how to structure and manage an effective compliance...
TRANSCRIPT
Building Capacity & Competency
ACAMS 2018 ©
How to Structure and
Manage an Effective
Compliance Function
13 November 2018
Cinnamon Grand Colombo - Oak Room
Speaker
Dr. William Scott Grob, CAMS, AML Director, ACAMS ASP
Building Capacity & Competency
ACAMS 2018 ©2
Agenda
Driving for Effectiveness
Basic Elements
Testing & Assurance
Training & Development
Observations
The Last Word
Building Capacity & Competency
ACAMS 2018 ©3
FATF/APG has put an emphasis on effectiveness in addition to technical
compliance
Effectiveness Finding
Technical Compliance Findings in relation to the Recommendations
Source: Sri Lanka FUR 2018, p.3-4
Building Capacity & Competency
ACAMS 2018 ©
FCA fines and imposes a restriction on Canara
Bank for anti-money laundering systems failings
https://www.fca.org.uk/news/press-releases/fca-fines-and-imposes-restriction-canara-bank-anti-
money-laundering-systems-failings
Financial services firms are required to maintain robust anti-money laundering
(AML) systems and controls since they are at risk from those seeking to
launder the proceeds of crime or to finance terrorism.
Between 26 November 2012 and 29 January 2016, Canara failed to maintain
adequate AML systems and was unable to take sufficient steps to remedy
identified weaknesses, despite having been notified of shortcomings in its
AML systems and controls.
Specifically, the FCA found that Canara failed to maintain adequate systems
and controls to manage the risk of money laundering. These failures were
systemic and affected almost all levels of its business and governance
structure including (1) Senior Management; (2) Governance / Oversight; (3)
three Lines of Defense; (4) Money laundering reporting function; and (5)
AML systems and controls.
Example
20Source:
Building Capacity & Competency
ACAMS 2018 ©5
How do you make a Compliance Function more effective?
Building Capacity & Competency
ACAMS 2018 ©
The Basic Elements of aCompliance Program
Internal Policies, Procedures & Controls
Chief Compliance Officer & Function
Training, Competency, &
Building Oversight
Testing, Assurance, & Auditing
Governance and Oversight
Transaction & Sanction Monitoring
KYC, CDD and EDD activities
5
Building Capacity & Competency
ACAMS 2018 ©
Regulatory Controls and Policies
Monitoring & Investigations
Training & Competency Building
Assurance & Testing
Chief Compliance Officer
Transaction &
Sanction Monitoring
KYC, CDD and EDD
activities
Testing 1st and 2nd
Line Effectiveness
Licensing and building
competency in roles
Collaborating with the Business and
regulator(s) to drive efficient and
effective application of policy
Detecting and reporting activities to
management and regulator(s) in a timely
and competent manner
Sampling activity to ensure it conforms to policy and reporting to Management and
business of incomplete application.
Building capacity and competency
across all three lines of business
6
Building Capacity & Competency
ACAMS 2018 ©
Risk Assessment
Risk Identification
Risk Analysis
Risk Management
Risk Monitoring
Risk
Assessment
Methodology
Likelihood
Impact
Risk Outcome
Policies
Procedures
Systems
Controls
Deficiencies & Gaps
MSIIs
Action Plan
Assurance & Audit
Lines of Business
Geography
Customers
Products, Services,
Transactions
Overview of the Process
8
Building Capacity & Competency
ACAMS 2018 ©
Testing & Assurance
8
Building Capacity & Competency
ACAMS 2018 ©
Assurance Function
9
Risk Based ModelAssurance Reviews examine -
Countries
Entities
Businesses
1st and 2nd Line Process (such
as KYC files, CDD process,
Transactional and Sanction
alerts, STR filings)
Progress updates
Sample Testing
Scope
Analysis Report
Management &
Business
Feedback
Building Capacity & Competency
ACAMS 2018 ©
Tone from the Top
10
Board & Audit Committee
(& EXCO)
Senior & Middle Management
(EWRA Operations Committee)
Operational Staff
How effective is the AML programme
Identify gaps
Push 1st Line adoption
Monitoring 2nd Line efficiency
Using 3rd Line to identify issues
1st Line 2nd Line 3rd Line
Strategic vs tactical efforts
Align priorities
Determine resourcing
Typologies
Transactional & Customer Data
Tools, processes, and policies
COO CCO
Building Capacity & Competency
ACAMS 2018 ©
An engaged Board of Directors and Audit Committee
An Approach that cover all Three Lines of Defence
A robust Enterprise-wide Risk Assessment
Supervision that incorporates Testing & Assurance
A comprehensive Mitigation Plan that addressing ML and CT
risks
Fit and Competent person in the compliance function
An integrated approach linking People & Systems
Maker – Checker rules
Training and Guidance aimed a capacity and competency
building
KYC, CDD, Transactional Monitoring that adopt a risk-based
approach
Attributes of an effective Compliance Function?
