm's culture. It is critical that firms establish a strong culture…that guides and reinforces employees as they make decisions. (U.S. SEC, 2003)
Ethical culture is vital to the effectiveness of integrity control measures…(Dutch Central Bank, Dec. 2011)
“In some banks, we found that the dominant culture appeared to undermine the effective implementation of AML policies.” (FSA, June 2011)
“What marks out a good board is its activism in embedding a strong risk culture … Behaviours, not structure.” (Ian Laughlin, Australian PRA, May 2013)
*attributed to Peter Drucker
5
So we need to Change the Culture
Banks must start focusing on embedding a culture of consistently following good processes to do what is ethically correct and making
good AML judgements across the entire organization.
The problem is that existing Compliance models are not designed to embed an ethical Culture of strong and challenging decision making where the spirit of the law is respected as much as the letter of the
law.
By contrast, our model incorporates factors to drive for good AML processes and the embedding of cultural change in a manner that can
be verified.
Our model is the Financial Services Maturity Model for Anti Money Laundering - FSMM(AML)
*attributed to Peter Drucker
• An enterprise wide, collaborative non-adversarial approach
that informs an organization of its AML process strengths and
weaknesses
• It drives for a culture of adherence to both the spirit and letter
of the law
• It can facilitate independent and anonymous peer
benchmarking
• It is not another compliance audit model rather it assesses the
organization’s “capability to be compliant.”
6
The Financial Services Maturity Model (AML) - Key Features
Capability maturity models:
• Describe how an organization can develop its processes from under-performing immature processes that give highly unpredictable results to high performing processes that generate superior results.
• Embed the processes into the DNA of an organization
• Are proven improvement techniques in a diverse range of businesses
7
Capability Maturity Modelling?
Level 1 Process Capability
Level 2 Process Capability
Level 4 Process Capability
Poor or ad hoc process Inconsistently followed Unpredictable results
Basic process Usually followed Fair results
No Established Process Capability
Good process Almost always followed Good results
Excellent process Always followed Outstanding results
Level 3 Process Capability
Very good process Always followed Very good results
8
Audit Models versus Maturity Models
9
FSMM Overview
Process Area
Capability Growth
Implementation
Integration
Forecast Outcomes
Activities: • Functions Performed • Procedures Enacted
Institutionalization Factors: • Principles & Policies • Process Owners • Resources & Funding • Process Training • Verification • Management Review • Measurements & Analytics • Quantitative Management • Process Optimization
Goal Satisfaction
Process Embedding
Cultural Adoption
Process Area Structure and Intent
10
11
What do the Capability Levels mean?
12
Maturity Model Profiles
13
Business Advantages of this Approach
Increasing process capability reduces the possibility of AML infringements and of failing regulatory reviews
Identifies processes where remedial action is required
Reduced AML process variability – consistently doing the right thing
Independent and anonymous Peer Benchmarking
High quality risk management from embedding a risk aware and compliance culture across the organization
14
Embedding a Cultural solution
No amount of technology, no amount of strategy and planning, can ever protect a company 100 % from poor AML judgements if the underlying culture is not consistent with the espoused values
and risk appetite of the organization.
Question: How can excellent compliance outcomes be achieved consistently?
Answer: The FSMM (AML) is a holistic enterprise-wide approach to process improvement. Processes are embedded and become verifiably part of the organizational culture via institutionalization factors that ensure the culture reflects the espoused values and behaviours of the organization.
Thank you very much!
15
The Financial Services Maturity Model (AML)