SlideShare una empresa de Scribd logo

Quick Reference Guide to BSA/AML Risk Assessment

M
Mayank Johri

BSA/AML Risk Assessment

Datos y análisis
1 de 9
Descargar para leer sin conexión
Quick Reference Guide to BSA/AML Enterprise Risk Assessment By Mayank Johri & Erik De Monte 1 Introduction The AML Risk Assessment is a key pillar in a financial institution’s AML compliance program addressing BSA/AML regulations. The assessment is an essential mechanism to assist management in understanding the institution’s vulnerability to money laundering and terrorist financing including: i. Playing a critical role in the compliance governance structure. ii. Providing transparency of AML risk across businesses, product, and customer. iii. Guiding management to make informed decisions about risk appetite and implementation/prioritization of control efforts, allocation of resources, technology spend, etc. iv. Ensure both internal (i.e. senior management) and external (i.e. regulators) relevant parties are made aware of the key risks, control gaps and remediation efforts. The AML Risk Assessment calculates an aggregate AML risk rating for each line of business (LOB). The aggregate AML risk is a combination of AML risk (inherent risk) and quality of risk management (control effectiveness). The methodology is based on published regulatory guidelines and input from the institution’s AML policy office. In addition to providing insight over the points discussed above, the risk assessment acts as a foundation and an essential driver for all areas within the BSA/AML group for the period following the assessment. The following diagram outlines from a high level the risk assessment approach. Inherent risks are identified and the control environment is analyzed to understand how these risks are being mitigated. What remains is the aggregate, or residual, risk that is to be addressed. Figure 1.1 High Level Approach 2 Challenges Institutions face a myriad of challenges while conducting a risk assessment. Foremost of their challenges being sourcing data from the various LOBs which proves difficult to accomplish in a timely and efficient manner. Management of multiple documents across LOB can be extensive and reliance on LOB resources to perform data validation is time consuming. BSA/AML expertise over data is limited and the process of reviewing, cleaning up and transforming can be an onerous task. Another challenge is setting thresholds and scoring as this process is usually subjective and manual which results in an indefensible methodology to define the institution’s BSA/AML risk. 3 Solution The BSA/AML risk assessment should be considered a collaborative analytics and policy function. Across financial institutions, the acquisition and understanding of the data environment is the area in which the analytics team can act as a bridge for the BSA/AML team. Ideally, management should allocate a dedicated analytics team having BSA/AML risk expertise to take the lead by and collaborate with the policy team. Together, the team can build an automated, robust, and defensible BSA/AML risk assessment.
The investment of time and co-collaboration between Analytics and the policy office to build an automated risk assessment model will alleviate data acquisition pain points and allow the policy office to allocate more time towards their qualitative assessment (as discussed further below). The automation model can be built on a dynamic platform which will be leveraged for all subsequent year assessments. 3.1.1 Automated Data Sourcing and Extraction As discussed above, one of the largest challenges that the BSA/AML group faces is in the first phase of the assessment: data sourcing. The steps below outline the collaborative process that the BSA/AML and dedicated analytics teams can take to move towards a more efficient and technologically supported system: 1) Analytics and BSA/AML gain a collaborative understanding of data required to perform the assessment by building a comprehensive questionnaire. Review prior assessment’s data and understand any challenges that are faced in the procurement process of said data. 2) Analytics and BSA/AML map the questionnaire to data elements in various systems. Consult LOB contacts as needed. 3) Analytics team will utilize knowledge of cross-LOB systems and backend databases to build custom queries and conduct completeness and accuracy test on extracted data. Any data transformation processes which can be automated can be incorporated through data extraction queries as needed. 4) QC and validate queries for across all LOBs. Consult LOB contacts as needed. 5) Engage technical support team and build an ETL structure which allows for targeted and quality data that can be pulled daily, monthly, etc. 6) Build an AML-wide data dictionary. The benefit of building an automated data sourcing process can be seen in the visual below. Time consuming challenges faced due to manual data extraction and validation can be automated by leveraging the Analytics team. The new automated process provides a peace of mind over the data that is sourced and opens up availability for the BSA/AML team to focus on subsequent steps within the risk assessment (i.e. qualitative assessment of inherent risks, control effectiveness, etc.). Figure 3.1.1.1 Data Sourcing Automation
It is important to note the benefit of using this exercise to solidify an AML-wide data dictionary. As the risk assessment not only identifies and drives much of the BSA/AML efforts throughout the year, it also incorporates understanding the customer, product, channels, etc. data which is leveraged by all functions of the BSA/AML department in their various day to day projects. 3.1.2 End to End Automated Solution Included below is the proposed process under the new Analytics driven automation model. The process still follows the structure of a standard risk assessment (Data Sourcing, Inherent Risk, Control Assignment, Threshold and Scoring Analysis, etc.) but now includes automated processes that can be implemented using the co-collaboration of BSA/AML and a dedicated Analytics team. Figure 3.1.2.1 End to End Automated Solution This effort in turn will see the following impact: a) Automate and remove the delegated responsibility of data requests from all LOBs. b) Allow data to be pulled and presented in an already agreed upon and familiar format. c) Eliminate the preliminary data pull and validation process, freeing up more time to allocate to the assessment process. d) Integrate front end forms/repositories (i.e. SharePoint) and automate calculation of scoring based on dynamic and flexible thresholds for flexibility year over year. e) Integrate advanced data visualization tools (i.e. Tableau) for a more dynamic visual UI (i.e. real-time threshold adjustment analysis, etc.).
