“There are no secrets to success. It is the result of preparation, hard work, and learning from failure.”

-Colin Powell-


Introduction

Colin Powell once said, “There are no secrets to success. It is the result of preparation, hard work, and learning from failure.” Now that we’ve discussed what did and didn’t work in a work-from-home scenario during the COVID-19 pandemic, and what we will need to get our Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) teams back on track, it’s time we talk about tomorrow. In the third installment of our Looking Beyond COVID-19 series, we will discuss how to outline a plan, building an “A” team, and convincing management/executive management/the Board of our Looking Beyond COVID-19 plan.

Outlining Your Plan

Your plan should be about reaching a goal: returning to, maintaining, or even improving your institution’s overall BSA/AML compliance. Of course, that has always been the goal, but with the recent landscape, that reality may have changed. Much like your policies and procedures, you’ll need to ensure that this “get back to normal” plan speaks to your institution’s risk, and particularly the mitigating controls you can or do implement. The plan should include a plan on addressing the challenges experienced and/or expect to experience once returning to the office completely, which of course should be supported by data – you’re going to have to convince management, which we’ll be getting to soon.

 

For example, how you will manage that increase or decrease in alert/case volume – do you need more or less staff  to review the alerts/cases? Did it create a backlog? Has a backlog developed? Were you able to complete all the required enhanced due diligence (EDD) on the Payroll Protection Program (PPP) loans? Is this likely to be only temporary (i.e. hiring temporary staff) or will it likely be permanent (full-time or part-time hire)? Do you require that they be on-site in order to be managed or can you manage them remotely with remote access, which will be less demanding on your plan (very little overhead here, and possibly more likely to get management’s financial approval). Were any of your Bank Secrecy Act (BSA)/Anti-Money Laundering (AML)/Office of Foreign Assets (OFAC) projects  put on hold, such as an Annual BSA Audit, AML Model Validation, AML Software Tuning Exercise, etc.? If so, when were those projects supposed to be completed, can they run concurrently, and if not, can they get on the calendar to make your goal of the end of the fiscal or calendar year? It is clear that we have lost time on completing BSA/AML/OFAC projects, and depending on how long the situation around COVID-19 lasts, we can lose a quarter of the year or more. We may be faced with determining which projects need to be canceled or delayed, and which can still be completed with outsourced resources. Of course, your plan should cover the needs of your institution specifically with every detail you can provide at this stage in the process.

 

ARC Risk and Compliance Tuning Service can help balance the workload for Case Analysts on your AML system.  We can assist our clients with assessing their rules/profiles and proving statistically what False Positives they should be hitting on each month.  Contact us today to learn more.

 

Building your “A” Team

If you haven’t been already, you should speak with peers at other institutions to see what they’ve experienced, any impacts they’ve felt or challenges they are facing, and how they plan on “getting back on track”. It is of course important to consider how their risk is the same or different from yours (this will help show what is comparable to your experiences), but nonetheless, the information gathered will be helpful later. It’s also a good time to meet with third-party vendors, such as your AML software vendor, regarding what they can do/suggest from a software perspective; and/or an AML consulting vendor to hear how they may be able to augment your staff to get you what you need- whether that be a need for case/alert backlog or AML project management. Further, they’ll be able to work with you on prioritizing your needs and making the most cost-efficient and valuable assistance. Taking advantage of these professional relationships can help understand how others are preparing to return to normal and how third-party vendors can assist in reaching goals.

 

Convincing Management

Finally, we have to convince management of what we need. Remember, a good plan is one that is justified to match the needs. This will be best done using quantitative and analytical data, which we discussed in the first part of this series. They will need to see why you need more or less of something in order to support any decisions. The spend to outsource can save time by not re-assigning internal staff on projects and losing time on whatever they can’t complete or was delayed. Outsourcing can gain efficiencies by using skilled resources to complete the projects that the department needs, such as tuning your AML software, which is a project in streamlining alert/case volume as appropriate. Convey the conversations you had, if applicable, with your regulator back in phase two that could define reasonable extensions to completing BSA/AML requirements. They should understand that certain requirements have been extended, like the Part 504 annual certification date under the Department of Financial Services of New York State, should that apply to you, but it is still necessary to complete by June 1st, 2020.[1] Understanding that we may have a bit more leniency on reviewing a backlog on alerts/cases is one thing, but it’s unlikely that it can take an additional year either. It is common that the regulators often use the word “reasonable”, so be prepared for a “reasonable” extension to completing BSA/AML requirements. Use this, along with your data, to support needs and maintain the institution’s BSA/AML compliance.

