A first-of-its-kind survey on Canadian compliance professionals conducted by Grant Thornton finds significant weaknesses in the AML compliance practices of Canadian companies. The findings reinforce the need for Canadian companies to review and enhance their AML compliance program.
According to a survey of 302 Canadian AML and compliance practitioners, many compliance staff are not consistently visiting their overseas locations and rarely tailor their AML training programs to the specific needs of different groups, particularly their senior management and boards. Jennifer Fiddian-Green, national leader of forensic investigation at Grant Thornton, said the survey marks “the first time that the collective voice of Canadian AML compliance professionals has been captured.”
According to the findings, 56 percent of respondents at companies with multiple locations—branches, agents, or offices—said compliance staff had visited these locations within the last six months, while another 16 percent said they had made visits within the past two years. Almost 27 percent, however, indicated that compliance staff had never visited branch or agent locations.
The frequency of these visits vary by sector. Compliance staff members at MSBs and securities dealers, in particular, are making few—if any—regular visits to other locations. “This can hamper the compliance function’s ability to gauge how well frontline employees understand corporate compliance policies and procedures and their regulatory obligations,” Grant Thornton stated. “To ensure a consistent application of compliance policies across the enterprise, we recommend that compliance officers commit to visiting staff and agents, and reviewing branch operations, on at least an annual basis.”
The report also identified areas for improvement in training. "Few are tailoring their training programs to the needs of specific groups, especially senior management or boards," Grant Thornton stated. "As the regulatory environment becomes more complex and onerous, organizations need to focus on offering more specialized training to help these groups better understand their obligations for assessing risk, setting the entity’s risk tolerance, and implementing policies and procedures to mitigate the identified risks."
The report also found that certain sectors devote more time and resources to their AML compliance programs than others. For example, compliance officers at financial institutions spend over 33 percent of their time exclusively on AML compliance, compared to only 12 percent of credit union respondents. That number drops to seven percent for securities dealers.
Responses also varied by sector when it comes to the frequency with which companies update their risk assessments. For example, while 80 percent of money services business (MSBs) said they’ve updated their risk assessments in the past year, three percent said they’ve never been updated it, or that one doesn’t exist at all. Among securities dealers, 65 percent updated their risk assessment less than one year ago, and a 15 percent said it had never been updated or they don’t have one at all.
Overall, respondents 73 percent of respondents said they’ve updated their risk assessment less than a year ago. Seven percent of organizations continue to rely on a risk assessment that is at least two years old, however, and a “surprising” six percent said they have either never updated their risk assessment or that they have no risk assessment at all, the report stated.
Suspicious Activity Reports
Roughly 40 percent of respondents indicated that, over the last year, their organizations had not submitted any suspicious transaction reports (STRs), and an additional 16 percent of respondents said they had submitted fewer than six, suggesting weaknesses in risk assessment processes. Most respondents (87 percent) said they require staff to report unusual activity, which is reviewed by the compliance department before a suspicious transaction report is submitted.
The report also assesed how regulated entities differentiate between unusual and suspicious transactions. Eleven percent said all unusual activity results in an STR, while 19 percent said the majority (75 percent to 90 percent) of unusual transactions result in an STR. Another 30 percent of respondents said that fewer than 50 percent of their unusual transactions result in an STR.
AML Compliance Role
Forty-seven percent of the organizations surveyed said the compliance officer has final say in AML/ATF risk management, while an additional 28 percent said the compliance officer advises on the course of action, but others make the final decision. In 20 percent of the organizations, responsibility for AML risk management various—between the chief AML officer, the board of directors, or jointly by the CFO and CEO—depending on the specific issue being addressed, according to the report.
The report also indicated that most organizations (75 percent) rely either predominantly or exclusively on their compliance officers to manage AML risk, often with limited senior management or board oversight. “This may represent a regulatory risk, especially as regulators are increasingly holding senior managers and the board to a higher level of accountability when it comes to the oversight of the AML compliance program, conducting AML risk assessments and adhering to related business policies,” Grant Thornton stated.
The majority of respondents (84 percent) said that management views compliance as an important function to mitigate organizational risk, and 74 percent said they are well-supported by management. “This bodes well for entities that continue to face rising and more complex regulatory requirements,” Grant Thornton stated.
“As money laundering and terrorist financing activities become increasingly sophisticated and complex,” Fiddian-Green said, “it is becoming essential for compliance officers to receive the needed support to allocate adequate resources to the issues identified in the survey.”