4 Understanding the Risk Assessment and Additional Automation Opportunities Once data has been acquired, the BSA/AML team works to understand the inherent risks associated with the bank and the effectiveness of the controls in place to calculate what aggregate risk remains. The figure below depicts a high level understanding of the process. Each of these phases is elaborated on in further detail below and includes opportunities in which an analytics team can be leveraged to bring automation to each stage of the process. Figure 4.1 Understanding the Risk Assessment 4.1 Inherent Risk Inherent risk is defined as “the risk absent controls”. This assumes that the quality of the controls in place to mitigate money laundering or sanctions risk never result in an Aggregate Risk that is higher than Inherent Risk. The controls either mitigate or fail to mitigate Inherent Risk. For each line of business the Inherent Risk Rating is comprised of four attributes: Customer Risk, Product and Channel Risk, Geography Risk, and Other Risk. Each will need to be evaluated independently to understand the overall risk that the institution faces. 4.1.1 Customer Risk Customer Risk reviews the overall client landscape of the institution to understand what inherent risk the clients and their distribution poses to the institution. Customer Risk will be determined by reviewing the following attributes: 1. High Risk Customer Type (e.g., PIV’s, PSPs, PICs, cash intensive, etc.) 2. AI Governance 3. AML Subpoena 4. Entity Structure 5. Industry Risk 6. New Customer 7. OFAC 8. Prior SAR 9. Section 312 10. 314a Often times, a pre-existing Customer Risk Rating model can be leveraged, particularly if the model is built to incorporate the aforementioned attributes.
4.1.2 Product and Channel Risk Product and Channel Risk reviews the various products and services offered by the institution and the channels available to the consumer to procure, utilize, and terminate these products. An in depth understanding of financial instruments and the inherent nature of these products is key in assessing the overall risk landscape of the institution given the offered products and channels. Product Risk will be determined by the following attributes: 1. Anonymity in transaction / Difficult to ascertain ultimate beneficiaries 2. Transaction related to the product can result in wire transfers to or from high risk countries 3. Complex product (i.e., involves multiple parties) 4. Involves online account services 5. Unrelated third parties receive disbursements, provide collateral, make payments or receive released collateral 6. Speed of Funds Movement 7. International transactions possible 8. Account floor requirements 9. Transactions in Products can be done with CASH It is important to note here that engagement with the LOB directors or contacts is pinnacle at this step of the assessment, particularly for any new products offered since the last assessment. Assessment of risk should not be based solely on the inherent risk of the financial product/channel alone but also with an understanding of the way in which the client base specific to the institution uses the product/channel. This is where the LOB directors or contacts can be a resource in providing insight on the expected behavior and what risks this poses to the institution as a whole. 4.1.3 Geographic Risk To understand the geographic risk is to understand the geographic impression of the financial institution. Geographic risk will pose a risk if the institution is a regional bank with branches in HIDTA and HIFCA, large institution with operations in high risk countries or an institution with private banking. In addition, geographic risk is particularly important to reassess during each assessment as different geographic areas hold different risk year to year due to changes in economic climates or political shifts (i.e. new regulations). Geographic Risk will be determined by the following attributes: 1. Citizenship 2. NRAs 3. Residence 4. Country of Formation 5. Country of Operations 6. Country of Investment 7. Country of Investors 8. Transactions from/to high/medium/low/domestic destination Additional consideration should be allocated to the anti-bribery and corruption risk assessment which can either be performed as a part of the AML risk assessment or as a supplemental risk assessment, at the discretion of the BSA/AML management. 4.1.4 Other Risks to Consider Additional risks will need to be considered that do not particularly fall into any of the aforementioned risk categories but still contribute to the overall inherent risk that the institution faces. The following are an example of some of additional risks to consider. Relevance will vary based on financial institution. 1. Are there any planned future changes to business units related to staffing in the next year - either business or compliance staff - that could impact the ability to comply with AML and perform AML compliance related tasks? 2. Have there been significant changes in marketplace (geography, customer segments, and competition/expansion), technology (systems), business processes or products within the past year? 3. Are there any dealings with counter parties that may be used to facilitate a transaction or refer a customer? 4. Does the business or technology plans take special consideration to include details surrounding customer, geography, products and system changes?
5. What is the staff turnover for full time personnel? 6. Which channels are used to access the products offered by the business line? 7. Are there plans to grow the business inorganically through Mergers and Acquisitions? 8. Does the business rely on a vendor or a third party to carry out a process or part of a process related to compliance with AML regulations? 