Risk-Based AML only works if the C-suite agrees what ‘risk’ means
There is a palpable tension that governs most financial crime programs in the United States. Banks build their AML programs on the principle of risk-based compliance. They say it to regulators, write it into policies, and showcase it in governance decks. Yet inside most institutions, the way risk is actually treated often tells a different story.
Ask a compliance officer what the AML program’s mission is, and you’ll get the same answer almost every time: stop financial crime. Ask the C-suite what the institution’s risk appetite is, and you’ll likely hear some variation of make this work, grow responsibly, take smart risks, manage exposure, and keep the business moving. Neither is inherently wrong. But in practice, the distance between those two mindsets is where risk-based AML programs begin to fail.
Related articles
-
OpinionTurning compliance into a competitive advantage in defense tech
For emerging defense tech companies to take full advantage of acquisition reforms and increased funding, they will need to overcome a defining feature of the U.S. defense industry: It is highly regulated, and will likely remain so.
-
OpinionThe rise of the AI compliance officer
As AI reshapes business operations and regulators move quickly, companies increasingly need a dedicated AI compliance officer to ensure ethical, transparent, and accountable deployment.
-
ArticleFrench court calls out alleged deceptive net zero claims by TotalEnergies
Regulators in Europe are focused on punishing energy firms that make deceptive claims on net zero targets, as TotalEnergies recently discovered.
More from Opinion
-
OpinionWho is leading the fight against confidence scams, and who should?
Internet-enabled scams are drawing national attention, with authorities treating them as organized transnational crimes. The FBI says confidence schemes now make up a significant share of online fraud, prompting questions about how the private sector is responding.
-
OpinionWhen stability fails: Why over-optimization creates organizational brittleness
Most organizations would say they value stability. Predictable operations, consistent output, and well-defined processes are generally considered marks of maturity. The assumption is simple: if a system can be made reliable, it becomes resilient.
-
PremiumQ&A with former FCPA Unit chief Charles Duross on the DOJ’s monitorship policy
Compliance Week recently interviewed Charles Duross, former Chief of the DOJ’s Fraud Section’s FCPA Unit, to talk about the Department of Justice’s recently revised monitorship policy.