Heightened Risk Standards: Focus on AML/BSA

KPMG Regulatory Insights

• Regulatory Intensity: Expanded AML breadth/depth of supervisory and enforcement actions, regulatory industry AML risk alerts and evolving regulations in areas of BSA, CFT, and KYC/CDD.
• Data Lineage and Quality: Focus on traceability of data at both the customer and transaction level, as well as across business processes.
• Transaction Monitoring: Quality of transaction monitoring and surveillance systems, models, processes, and controls, with expectations for increased effectiveness, strength of underlying models, and innovation.
• Expansion of Threats: Expansion of emerging threats and vulnerabilities (e.g., virtual currencies, sanctions evasion, malware/ransomware, human rights/forced labor, and fraud).
• Skills/Talent Matter: Breadth of skills/talent in day-to-day operations of AML reviews, investigations, and escalations; dynamic assessment of staffing needs.

 __________________________________________________________________________________________________________________________________________________

As part of the heightened risk standards focus, financial institutions are facing increased regulatory scrutiny in the management of Anti-Money Laundering (AML) and Bank Secrecy Act (BSA) risks. It is crucial for these institutions to understand regulatory expectations and requirements to implement robust compliance programs capable of effectively mitigating risks related to financial crime.

Supervision/Enforcement

With the continuous evolution of sophisticated financial crime patterns, regulators are committed to providing guidance and support for institutions to effectively manage and mitigate financial crime risks. Regulatory focus in areas such as AML/BSA/CFT (Countering the Financing of Terrorism), Know Your Customer (KYC)/Customer Due Diligence (CDD), and transactional activity will continue along with attention to continuously assessing risk and implementing risk-based compliance programs.

In addition to heightened supervisory efforts, there is an uptick in AML/BSA enforcement activities with allegations such as:

• Failing to implement/maintain “effective AML programs”
• Violating BSA Customer Identification Program rules
• Having deficient third-party risk management controls
• Engaging in unsafe or unsound practices relating to AML/BSA internal controls and/or sanctions compliance

With each of the above, regulators are looking at heightened expectations in such areas as:

• Data Lineage and Quality: Abilities to demonstrate, and report on, the traceability of data at both the customer and transaction level, as well as across business processes, systems of record, and systems of origin.
• Transaction Monitoring and Other Key Program Elements: The quality of transaction monitoring and surveillance systems, processes, and controls, with expectations for increased accuracy and consistency. Regulatory focus in areas such as AML/BSA/CFT, trading activity, and KYC/CDD and beneficial ownership monitoring will continue along with attention to preparations for implementing risk-based compliance programs in these priority areas.
• Expanded Threats: The adequacy and continual improvement of threat detection, monitoring, and response capabilities, including the reliability of processes (e.g., due diligence, access, safeguards) and coverage of novel and emerging threats and vulnerabilities (e.g., virtual currencies, sanctions evasion, malware/ransomware, human rights/forced labor, detecting organized criminal networks, and fraud).
• Skills/Talent: Core skills/backgrounds of those executing day-to-day AML/BSA reviews, investigations, and escalations.

The following recent regulatory issuances highlight heightened expectations for financial institutions to adhere to AML/BSA/CFT requirements:

New Rulemaking

Further, multiple agencies are anticipated to issue financial crime-related rulemaking proposals this year, which will be influenced in large part by the Anti-Money Laundering Act of 2020 and the Corporate Transparency Act of 2020. (See KPMG Regulatory Alerts here and here).

As outlined in the agencies’ individual regulatory agendas, these rulemakings include proposals by the:

• Federal Banking Agencies: Updates to the BSA compliance program rules to conform to FinCEN rules related to beneficial ownership information and CDD requirements.
• FinCEN:
  • Revisions to Customer Due Diligence Requirements for Financial Institutions (part 3 of 3 beneficial ownership information rulemakings).
  • Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Investment Adsers.
  • National Exam and Supervision Priorities (including AML/CFT risk assessment for all financial institutions and a requirement to include AML/CFT priorities into risk-based systems).