4.1.5 Final Calculation of Inherent Risk Once the risks have been fully vetted and quantified (at the discretion of the policy office’s procedures around quantitative assignment), the total of each of the risks are aggregated to numerate the total inherent risk. The policy office will then assess if any weights will need to be applied to any of the risk groups based on the specific financial institution. For example, if there is a considerable number of high risk customers in the population, customer risk will weigh more than other categories. Please note that this inherent risk calculation is performed separately for each LOB. Should the policy office deem it necessary, different weights will be assigned to different LOBs based on those LOB’s specific risk environment. Figure 4.1.5.1 Inherent Risk Calculation 4.2 Control Effectiveness After inherent risk is calculated for each LOB, the assessment continues to understand what controls currently exist to mitigate and address the inherent risks identified. This is performed through interviews with the respective contacts in each of the LOBs. Best practice calls for each LOB to upload all the supporting documentation on controls in a shared repository such as a SharePoint site. As needed, internal audit may be engaged at this step to provide any documentation that they hold in their repositories that would prove relevant to the assessment. The BSA/AML team then reviews the control documentation provided for each inherent risk identified. After understanding the control in place and the impact it has against the inherent risk, the BSA/AML team measures the effectiveness of the controls and each control is given a numerical value. Similar to the calculation for the inherent risk, depending on the prominence and how extensive a control is may require that a weight be applied in the calculation at the discretion of the policy office. 4.2.1 Factors and Determination Below is a table that outlines factors related to the control effectiveness of a financial institution. Included in the table are the various factors that the BSA/AML team will inquire with each LOB about and the expected documentation that would assist in the determination of the control effectiveness.
Factors Proposed Weight Determination Oversight/Culture, AML Corporate Governance/Organization xx% Culture of compliance from management, with clear roles, responsibilities, and reporting lines; number of FTEs or equivalents and skill levels Training & Staffing xx% AML training for all staff, including performance reviews IT Tools & Information Systems/Management Information/Management Reporting Record Keeping and Retention xx% Transaction monitoring systems, data platforms, systems integration Policies & Procedures / Quality Assurance/Independent Testing and Oversight (including recent Internal Audit, most recent Compliance Testing or regulatory examination specific to AML policies, procedures, or programs or Other Material Findings/Other Risk Assessments) Action Plan items noted during annual risk assessment and Action Plan items are tracked xx% AML policies and procedures, including KRIs and updates based on changes in industry practices and regulatory expectations; KYC adherence; independent monitoring (pre- and post-on boarding) and testing Monitoring/Investigations/Detection and CTR/SAR filing xx% Implementation of policies and procedures; record retention, tracking, and documentation of investigations for CTR and SAR filings Exceptions to policy or obtained approval for any exceptions to policy xx% Approval process for exceptions Know Your Customer (“KYC”); Client Due Diligence (“CDD”); Enhanced Due Diligence (“EDD”) xx% Robust KYC and EDD program FIU’s documented procedures for transaction monitoring and reporting Independent assessment for effectiveness annually xx% Third party validation of process and procedures Internal controls over general ledger suspense, sweep or other concentration accounts used to process customer funds xx% Documented controls of general ledger accounts 4.2.2 Setting Thresholds & Scoring Once inherent risk and control effectiveness assessment have been completed, the policy office will now assess: What constitutes a “high” risk? What constitutes a "moderate" risk? What constitutes a "low" risk? Without established thresholds, the policy office cannot effectively answer these questions. And without the answers to those questions, they cannot effectively determine aggregate risk.
This is where an Analytics team can be leveraged to cluster the data for threshold identification. The basic approach to clustering is to partition objects/observations into several similar subsets. By extracting data and using the clustering functions in a statistically dynamic coding language (such as R, python, etc.) these datasets can be broken down into groups of distinct clusters around one common entity within the dataset (which represents the group). As such, a single data point in a cluster happens to have the minimal average dissimilarity to all other data points assigned to the same cluster. This partition more accurately allows the assignment of a boundary (such as a target threshold to distinguish normal from unusual). Subsequently, thresholds can be set by determining the outliers and the percentile population in this outlier cluster. The advantage of using a statistically dynamic coding language is that as long as the data inputs remain consistent through each year, the same code can be run year after year to automate the threshold identification process. This allows BSA/AML to allocate more time for qualitative analysis as well as provides a defensible model backed by quantitative validation for the threshold selection process. Refer to figure5.2.2.1 below for a visual understanding behind the clustering concept in identification of thresholds for a risk attribute. Figure 4.2.2.1 Clustering and Outlier Identification 4.3 Aggregate Risk Once both the inherent risk and the effectiveness of the internal control environment have been considered, the aggregate risk can be determined. Aggregate risk is the risk that remains after controls are applied to the inherent risk. The aggregate risk rating is used to indicate whether the money laundering risks within each of the line of business are being adequately managed. Illustration of a three (3) tier risk calculation is included in the visual below: Inherent Risks Controls Strength Aggregate Risks Low 90-100% Low 80-89% Moderate <80% High Moderate 90-100% Low 80-89% Moderate <80% High High 90-100% Low
80-89% Moderate <80% High 4.3.1 Aggregate Financial Institution Risk Once aggregate risk has been calculated for each line of business, the BSA/AML team is now able to assess the overall risk for the financial institution at an aggregate level. As discussed in section 5.1.5, the inherent risk is calculated for each line of business using the formula below. Inherent RiskLOBn = (Customer RiskLOBn )(Customer Risk Weight LOBn ) + (Geography RiskLOBn )(Geography Risk Weight LOBn ) + (Products and Channels RiskLOBn )(Products and Channels Risk Weight LOBn ) + (Other RiskLOBn )(Other Risk Weight LOBn ) As discussed in the section above, the Aggregate Risk is calculated by subtracting the control effectiveness score from the inherent risk score for each LOB. Aggregate RiskLOBn = (Inherent RiskLOBn ) − (Control EffectivenessLOBn ) Lastly, the total risk for the financial institution is calculated by aggregating each LOB’s aggregate risk where x is equal the total number of LOBs. Per the policy office’s discretion, a weight can be applied for each of the LOBs. Aggregate Financial Institution Risk = ∑(Aggregate RiskLOBn )(WeightLOBn ) x n=1

