As regulators continue to press financial companies to beef up anti-money laundering compliance, some are experiencing sticker shock as they consider implementing more extensive AML programs.
By nearly all estimates, AML compliance costs have far surpassed most early assessments made by compliance departments in the financial services industry.
According to a 2014 report by KPMG, 22 percent of respondents say their firms shouldered a 50 percent increase or more in AML costs in the last three years, and 12 percent say their costs more than doubled. Those hikes far exceed expectations. In 2011, when KPMG last conducted the survey, only 8 percent of respondents predicted that AML costs would rise by more than 50 percent in the next three years.
“It's a significant cost for organizations,” Robert Redman, AML risk manager at Citigroup, said in a recent Webcast. And more vigilance means higher costs. Citigroup says it incurs a cost of $30 to $50 for each AML alert it receives, “which is fine on an individual alert basis, but when you consider that we're getting tens of thousands of AML alerts every month, it very quickly adds up,” he said.
KPMG estimates that in the next two to three years, financial institutions globally will be spending more than $10 billion for AML compliance controls.
One of the biggest contributors to increasing AML compliance costs is regulatory change, and it's not only the rules issued overtly by banking regulators. “It's a moving target,” says Teresa Pesce, head of KPMG's AML services for the Americas. She says regulators are communicating expectations for AML compliance in a variety of places. “Firms can no longer simply turn to laws and regulations and printed guidance to determine what their compliance programs should look like.”
The traditional method of guidance and consultation has given way to an increasingly aggressive approach by regulators that includes statements in enforcement notices that create stringent new regulatory expectations, says Brian Dilley, KPMG's global head of AML services. As a result, financial services companies are finding that they have to “go off and do a big remediation exercise and fix something they didn't realize was broken in the first place,” he says.
To reduce the risk of an AML enforcement action, Pesce recommends that compliance officers of financial services companies “keep their ear to the ground” with respect to enforcement actions that are being brought against industry peers. “It's really important to understand how others are handling similar issues,” she says.
Open communication with examiners and regulators is also important for compliance departments to better determine where they should be investing their AML compliance budgets, Pesce adds. Compliance officers need to understand from examiners not only their current expectations, but also where those expectations might be heading in the future, in order to be better equipped to address them, she says.
Bang for the AML Buck
Regulators are not the only force compliance officers have to reckon with. Compliance departments need to get senior management to buy in, literally. “Getting additional resources is increasingly difficult,” said Sean Rodriguez, senior vice president for payments industry outreach for the Federal Reserve Bank of Chicago, who also spoke during the Webcast. “Everyone is doing more with less.”
Still, plenty of companies are finding that harder to do, and upping their investment in AML. The KPMG report found that 78 percent of respondents reported increases in their total investment in AML activity, with 74 percent also predicting further increases in AML investment over the next three years.
With limited resources to work with, however, compliance officers of financial services companies need to give careful consideration as to where to invest their AML budgets to get the biggest bang for their buck.
According to KPMG's report, financial services companies are investing their AML budgets in three main areas:
Monitoring tools and technology. Transaction monitoring systems represented the largest AML investment, cited by 60 percent of survey respondents, with 45 percent using a system developed externally. Nearly one-fourth of respondents used neither.
“When you consider that we're getting tens of thousands of AML alerts every month, it very quickly adds up.”
—Robert Redman,
AML Risk Manager,
Citigroup
Even though financial institutions continue to pour significant amounts of their budget into these systems, satisfaction with current automated monitoring tools continues to decline, as companies look for a solution that reduces the burdens of their compliance departments, rather than adding to it. The main problem reported by respondents to the KPMG survey is that many of these tools don't allow companies to monitor and share customer transactions across businesses and across jurisdictions, which would help centralize the process.
“There is no silver bullet,” Redman said. “There is no one system that can protect you 100 percent from any kind of financial crime.” The only way to learn, he says, is to learn from mistakes of the past, and figure out what not to do the next time.
People are still the first line of defense in the fight against money laundering, with 97 percent of respondents saying that they still rely primarily on people to spot suspicious activity. “You can never fully automate something,” Pesce says. “You always need knowledgeable people.”
Effective training is also important for developing and retaining AML experts as well as ensuring the successful implementation of a robust AML compliance program, Pesce adds. And training shouldn't exclude the highest levels in the company. Financial services firms miss the boat when they don't include their own board of directors in that training.
According to the KPMG report, 62 percent of respondents said their board receives AML training. A knowledgeable board is “an essential component in the successful execution of an AML compliance framework,” the report stated. “Additionally, AML training provides leadership with the ability to better understand and quantify the risks of being exposed to financial crime at both the business and client level.”
AML ACTIVITY
Since KPMG's last survey, the cost of anti-money laundering compliance has steadily increased, showing no signs of slowing down in the near future. The chart below from KPMG's most recent AML survey shows how total investment in AML activity has increased from three years ago.
Source: KPMG.
Know-your-customer due diligence. In the KPMG report, KYC reviews and updates accounted for the second largest AML investment, cited by 59 percent of respondents. Determining what constitutes adequate customer due diligence and when to apply enhanced due diligence, however, continues to pose challenges.
“Most financial institutions are operating with the best intentions in mind, but we need to be careful,” Redman said. “We've seen a lot of sanctions against financial institutions for failure to have effective AML and KYC controls.”
Recruitment. Forty-two percent of respondents listed recruitment as the third largest investment in AML compliance. Citigroup is one of those companies. “Most of our investment is in people,” Redman said.
Recruiting highly skilled individuals, however, remains a challenge. Financial services firms right now are “finding themselves in a war for talent,” Pesce says.
“The way the market is at the moment, there aren't enough [skilled] people to go around,” Redman said. The pace of change and the demands from regulators are happening much more quickly than the market can keep up with, he says.
Before a financial services company invests in any sort of resources, be it technology or people, Pesce recommends first conducting a cost-benefit analysis to determine where to apply those resources. “They need to understand where the risks are, where the gaps are,” she says. “They need to ensure that they dedicate resources to those places where the risks are greater.”
In some cases, a financial services company may decide to exit a business relationship, a certain jurisdiction, or a product line if they determine the risk is too great. “That's an analysis that firms need to take now,” Pesce says. “If they're not prepared to dedicate the right amount of resources to something that would cover the risks, then they should contemplate perhaps moving out of that risk area.”
No comments yet