Money Laundering – Has the IA function matured to tackle the risk?

While most financial institutions focus their energies on managing credit, market and operational risks when it comes to risk management, globalization and opening of new markets has brought in new regulatory challenges that need to be managed. One such risk, which is more alarming than others, is money laundering. In spite of regulatory and governmental pressures, management of this risk has been slow/ traditional and not always effective.

While even global banks allegedly not having robust systems and controls to mitigate the risk of money laundering (which in turn could potentially be a link to financing terrorism and other criminal activities). There is confusion over whether banks are managing their money laundering risks effectively – more information based on Government and regulatory reviews may shed some light.

One thing is for sure – money laundering risk is often spoken about but not enough is done to create awareness. Hence, it has risen to the forefront of the Government’s, regulators’ and industry’s focus.

An opportunity to correct the inefficiencies can be gained by answering this question: Has the internal audit (IA) function matured sufficiently to assess and monitor the newer risks affecting the industry?

Reality is that the IA functions have evolved over the past decade from a traditional to more focused approach, keeping in mind the risk profile of the organization. However, in many cases, the coverage does not sufficiently include certain key issues, such as emerging risks related to money laundering and financing terrorism, resulting in a potential “blind spot”. It is therefore imperative that IA functions, especially in the financial services industry, objectively assess the manner in which the money laundering risk is managed. In this direction, independent anti-money laundering (AML) audits or testing need to be undertaken, at least annually.

To be effective, auditors need to be fully trained to reasonably conclude that necessary compliance is adhered to.

Failure to do so may leave the organization open to regulatory criticism, leading to further testing of the program and possibly greater effort on part of the organization to put the house on order.

With the risk landscape constantly changing, as perpetrators find unique money laundering techniques, internal audit programs should consider incorporating the following elements to proactively evaluate the strength of AML measures.

Strong governance: Existence of a well-defined governance structure with adequate oversight by senior team members having defined roles and responsibilities, and an updated policy and procedures document that covers all business departments and products.

Knowledge and skills of employees: Identification of money laundering and transactions involving financing of terrorism is an art, and is significantly dependent on the quality of personnel performing this function. Accordingly, personnel entrusted with it should possess appropriate certification, knowledge and experience.

Further, an environment of continuous learning, training programs and knowledge-sharing sessions within the organization would enable the personnel to be updated with current practices, and keep them alert to risk indications.

Management of alert scenarios: Comprehensive review of alerts from the perspective of coverage (covering all product and businesses) and effectiveness (generating acceptable levels of false positives) would be a good indication of the organization’s ability to identify suspicious transactions.

Timely monitoring and closure of alerts: Generating alerts is only a part of the AML arsenal – reviewing, analyzing, reporting, and finally closing the alerts in a timely manner allows a financial services organization to contribute towards timely detection of money laundering incidents and, where possible, prevention.

Continuous controls monitoring: Early warning indicators are an effective way to stay informed on the risk of money laundering within the organization. Indicators such as increase in suspicious transaction reporting to FIU, regulatory inspection findings, and media report assist in gauging the risk of money laundering from both an external and internal environment perspective.

Cross border data analytics (private banking, remittances and others high risk businesses): Remittances have always concerned regulators. Purpose of the remittance, parties to the transaction, and jurisdictions involved are key indicators that need to be monitored, and tools used to detect money laundering should be appropriately configured.

Internet banking vulnerabilities: proliferation of the Internet across the globe in this digital banking era has had a positive impact in easing communication and transaction flows. However, it brings challenges that, if not appropriately contained, could damage reputations.

Increase in incidents such as hacking and phishing make an organization vulnerable to unwittingly allowing transactions to take place in an unfettered manner, which may take the organization complicit to financing terrorism. Monitoring breaches and performing appropriate system reviews around internet banking enables the organization to plug the risk.

Internal audit can effectively validate these through collaboration with the business units and the compliance function, and assemble a risk-based program that is sound and comprehensive. That way, it can assess whether the institution’s AML mechanism is responsive to its particular risk profile, usually expressed in the risk assessment, and where misalignment is observed, recommend that corrective action be taken.

By collaborating as a strategic business advisor and enlisting the support of all stakeholders, internal audit can contribute towards institutional compliance with regulatory obligations, and better managing of potential money laundering risks, and the corresponding reputation loss.

Leave a Reply

Your email address will not be published. Required fields are marked *