Recomendados

Anti-Money Laundering (AML) Risk Assessment Process
Anti-Money Laundering (AML) Risk Assessment ProcessAnti-Money Laundering (AML) Risk Assessment Process
Anti-Money Laundering (AML) Risk Assessment Process
accenture
 
How to conduct an AML risk assessment
How to conduct an AML risk assessmentHow to conduct an AML risk assessment
How to conduct an AML risk assessment
Asia Pacific AML
 
Riskpro - Operational Risk Management
Riskpro - Operational Risk ManagementRiskpro - Operational Risk Management
Riskpro - Operational Risk Management
Manoj Jain
 
Risk based approach
Risk based approachRisk based approach
Risk based approach
Pierre Simon, CCEP-I
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking Sector
Sanjay Kumbhar
 
Fraud Prevention, Detection and Investigation in the Payday Advance Industry
Fraud Prevention, Detection and Investigation in the Payday Advance IndustryFraud Prevention, Detection and Investigation in the Payday Advance Industry
Fraud Prevention, Detection and Investigation in the Payday Advance Industry
DecosimoCPAs
 
Operational risk & incident reporting
Operational risk & incident reportingOperational risk & incident reporting
Operational risk & incident reporting
ShivaLeela Choudary
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management Framework
Treasury Consulting LLP
 

Recomendados

Anti-Money Laundering (AML) Risk Assessment Process
Anti-Money Laundering (AML) Risk Assessment ProcessAnti-Money Laundering (AML) Risk Assessment Process
Anti-Money Laundering (AML) Risk Assessment Process
accenture
 
How to conduct an AML risk assessment
How to conduct an AML risk assessmentHow to conduct an AML risk assessment
How to conduct an AML risk assessment
Asia Pacific AML
 
Riskpro - Operational Risk Management
Riskpro - Operational Risk ManagementRiskpro - Operational Risk Management
Riskpro - Operational Risk Management
Manoj Jain
 
Risk based approach
Risk based approachRisk based approach
Risk based approach
Pierre Simon, CCEP-I
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking Sector
Sanjay Kumbhar
 
Fraud Prevention, Detection and Investigation in the Payday Advance Industry
Fraud Prevention, Detection and Investigation in the Payday Advance IndustryFraud Prevention, Detection and Investigation in the Payday Advance Industry
Fraud Prevention, Detection and Investigation in the Payday Advance Industry
DecosimoCPAs
 
Operational risk & incident reporting
Operational risk & incident reportingOperational risk & incident reporting
Operational risk & incident reporting
ShivaLeela Choudary
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management Framework
Treasury Consulting LLP
 
Operational Risk &amp; Basel Ii
Operational Risk &amp; Basel IiOperational Risk &amp; Basel Ii
Operational Risk &amp; Basel Ii
jhsiddiqi2003
 
ICBC AML Risk-Based Approach (Jan 2011) by Bachir El Nakib
ICBC AML Risk-Based Approach (Jan 2011) by Bachir El NakibICBC AML Risk-Based Approach (Jan 2011) by Bachir El Nakib
ICBC AML Risk-Based Approach (Jan 2011) by Bachir El Nakib
Bachir El-Nakib, CAMS
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
Eneni Oduwole
 
Fraud risk management training - Elsam Management Consultants
Fraud risk management training - Elsam Management ConsultantsFraud risk management training - Elsam Management Consultants
Fraud risk management training - Elsam Management Consultants
EMAC Consulting Group
 
Anti Money Laundering Framework
Anti Money Laundering FrameworkAnti Money Laundering Framework
Anti Money Laundering Framework
nikatmalik
 
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONOPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
Frackson Kathibula-Nyoni
 
Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides
SlideTeam
 
Operational risk management and measurement
Operational risk management and measurementOperational risk management and measurement
Operational risk management and measurement
Rahmat Mulyana
 
Risk Management Lifecycle Process PowerPoint Presentation Slides
Risk Management Lifecycle Process PowerPoint Presentation SlidesRisk Management Lifecycle Process PowerPoint Presentation Slides
Risk Management Lifecycle Process PowerPoint Presentation Slides
SlideTeam
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Management
Asad Hameed
 
Fraud analytics
Fraud analyticsFraud analytics
Fraud analytics
Simran Mondal
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)
Bushra Angbeen
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
alygale
 
Operational risks
Operational risksOperational risks
Operational risks
Rahmat Mulyana
 
operations risk management power point presentation.
operations risk management power point presentation.operations risk management power point presentation.
operations risk management power point presentation.
Miyelani Shibambo
 
Compliance audit
Compliance auditCompliance audit
Compliance audit
Emma Yaks
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk ppt
NehaKamboj10
 
Finance and administration officer performance appraisal
Finance and administration officer performance appraisalFinance and administration officer performance appraisal
Finance and administration officer performance appraisal
benjason22
 
How to make KYC for AML Compliance More Effective
How to make KYC for AML Compliance More EffectiveHow to make KYC for AML Compliance More Effective
How to make KYC for AML Compliance More Effective
Alessa
 
Leveraging Technology and Analytics BSA Risk Assessment
Leveraging Technology and Analytics BSA Risk AssessmentLeveraging Technology and Analytics BSA Risk Assessment
Leveraging Technology and Analytics BSA Risk Assessment
Erik De Monte
 
Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdf
SathishKumar960827
 

Más contenido relacionado

La actualidad más candente

Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
Eneni Oduwole
 
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONOPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
Frackson Kathibula-Nyoni
 
Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides
SlideTeam
 
Risk Management Lifecycle Process PowerPoint Presentation Slides
Risk Management Lifecycle Process PowerPoint Presentation SlidesRisk Management Lifecycle Process PowerPoint Presentation Slides
Risk Management Lifecycle Process PowerPoint Presentation Slides
SlideTeam
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)
Bushra Angbeen
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
alygale
 
operations risk management power point presentation.
operations risk management power point presentation.operations risk management power point presentation.
operations risk management power point presentation.
Miyelani Shibambo
 
How to make KYC for AML Compliance More Effective
How to make KYC for AML Compliance More EffectiveHow to make KYC for AML Compliance More Effective
How to make KYC for AML Compliance More Effective
Alessa
 

La actualidad más candente (20)

Operational Risk &amp; Basel Ii
Operational Risk &amp; Basel IiOperational Risk &amp; Basel Ii
Operational Risk &amp; Basel Ii
 
ICBC AML Risk-Based Approach (Jan 2011) by Bachir El Nakib
ICBC AML Risk-Based Approach (Jan 2011) by Bachir El NakibICBC AML Risk-Based Approach (Jan 2011) by Bachir El Nakib
ICBC AML Risk-Based Approach (Jan 2011) by Bachir El Nakib
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
 
Fraud risk management training - Elsam Management Consultants
Fraud risk management training - Elsam Management ConsultantsFraud risk management training - Elsam Management Consultants
Fraud risk management training - Elsam Management Consultants
 
Anti Money Laundering Framework
Anti Money Laundering FrameworkAnti Money Laundering Framework
Anti Money Laundering Framework
 
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONOPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
 
Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides Risk Management Procedure And Guidelines PowerPoint Presentation Slides
Risk Management Procedure And Guidelines PowerPoint Presentation Slides
 
Operational risk management and measurement
Operational risk management and measurementOperational risk management and measurement
Operational risk management and measurement
 
Risk Management Lifecycle Process PowerPoint Presentation Slides
Risk Management Lifecycle Process PowerPoint Presentation SlidesRisk Management Lifecycle Process PowerPoint Presentation Slides
Risk Management Lifecycle Process PowerPoint Presentation Slides
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Management
 
Fraud analytics
Fraud analyticsFraud analytics
Fraud analytics
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
 
Operational risks
Operational risksOperational risks
Operational risks
 
operations risk management power point presentation.
operations risk management power point presentation.operations risk management power point presentation.
operations risk management power point presentation.
 
Compliance audit
Compliance auditCompliance audit
Compliance audit
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk ppt
 
Finance and administration officer performance appraisal
Finance and administration officer performance appraisalFinance and administration officer performance appraisal
Finance and administration officer performance appraisal
 
How to make KYC for AML Compliance More Effective
How to make KYC for AML Compliance More EffectiveHow to make KYC for AML Compliance More Effective
How to make KYC for AML Compliance More Effective
 

Similar a Quick Reference Guide to BSA/AML Risk Assessment

Leveraging Technology and Analytics BSA Risk Assessment
Leveraging Technology and Analytics BSA Risk AssessmentLeveraging Technology and Analytics BSA Risk Assessment
Leveraging Technology and Analytics BSA Risk Assessment
Erik De Monte
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
Beji Jacob
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
Dion K Hamilton
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™
CPaschal
 

Similar a Quick Reference Guide to BSA/AML Risk Assessment (20)

Leveraging Technology and Analytics BSA Risk Assessment
Leveraging Technology and Analytics BSA Risk AssessmentLeveraging Technology and Analytics BSA Risk Assessment
Leveraging Technology and Analytics BSA Risk Assessment
 
Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdf
 
IA PRESENTATION-4.pptx
IA PRESENTATION-4.pptxIA PRESENTATION-4.pptx
IA PRESENTATION-4.pptx
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
 
Presentation_20110802213554
Presentation_20110802213554Presentation_20110802213554
Presentation_20110802213554
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
 
CTPAT Highway Carriers MSC March 2020.pdf
CTPAT Highway Carriers MSC March 2020.pdfCTPAT Highway Carriers MSC March 2020.pdf
CTPAT Highway Carriers MSC March 2020.pdf
 
Whitepaper-Minimising Customer Impact on Bank Mergers
Whitepaper-Minimising Customer Impact on Bank MergersWhitepaper-Minimising Customer Impact on Bank Mergers
Whitepaper-Minimising Customer Impact on Bank Mergers
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party Risks
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
 
My slides
My slidesMy slides
My slides
 
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore UniversityChapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
 
Risk Based Supervision file
Risk Based Supervision fileRisk Based Supervision file
Risk Based Supervision file
 
case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
 
Best Practices in Model Risk Audit
Best Practices in Model Risk AuditBest Practices in Model Risk Audit
Best Practices in Model Risk Audit
 

Último

Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Delhi Call girls
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
amitlee9823
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
amitlee9823
 
➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...
➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...
➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...
amitlee9823
 
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
amitlee9823
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Delhi Call girls
 
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
amitlee9823
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning Approach
Boston Institute of Analytics
 
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
amitlee9823
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
amitlee9823
 
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
amitlee9823
 

Último (20)

Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Nandini Layout ☎ 7737669865 🥵 Book Your One night Stand
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
 
➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...
➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...
➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...
 
