“There are no secrets to success. It is the result of preparation, hard work, and learning from failure.”

-Colin Powell-

Introduction

Colin Powell once said, “There are no secrets to success. It is the result of preparation, hard work, and learning from failure.” Now that we’ve discussed what did and didn’t work in a work-from-home scenario during the COVID-19 pandemic, and what we will need to get our Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) teams back on track, it’s time we talk about tomorrow. In the third installment of our Looking Beyond COVID-19 series, we will discuss how to outline a plan, building an “A” team, and convincing management/executive management/the Board of our Looking Beyond COVID-19 plan.

Outlining Your Plan

Your plan should be about reaching a goal: returning to, maintaining, or even improving your institution’s overall BSA/AML compliance. Of course, that has always been the goal, but with the recent landscape, that reality may have changed. Much like your policies and procedures, you’ll need to ensure that this “get back to normal” plan speaks to your institution’s risk, and particularly the mitigating controls you can or do implement. The plan should include a plan on addressing the challenges experienced and/or expect to experience once returning to the office completely, which of course should be supported by data – you’re going to have to convince management, which we’ll be getting to soon.

For example, how you will manage that increase or decrease in alert/case volume – do you need more or less staff  to review the alerts/cases? Did it create a backlog? Has a backlog developed? Were you able to complete all the required enhanced due diligence (EDD) on the Payroll Protection Program (PPP) loans? Is this likely to be only temporary (i.e. hiring temporary staff) or will it likely be permanent (full-time or part-time hire)? Do you require that they be on-site in order to be managed or can you manage them remotely with remote access, which will be less demanding on your plan (very little overhead here, and possibly more likely to get management’s financial approval). Were any of your Bank Secrecy Act (BSA)/Anti-Money Laundering (AML)/Office of Foreign Assets (OFAC) projects  put on hold, such as an Annual BSA Audit, AML Model Validation, AML Software Tuning Exercise, etc.? If so, when were those projects supposed to be completed, can they run concurrently, and if not, can they get on the calendar to make your goal of the end of the fiscal or calendar year? It is clear that we have lost time on completing BSA/AML/OFAC projects, and depending on how long the situation around COVID-19 lasts, we can lose a quarter of the year or more. We may be faced with determining which projects need to be canceled or delayed, and which can still be completed with outsourced resources. Of course, your plan should cover the needs of your institution specifically with every detail you can provide at this stage in the process.

ARC Risk and Compliance Tuning Service can help balance the workload for Case Analysts on your AML system.  We can assist our clients with assessing their rules/profiles and proving statistically what False Positives they should be hitting on each month.  Contact us today to learn more.

Building your “A” Team

If you haven’t been already, you should speak with peers at other institutions to see what they’ve experienced, any impacts they’ve felt or challenges they are facing, and how they plan on “getting back on track”. It is of course important to consider how their risk is the same or different from yours (this will help show what is comparable to your experiences), but nonetheless, the information gathered will be helpful later. It’s also a good time to meet with third-party vendors, such as your AML software vendor, regarding what they can do/suggest from a software perspective; and/or an AML consulting vendor to hear how they may be able to augment your staff to get you what you need- whether that be a need for case/alert backlog or AML project management. Further, they’ll be able to work with you on prioritizing your needs and making the most cost-efficient and valuable assistance. Taking advantage of these professional relationships can help understand how others are preparing to return to normal and how third-party vendors can assist in reaching goals.

Convincing Management

Finally, we have to convince management of what we need. Remember, a good plan is one that is justified to match the needs. This will be best done using quantitative and analytical data, which we discussed in the first part of this series. They will need to see why you need more or less of something in order to support any decisions. The spend to outsource can save time by not re-assigning internal staff on projects and losing time on whatever they can’t complete or was delayed. Outsourcing can gain efficiencies by using skilled resources to complete the projects that the department needs, such as tuning your AML software, which is a project in streamlining alert/case volume as appropriate. Convey the conversations you had, if applicable, with your regulator back in phase two that could define reasonable extensions to completing BSA/AML requirements. They should understand that certain requirements have been extended, like the Part 504 annual certification date under the Department of Financial Services of New York State, should that apply to you, but it is still necessary to complete by June 1st, 2020.[1] Understanding that we may have a bit more leniency on reviewing a backlog on alerts/cases is one thing, but it’s unlikely that it can take an additional year either. It is common that the regulators often use the word “reasonable”, so be prepared for a “reasonable” extension to completing BSA/AML requirements. Use this, along with your data, to support needs and maintain the institution’s BSA/AML compliance.

A “good plan that’s justified to match the needs”, as if the BSA officer says “we needed this done – i.e. AML software tuning. The spend to outsource can save time, by not re-assigning internal staff on projects and losing time on whatever they can’t complete. Outsourcing can gain efficiency in skilled resources completing the projects that the department needs – i.e. tuning your AML software which is a project in streamlining alert/case volume as appropriate.

Conclusion
At this point we’ve analyzed data, met with our team, met with AML professionals outside our institution (colleagues, vendors, regulators), laid out our plan, and presented it to management. Hopefully, we have management’s support and are ready for the next steps. In the next part of our series, we will cover the preparation phase of Looking Beyond COVID-19.

[1] https://www.dfs.ny.gov/industry_guidance/cybersecurity