 

A “good plan that’s justified to match the needs”, as if the BSA officer says “we needed this done – i.e. AML software tuning. The spend to outsource can save time, by not re-assigning internal staff on projects and losing time on whatever they can’t complete. Outsourcing can gain efficiency in skilled resources completing the projects that the department needs – i.e. tuning your AML software which is a project in streamlining alert/case volume as appropriate.

 

Conclusion
At this point we’ve analyzed data, met with our team, met with AML professionals outside our institution (colleagues, vendors, regulators), laid out our plan, and presented it to management. Hopefully, we have management’s support and are ready for the next steps. In the next part of our series, we will cover the preparation phase of Looking Beyond COVID-19.

 

[1] https://www.dfs.ny.gov/industry_guidance/cybersecurity

TUNING!

The word “Tuning” may bring to mind the idea of tuning an instrument. As we all know, if your instrument is not tuned properly, no one will appreciate all the time and effort the musician puts into playing it.  If … Read More

Key Themes from Consent Orders

Warren Buffett once said, “When people tell me they’ve learned from experience, I tell them the trick is to learn from other people’s experience.” This is true in many areas of life, especially when it comes to BSA Consent Orders. … Read More

All About BSA Risk Assessments

A Brief Summary Oddly, despite its significance in the BSA/AML/CFT/OFAC Compliance universe, the BSA Risk Assessment has no statutory requirement even though it is the foundation of any Compliance Program. As compliance professionals, we construct our transaction monitoring systems, OFAC … Read More

Have I Thought of Everything When It Comes to OFAC?

This is one of those questions that keep OFAC Officers up at night. Due to the complexity of the OFAC sanctions and the scope of application, it is a challenge to create a robust program and think of everything. However, with the potential of fines with even one violation, and the … Read More

Keys to a Successful Examination

Whether we like it or not, regulatory examinations are a fact of life for all banks and bankers. Accommodating examinations from the regulators including the associated costs is something that has been dealt with for decades – some might say … Read More

The Science Behind False Positive Tuning

Introduction How do you know if the thresholds are set correctly in your OFAC (Office of Foreign Assets Control) Sanctions Filtering or BSA (Bank Secrecy Act) Transaction Monitoring system?  That is certainly an important question, and a mystery in the … Read More

Snow Washing: What You Need to Know

What is snow washing? Hint: it has nothing to do with the Ivory Snow Detergent washing powder. Wikipedia tells us that Snow washing refers to hiding illegitimate financial transactions often for purposes of tax evasion in Canada. The term being an … Read More

Robotic Process Automation in AML

The pervasiveness of buzzwords and conversation about new technologies in the banking and financial services industries can be overwhelming and seem daunting. Especially when people, like myself as a technologist, talk about them as if they’re going to change the … Read More

The Science Behind False Positive Tuning

How do you know if the thresholds are set correctly in your OFAC (Office of Foreign Assets Control) Sanctions Filtering or BSA (Bank Secrecy Act) Transaction Monitoring system?  That is certainly an important question, and a mystery in the world … Read More

Compliance Testing

Beyond the regulatory requirements (Federal Financial Institutions Examination Council, 2010), testing is conducting in different departments for different purposes. In the IT department you are focusing on software and system quality, bug identification and integration accuracy. The audit and compliance … Read More

Compliance Monitoring

Compliance monitoring is the continued self-assessment and adherence to policies, procedures, and processes within the compliance program. Due to increased regulatory scrutiny this role is expanding throughout the financial institution industry. Specifically, compliance monitoring is a designated role to review, … Read More

Are You Compliant?

Compliance organizations face challenges on multiple fronts in their efforts to control anti-money laundering (AML) risk. The perpetrators of financial crimes continually seek new ways to circumvent the protections in place, putting the financial institution at reputational and financial risk. … Read More