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
 
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
Anomaly detection and data imputation within time series
Anomaly detection and data imputation within time seriesAnomaly detection and data imputation within time series
Anomaly detection and data imputation within time series
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning Approach
 
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
 
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
 
hybrid Seed Production In Chilli & Capsicum.pptx
hybrid Seed Production In Chilli & Capsicum.pptxhybrid Seed Production In Chilli & Capsicum.pptx
hybrid Seed Production In Chilli & Capsicum.pptx
 

Quick Reference Guide to BSA/AML Risk Assessment

  • 1. Quick Reference Guide to BSA/AML Enterprise Risk Assessment By Mayank Johri & Erik De Monte 1 Introduction The AML Risk Assessment is a key pillar in a financial institution’s AML compliance program addressing BSA/AML regulations. The assessment is an essential mechanism to assist management in understanding the institution’s vulnerability to money laundering and terrorist financing including: i. Playing a critical role in the compliance governance structure. ii. Providing transparency of AML risk across businesses, product, and customer. iii. Guiding management to make informed decisions about risk appetite and implementation/prioritization of control efforts, allocation of resources, technology spend, etc. iv. Ensure both internal (i.e. senior management) and external (i.e. regulators) relevant parties are made aware of the key risks, control gaps and remediation efforts. The AML Risk Assessment calculates an aggregate AML risk rating for each line of business (LOB). The aggregate AML risk is a combination of AML risk (inherent risk) and quality of risk management (control effectiveness). The methodology is based on published regulatory guidelines and input from the institution’s AML policy office. In addition to providing insight over the points discussed above, the risk assessment acts as a foundation and an essential driver for all areas within the BSA/AML group for the period following the assessment. The following diagram outlines from a high level the risk assessment approach. Inherent risks are identified and the control environment is analyzed to understand how these risks are being mitigated. What remains is the aggregate, or residual, risk that is to be addressed. Figure 1.1 High Level Approach 2 Challenges Institutions face a myriad of challenges while conducting a risk assessment. Foremost of their challenges being sourcing data from the various LOBs which proves difficult to accomplish in a timely and efficient manner. Management of multiple documents across LOB can be extensive and reliance on LOB resources to perform data validation is time consuming. BSA/AML expertise over data is limited and the process of reviewing, cleaning up and transforming can be an onerous task. Another challenge is setting thresholds and scoring as this process is usually subjective and manual which results in an indefensible methodology to define the institution’s BSA/AML risk. 3 Solution The BSA/AML risk assessment should be considered a collaborative analytics and policy function. Across financial institutions, the acquisition and understanding of the data environment is the area in which the analytics team can act as a bridge for the BSA/AML team. Ideally, management should allocate a dedicated analytics team having BSA/AML risk expertise to take the lead by and collaborate with the policy team. Together, the team can build an automated, robust, and defensible BSA/AML risk assessment.
  • 2. The investment of time and co-collaboration between Analytics and the policy office to build an automated risk assessment model will alleviate data acquisition pain points and allow the policy office to allocate more time towards their qualitative assessment (as discussed further below). The automation model can be built on a dynamic platform which will be leveraged for all subsequent year assessments. 3.1.1 Automated Data Sourcing and Extraction As discussed above, one of the largest challenges that the BSA/AML group faces is in the first phase of the assessment: data sourcing. The steps below outline the collaborative process that the BSA/AML and dedicated analytics teams can take to move towards a more efficient and technologically supported system: 1) Analytics and BSA/AML gain a collaborative understanding of data required to perform the assessment by building a comprehensive questionnaire. Review prior assessment’s data and understand any challenges that are faced in the procurement process of said data. 2) Analytics and BSA/AML map the questionnaire to data elements in various systems. Consult LOB contacts as needed. 3) Analytics team will utilize knowledge of cross-LOB systems and backend databases to build custom queries and conduct completeness and accuracy test on extracted data. Any data transformation processes which can be automated can be incorporated through data extraction queries as needed. 4) QC and validate queries for across all LOBs. Consult LOB contacts as needed. 5) Engage technical support team and build an ETL structure which allows for targeted and quality data that can be pulled daily, monthly, etc. 6) Build an AML-wide data dictionary. The benefit of building an automated data sourcing process can be seen in the visual below. Time consuming challenges faced due to manual data extraction and validation can be automated by leveraging the Analytics team. The new automated process provides a peace of mind over the data that is sourced and opens up availability for the BSA/AML team to focus on subsequent steps within the risk assessment (i.e. qualitative assessment of inherent risks, control effectiveness, etc.). Figure 3.1.1.1 Data Sourcing Automation
  • 3. It is important to note the benefit of using this exercise to solidify an AML-wide data dictionary. As the risk assessment not only identifies and drives much of the BSA/AML efforts throughout the year, it also incorporates understanding the customer, product, channels, etc. data which is leveraged by all functions of the BSA/AML department in their various day to day projects. 3.1.2 End to End Automated Solution Included below is the proposed process under the new Analytics driven automation model. The process still follows the structure of a standard risk assessment (Data Sourcing, Inherent Risk, Control Assignment, Threshold and Scoring Analysis, etc.) but now includes automated processes that can be implemented using the co-collaboration of BSA/AML and a dedicated Analytics team. Figure 3.1.2.1 End to End Automated Solution This effort in turn will see the following impact: a) Automate and remove the delegated responsibility of data requests from all LOBs. b) Allow data to be pulled and presented in an already agreed upon and familiar format. c) Eliminate the preliminary data pull and validation process, freeing up more time to allocate to the assessment process. d) Integrate front end forms/repositories (i.e. SharePoint) and automate calculation of scoring based on dynamic and flexible thresholds for flexibility year over year. e) Integrate advanced data visualization tools (i.e. Tableau) for a more dynamic visual UI (i.e. real-time threshold adjustment analysis, etc.).
