IMAG has created the AML and BSA compliance policies, programs and organizational structure for many US and global financial institutions. We have also assisted many financial institutions in remediating adverse regulatory orders related to compliance programs and compliance risk management.
Regulatory order remediation poses many different challenges. Many regulatory actions require an independent, qualified review or remediation of a compliance program or area. Moreover, compliance teams which are required to remediate program elements often lack the time to effectively handle day to day activities while overseeing or working on remediation teams. Many times, the remediation must be handled by outside contractors or from project management officers who do not have deep expertise in the areas subject to remediation.
IMAG has served as the independent, qualified consulting firm for a large number of complex compliance remediation projects. Our independent findings and reports have met all regulatory requirements. In addition, we offer skilled guidance and oversight to project management teams involved in remediation. For project remediation teams, we have acted in various capacities: as the representative of the Compliance Director overseeing the Project Team on a daily basis, as a Senior Advisor to the Project Team or as members of the Team focusing on one or more area of remediation.
Vantage™: METRICS FOR AML/BSA PROGRAM EFFECTIVENSS
The AML world is radically changing. New payment systems (e.g. Bitcoin), new money laundering techniques and terrorist financing threats, a higher degree of regulatory scrutiny and significant enforcement orders have driven the new regulatory requirement for higher standards and sustainability in AML and BSA Compliance programs.
A critical step in meeting these requirements is to enhance and integrate the compliance risk program within the existing compliance program elements. AML and BSA Compliance Programs which correctly incorporate compliance risk are capable of measurement for their effectiveness in detecting, deterring and reporting money laundering. AML Program Effectiveness metrics should tie directly into a top-down AML Risk Appetite Statement. Together, Program Effectiveness metrics, measured against an institution’s Risk Appetite, demonstrates that the Board, Senior Management, the business lines and the Compliance area have created a sustainable, risk based program which effectively manages and controls the institution’s AML and BSA risk.
Adopting a more quantitative risk based approach to measure AML Program Effectiveness requires enhancements to many Compliance risk management programs. For many institutions, “effectiveness” is determined by qualitative and subjective assessments coupled with some level of statistics. Now, more is required. AML and BSA Program Effectiveness requires the development of key metrics, statistics and analytics utilizing the institution’s data. Developing such an approach to AML risk presents a significant challenge to compliance programs of all sizes.
IMAG provides the solution with VantageTM. Vantage is a compliance risk service offering designed to assist clients enhance their current Compliance risk management programs in order to develop a metrics driven approach to AML and BSA Compliance Program Effectiveness. The Vantage service offering utilizes industry accepted risk methodologies and includes:
- Setting appropriate AML Risk Appetite based on customer’s business model, target customers, product offerings, delivery platforms and geography;
- Risk identification and assessment in program design, control execution quality and sustainability;
- Enhancing risk measurement methodologies, control effectiveness monitoring and measurement tools and processes, including process review, development of ongoing and predictive Key Risk and Performance Indicators, control effectiveness analysis, root cause analysis, required actions, etc.;
- Creating dynamic programs by enhancing risk monitoring systems and platforms, identifying key risks to be incorporated in a data repository, automating the ongoing risk update process, and creating management information and Effectiveness Dashboards;
- Recommending key compliance risk methodologies which should be subject to model validation.
Institutions which adopt a risk and metrics based approach will see significant AML and BSA compliance program benefit. The compliance program can be measured and managed from the top-down for EFFECTIVENESS which will have a positive effect at all levels of the organization:
- The Board will have a top level dashboard based on metrics, analytics and hard data to correlate AML risk against the Risk Appetite. In this way, the Board can fulfill its oversight responsibility regarding reputation and compliance risk over business, products, customers, delivery platforms and the AML program;
- Senior management will better understand AML Compliance risk against the institution’s Risk Appetite and can make informed decisions on business and compliance risk, cost and budget;
- Business lines will have greater awareness of the correlation between their products and services and true levels of AML risk. This will enable the business areas to fulfill their role as a “First Line of Defense” against money laundering;
- Compliance training will be more focused and effective as it can be better directed to business, products and control which are areas of critical concern;
- Compliance and AML Officers will be able to understand and manage the effectiveness of the AML program in order to target remediation or enhancements on those AML Program elements and controls which render the Program less effective. The AML Director will be able to utilize predictive metrics to understand required changes to the AML Program as business, products, markets and customers change. Instead of continuing a seemingly endless and costly cycle of broad, overall program remediation, the AML Director will have risk and metric based support for more targeted program remediation;
- Audit and regulators will be able to test the Program’s risk based metrics and analytics, demonstrating that the institution understands and manages its AML risk via the effectiveness and sustainability of its AML program. This will avoid significant reputation risk, work and cost entailed in failing to meet the new regulatory standards.
IMAG’s Enterprise Compliance Risk Management team is skilled in guiding and developing a risk based, metrics approach to AML and BSA Program effectiveness for any size compliance program and financial institution.
OFAC and GLOBAL SANCTIONS PROGRAMS
The large fines for OFAC and Global Sanctions issues continue at a record pace. It’s clear that the regulators and law enforcement have taken a skyrocketing interest in these programs. Compliance with OFAC and global sanctions will soon become one of the most important aspects of the global financial crimes program. OFAC and sanctions programs have many areas where problems arise. The most recent sanction orders have been extremely complex to interpret and implement. Many OFAC programs are not designed to screen all types of payment messages and advices or don’t cover all business, product lines and transactions. Some programs rely on filters and releases which have not been updated. Coordination with global sanctions programs is highly complex and may have significant gaps. Few OFAC programs have applied model validation to their risk methodologies. Reporting violations are significant. Training is often inadequate and does not reach all audiences. The list goes on.
IMAG is expert at reviewing and remediating OFAC and global sanctions programs. We cover all of the key topics such as OFAC risk analysis, policy interpretation, screening methodologies, operational integration, reporting, recordkeeping, policies and procedures. We also review “hot button” regulatory examination issues such as: the effectiveness of SAR reporting, recordkeeping and retrieval; escalation procedures; policy and procedure updates; responding to audit and examination findings; templates for risk assessment and assistance in voluntary disclosure declarations.
OPERATIONAL RISK, OPERATIONS MANAGEMENT AND INTERNAL CONTROLS
Many Compliance Programs succeed on paper but do not meet required standards on execution. The problem often lies in the main components of Operational Risk: People, Process and Systems. IMAG understands the interrelationship between Compliance, Operational Risk and Operations Process. We ensure that our compliance risk consulting solutions take full account of operational risk management, process management (e.g. COOLMaps) and internal control components. Many of our senior compliance consultants are expert in various areas of Operational Risk and Operations Management. In addition, we have specialized consulting strength in the areas of Enterprise Risk, Operational Risk, Business Continuity and Disaster Recovery, Operations, Operations Management and internal controls, Technology and Systems Risk.