11
Building Capacity & Competency
ACAMS 2018 ©
Success Story
20122017
HSBC enters Deferred
Prosecution Agreement
12
Launch Global
Standards
Realignment of FCC
function, businesses &
functions
Remediation
The journey …
Building Capacity & Competency
ACAMS 2018 ©
Training & Development
13
Building Capacity & Competency
ACAMS 2018 ©
Competency Testing
Hong Kong – Enhanced Competency Framework serves to:
“to develop a sustainable talent pool of AML/CFT practitioners for meeting
the workforce demand in this sector; and
to raise and maintain the professional competence of AML/CFT
practitioners in the banking industry.”
Core Professional
Source: https://www.hkib.org/en/training-examinations/ecf/aml-cft
50-60 Multiple-choice Type Questions
(MCQ) + Essay Questions80 Multiple-choice Type Questions
Understand and apply risk
assessment methodology
Conduct customer due diligence /
know-your-customer processes
Implement remediation of
compliance deficiencies
Collect and document for
SAR/STR filings
Develop, review and update AML/CFT
policies, framework and governance with
a risk-based approach,
Propose improvements to the
governance and oversight arrangements
Address deficiencies
Perform in-depth due diligence
investigation
Reassess the risk rating of clients
Knowledge of industry benchmark and
best practices
14
Building Capacity & Competency
ACAMS 2018 ©
Expectations
an accurate understanding of the laws and regulations that apply
to the financial institution and its activities (possibly across multiple
jurisdictions);
develop a deep understanding of the financial institution, its
business activity, and operations;
understand the markets and businesses, including emergent areas
of growth, which a financial institution operates within and may
touch upon;
develop a comprehensive understanding of the financial
institution's customers, products and services, and vulnerabilities;
and
identify areas where conflicts of interest arise or know how to
resolve these issues; and
understand the compliance systems and technology platforms and
policies and procedures act as the mitigation of inherent risks.
Compliance Officers are expected to have:
15
Building Capacity & Competency
ACAMS 2018 ©
InternationalDomestic
Professional
Regulatory
Training & Development
Professional
Development
Banking Act
Virtual Currency &
Blockchain
AML for Fintechs
Trade-Based Money
Laundering
KYC/CDD
Transactional
Monitoring
Counter-Terrorist
Financing (CTF) GDPR and 4 AMLD
FATCA
Sanctions Compliance
Cyber enabled crime
Corporate
Governance
16
Building Capacity & Competency
ACAMS 2018 ©
Observations
18
Building Capacity & Competency
ACAMS 2018 ©
Compliance is an evolving, adaptive field. Compliance officers are
expected to navigate internal and external challenges to make
organizations effective.
The success of a firm’s control environment is heavily dependent on the
knowledge and skill of the compliance professional.
Current and Future Needs
Providing leadership within an organisation;
Understanding the regulations as well as the regulatory and reputational
risks;
Contributing to a culture of compliance within the organisation.
Ensuring that knowledge of the ML/TF risks reasonably faced is
appropriately maintained;
Ensuring they remain abreast of changes in law, regulation and internal
practices;
Ensuring that compliance has an effective program; and
Supporting Governance and Assurance.
Skilled compliance professionals are vital to:
17
Building Capacity & Competency
ACAMS 2018 ©
Driving Effectiveness
Onboarding
Delays
Transactional
Backlogs
Poor Policies A lack of understanding
how to operationalize the
policies
Problems OutcomesResults
Inadequate KYC
Files
Poor STR/SAR filings
Ineffective
procedures
Inability to get First Line to
update files in a timely
manner
Unable to
thoroughly
understand a
customers
behaviour
Long delays in onboarding
lower risk customers
Customer
complaints
FIU
complaints
Poor
responsiveness
Impotent analysis
Poorly written filings
22
Building Capacity & Competency
ACAMS 2018 ©
The Skillset of an Effective AML Professional
• A critical and thoughtful thinker;
• A collaborative but independent decision-maker,
• One that balances the business and compliance
priorities; and
• Provides leadership inside and outside an
organisation.
Includes:
It is about a professional that is creative, adaptive, yet
rigorous. A mind-set that continuously learns, works in cross
functional teams and builds strategic partnerships
23
Building Capacity & Competency
ACAMS 2018 ©
Leadership Should Be Engaged with you
Compliance Should Not Be Compromised By Revenue
Interests, so how will you defend your stance
Challenge Points Should be Shared
Throughout the Organization
Leadership Should Provide Adequate Human and
Technological Resources
The Program Should Be Effective and Tested By an
Independent and Competent Party
The Last Word
24
Building Capacity & Competency
ACAMS 2018 © 25
Building Capacity & Competency
ACAMS 2018 © 26
Building Capacity & Competency
ACAMS 2018 © 27