  • 4. 4 Understanding the Risk Assessment and Additional Automation Opportunities Once data has been acquired, the BSA/AML team works to understand the inherent risks associated with the bank and the effectiveness of the controls in place to calculate what aggregate risk remains. The figure below depicts a high level understanding of the process. Each of these phases is elaborated on in further detail below and includes opportunities in which an analytics team can be leveraged to bring automation to each stage of the process. Figure 4.1 Understanding the Risk Assessment 4.1 Inherent Risk Inherent risk is defined as “the risk absent controls”. This assumes that the quality of the controls in place to mitigate money laundering or sanctions risk never result in an Aggregate Risk that is higher than Inherent Risk. The controls either mitigate or fail to mitigate Inherent Risk. For each line of business the Inherent Risk Rating is comprised of four attributes: Customer Risk, Product and Channel Risk, Geography Risk, and Other Risk. Each will need to be evaluated independently to understand the overall risk that the institution faces. 4.1.1 Customer Risk Customer Risk reviews the overall client landscape of the institution to understand what inherent risk the clients and their distribution poses to the institution. Customer Risk will be determined by reviewing the following attributes: 1. High Risk Customer Type (e.g., PIV’s, PSPs, PICs, cash intensive, etc.) 2. AI Governance 3. AML Subpoena 4. Entity Structure 5. Industry Risk 6. New Customer 7. OFAC 8. Prior SAR 9. Section 312 10. 314a Often times, a pre-existing Customer Risk Rating model can be leveraged, particularly if the model is built to incorporate the aforementioned attributes.
  • 5. 4.1.2 Product and Channel Risk Product and Channel Risk reviews the various products and services offered by the institution and the channels available to the consumer to procure, utilize, and terminate these products. An in depth understanding of financial instruments and the inherent nature of these products is key in assessing the overall risk landscape of the institution given the offered products and channels. Product Risk will be determined by the following attributes: 1. Anonymity in transaction / Difficult to ascertain ultimate beneficiaries 2. Transaction related to the product can result in wire transfers to or from high risk countries 3. Complex product (i.e., involves multiple parties) 4. Involves online account services 5. Unrelated third parties receive disbursements, provide collateral, make payments or receive released collateral 6. Speed of Funds Movement 7. International transactions possible 8. Account floor requirements 9. Transactions in Products can be done with CASH It is important to note here that engagement with the LOB directors or contacts is pinnacle at this step of the assessment, particularly for any new products offered since the last assessment. Assessment of risk should not be based solely on the inherent risk of the financial product/channel alone but also with an understanding of the way in which the client base specific to the institution uses the product/channel. This is where the LOB directors or contacts can be a resource in providing insight on the expected behavior and what risks this poses to the institution as a whole. 4.1.3 Geographic Risk To understand the geographic risk is to understand the geographic impression of the financial institution. Geographic risk will pose a risk if the institution is a regional bank with branches in HIDTA and HIFCA, large institution with operations in high risk countries or an institution with private banking. In addition, geographic risk is particularly important to reassess during each assessment as different geographic areas hold different risk year to year due to changes in economic climates or political shifts (i.e. new regulations). Geographic Risk will be determined by the following attributes: 1. Citizenship 2. NRAs 3. Residence 4. Country of Formation 5. Country of Operations 6. Country of Investment 7. Country of Investors 8. Transactions from/to high/medium/low/domestic destination Additional consideration should be allocated to the anti-bribery and corruption risk assessment which can either be performed as a part of the AML risk assessment or as a supplemental risk assessment, at the discretion of the BSA/AML management. 4.1.4 Other Risks to Consider Additional risks will need to be considered that do not particularly fall into any of the aforementioned risk categories but still contribute to the overall inherent risk that the institution faces. The following are an example of some of additional risks to consider. Relevance will vary based on financial institution. 1. Are there any planned future changes to business units related to staffing in the next year - either business or compliance staff - that could impact the ability to comply with AML and perform AML compliance related tasks? 2. Have there been significant changes in marketplace (geography, customer segments, and competition/expansion), technology (systems), business processes or products within the past year? 3. Are there any dealings with counter parties that may be used to facilitate a transaction or refer a customer? 4. Does the business or technology plans take special consideration to include details surrounding customer, geography, products and system changes?
  • 6. 5. What is the staff turnover for full time personnel? 6. Which channels are used to access the products offered by the business line? 7. Are there plans to grow the business inorganically through Mergers and Acquisitions? 8. Does the business rely on a vendor or a third party to carry out a process or part of a process related to compliance with AML regulations? 