Risk-Based AML only works if the C-suite agrees what ‘risk’ means
There is a palpable tension that governs most financial crime programs in the United States. Banks build their AML programs on the principle of risk-based compliance. They say it to regulators, write it into policies, and showcase it in governance decks. Yet inside most institutions, the way risk is actually treated often tells a different story.
Ask a compliance officer what the AML program’s mission is, and you’ll get the same answer almost every time: stop financial crime. Ask the C-suite what the institution’s risk appetite is, and you’ll likely hear some variation of make this work, grow responsibly, take smart risks, manage exposure, and keep the business moving. Neither is inherently wrong. But in practice, the distance between those two mindsets is where risk-based AML programs begin to fail.
Related articles
-
OpinionThe CFO, AI, and the New Compliance Frontier
As CFOs use AI to streamline operations, they face new compliance risks tied to accountability and algorithmic governance. CCOs must work with them to ensure transparency and oversight throughout adoption.
-
OpinionThe Compliance - Audit gap in ESG and financial reporting
ESG reporting has moved from a voluntary PR exercise to an expectation for regulators and investors, but the compliance audit gap now threatens credibility.
-
ArticleHow to promote a positive compliance culture – and why behavior matters.
No matter what compliance managers do, people continue to disregard rules. Sandro Boeri, president of the U.K.’s Chartered Institute of Internal Auditors, says a new mandatory standard for internal audit teams can help.
More from Opinion
-
PremiumQ&A with Olga Kozak-Anlar of Robinhood Markets
Compliance Week Editor-in-Chief Aaron Nicodemus recently interviewed Olga Kozak-Anlar, Compliance AI Lead at Robinhood Markets Incorporated, about her role at Robinhood and the company’s use of AI.
-
OpinionBeyond the Binder: Policy governance in practice
Most compliance professionals have faced it: a regulator or client requests a policy, and several slightly different “final” versions appear. The issue often stems from reactive, siloed work without a unified governance framework.
-
OpinionWhat compliance can learn from a 95 percent AI pilot failure rate
Compliance professionals have long known that systems fail when governance does. An MIT study’s finding that 95 percent of enterprise artificial intelligence (AI) pilots fail underscores how essential compliance-grade discipline is to the success of emerging technologies.