4.1.5 Final Calculation of Inherent Risk Once the risks have been fully vetted and quantified (at the discretion of the policy office’s procedures around quantitative assignment), the total of each of the risks are aggregated to numerate the total inherent risk. The policy office will then assess if any weights will need to be applied to any of the risk groups based on the specific financial institution. For example, if there is a considerable number of high risk customers in the population, customer risk will weigh more than other categories. Please note that this inherent risk calculation is performed separately for each LOB. Should the policy office deem it necessary, different weights will be assigned to different LOBs based on those LOB’s specific risk environment. Figure 4.1.5.1 Inherent Risk Calculation 4.2 Control Effectiveness After inherent risk is calculated for each LOB, the assessment continues to understand what controls currently exist to mitigate and address the inherent risks identified. This is performed through interviews with the respective contacts in each of the LOBs. Best practice calls for each LOB to upload all the supporting documentation on controls in a shared repository such as a SharePoint site. As needed, internal audit may be engaged at this step to provide any documentation that they hold in their repositories that would prove relevant to the assessment. The BSA/AML team then reviews the control documentation provided for each inherent risk identified. After understanding the control in place and the impact it has against the inherent risk, the BSA/AML team measures the effectiveness of the controls and each control is given a numerical value. Similar to the calculation for the inherent risk, depending on the prominence and how extensive a control is may require that a weight be applied in the calculation at the discretion of the policy office. 4.2.1 Factors and Determination Below is a table that outlines factors related to the control effectiveness of a financial institution. Included in the table are the various factors that the BSA/AML team will inquire with each LOB about and the expected documentation that would assist in the determination of the control effectiveness.
  • 7. Factors Proposed Weight Determination Oversight/Culture, AML Corporate Governance/Organization xx% Culture of compliance from management, with clear roles, responsibilities, and reporting lines; number of FTEs or equivalents and skill levels Training & Staffing xx% AML training for all staff, including performance reviews IT Tools & Information Systems/Management Information/Management Reporting Record Keeping and Retention xx% Transaction monitoring systems, data platforms, systems integration Policies & Procedures / Quality Assurance/Independent Testing and Oversight (including recent Internal Audit, most recent Compliance Testing or regulatory examination specific to AML policies, procedures, or programs or Other Material Findings/Other Risk Assessments) Action Plan items noted during annual risk assessment and Action Plan items are tracked xx% AML policies and procedures, including KRIs and updates based on changes in industry practices and regulatory expectations; KYC adherence; independent monitoring (pre- and post-on boarding) and testing Monitoring/Investigations/Detection and CTR/SAR filing xx% Implementation of policies and procedures; record retention, tracking, and documentation of investigations for CTR and SAR filings Exceptions to policy or obtained approval for any exceptions to policy xx% Approval process for exceptions Know Your Customer (“KYC”); Client Due Diligence (“CDD”); Enhanced Due Diligence (“EDD”) xx% Robust KYC and EDD program FIU’s documented procedures for transaction monitoring and reporting Independent assessment for effectiveness annually xx% Third party validation of process and procedures Internal controls over general ledger suspense, sweep or other concentration accounts used to process customer funds xx% Documented controls of general ledger accounts 4.2.2 Setting Thresholds & Scoring Once inherent risk and control effectiveness assessment have been completed, the policy office will now assess: What constitutes a “high” risk? What constitutes a "moderate" risk? What constitutes a "low" risk? Without established thresholds, the policy office cannot effectively answer these questions. And without the answers to those questions, they cannot effectively determine aggregate risk.
  • 8. This is where an Analytics team can be leveraged to cluster the data for threshold identification. The basic approach to clustering is to partition objects/observations into several similar subsets. By extracting data and using the clustering functions in a statistically dynamic coding language (such as R, python, etc.) these datasets can be broken down into groups of distinct clusters around one common entity within the dataset (which represents the group). As such, a single data point in a cluster happens to have the minimal average dissimilarity to all other data points assigned to the same cluster. This partition more accurately allows the assignment of a boundary (such as a target threshold to distinguish normal from unusual). Subsequently, thresholds can be set by determining the outliers and the percentile population in this outlier cluster. The advantage of using a statistically dynamic coding language is that as long as the data inputs remain consistent through each year, the same code can be run year after year to automate the threshold identification process. This allows BSA/AML to allocate more time for qualitative analysis as well as provides a defensible model backed by quantitative validation for the threshold selection process. Refer to figure5.2.2.1 below for a visual understanding behind the clustering concept in identification of thresholds for a risk attribute. Figure 4.2.2.1 Clustering and Outlier Identification 4.3 Aggregate Risk Once both the inherent risk and the effectiveness of the internal control environment have been considered, the aggregate risk can be determined. Aggregate risk is the risk that remains after controls are applied to the inherent risk. The aggregate risk rating is used to indicate whether the money laundering risks within each of the line of business are being adequately managed. Illustration of a three (3) tier risk calculation is included in the visual below: Inherent Risks Controls Strength Aggregate Risks Low 90-100% Low 80-89% Moderate <80% High Moderate 90-100% Low 80-89% Moderate <80% High High 90-100% Low
  • 9. 80-89% Moderate <80% High 4.3.1 Aggregate Financial Institution Risk Once aggregate risk has been calculated for each line of business, the BSA/AML team is now able to assess the overall risk for the financial institution at an aggregate level. As discussed in section 5.1.5, the inherent risk is calculated for each line of business using the formula below. Inherent RiskLOBn = (Customer RiskLOBn )(Customer Risk Weight LOBn ) + (Geography RiskLOBn )(Geography Risk Weight LOBn ) + (Products and Channels RiskLOBn )(Products and Channels Risk Weight LOBn ) + (Other RiskLOBn )(Other Risk Weight LOBn ) As discussed in the section above, the Aggregate Risk is calculated by subtracting the control effectiveness score from the inherent risk score for each LOB. Aggregate RiskLOBn = (Inherent RiskLOBn ) − (Control EffectivenessLOBn ) Lastly, the total risk for the financial institution is calculated by aggregating each LOB’s aggregate risk where x is equal the total number of LOBs. Per the policy office’s discretion, a weight can be applied for each of the LOBs. Aggregate Financial Institution Risk = ∑(Aggregate RiskLOBn )(WeightLOBn ) x n=1