Navigating AML between Emerging Risks and Regulatory Changes
Current Regulatory Landscape
Regulators have fined financial institutions close to 20 billion dollars for Anti-Money Laundering
(AML) shortcomings and regulatory violations in the last 6 years.
OCC Enforcement Actions against Financial Institutions
(2014 to 2020)
On December 11, 2020, the Senate passed the Anti-Money Laundering (AML) Act of 2020, which
aimed to modernize AML/CFT guidelines by embracing technology and innovation, streamlining
low-value processes, and eliminating obsolete regulations and guidance. This legislation
accomplished its objective by implementing requirements that federal regulators appoint an
Innovation Officer, establish a Bank Secrecy Act Advisory Group subcommittee on innovation and
technology, FinCEN maintain emerging technology experts, and undergo a mandatory financial
technology assessment by the Department of the Treasury.
AMLA’s modernization of AML/CFT
Financial institutions have a crucial role in thwarting money laundering and terrorist financing
infiltrating the financial system. They also face rising pressure to meet their compliance
requirements, with increasing volumes of transactions, outdated technology, and human error.
Additionally, the COVID-19 pandemic has mounted even more pressure on compliance teams to
become more vigilant, as banks seek to quickly mitigate the financial impact of the pandemic
and cybersecurity for remote employees.
Establishing a robust and sound Compliance program is one of the powerful deterrents against
financial crimes; and, when implemented correctly, this program can minimize risk and prevent
regulatory fines. Even though almost all financial institutions have implemented a program that
mitigates exposure to money laundering and terrorist financing, often times these institutions
fall behind with implementing the rapidly changing guidance and requirements by regulatory
bodies. Compliance programs are becoming more complex in order to successfully meet these
changes, incorporating advanced monitoring solutions, artificial intelligence, and empirical
support all the while balancing overhead and resources.
The increase usage of machine learning, emerging technological innovations, and sharper
regulatory scrutiny are driving change in combatting money laundering and terrorist financing.
Where the traditional approach requires extensive manual interaction from humans to monitor
and sift through false positives or true hits, the introduction of machine learning in the AML
space has revolutionized the way financial ecosystems work. Machine learning can be
configured to detect various typologies, trends, and behaviors, in order to track previously
hidden patterns of customer behaviors and transactional activities. When compared to the
traditional approach, machine learning generates lower false positives, reduces overhead, and
decreases low-value manual work.
Both technology companies and financial institutions are actively designing innovative solutions
like machine learning to better assess the riskiness of transacting with high-risk geographical
jurisdictions, identify potentially suspicious movement of funds, and detect anomalous patterns
in the transactions. Financial institutions are also investing in advanced analytics capabilities
using intelligent algorithms that allows to convert raw data into valuable insights. Additionally,
many are adopting new technological solutions for deep-dive analyses and dynamic reports,
and creating new data integration and visualization tools that provide more thorough testing, in
order to better identify trends and aberrations of complex criminal patterns.
Individuals involved in financial crimes and terrorist financing often change their tactics quicker
than the regulators can keep up. The increased usage of online banking, electric payments, and
virtual currencies assist in remitting and legitimizing illegal funds, which pose a threat to
financial institutions in aiding these transactions and risk regulatory fines. There is a constant
need for financial institutions to continuously improve and maintain their monitoring systems to
detect and address suspicious activities in real-time.
Virtual currencies are fairly new, but have integrated into the financial system at lightning speed
since their inception in 2009. However, financial institutions fall behind regulating them, and
criminals benefit from these shortcomings. The Office of the Comptroller of the Currency (OCC)
recently provided a “green signal” for financial institutions to provide fiat bank accounts and
virtual currency custodial services to virtual currency businesses. Institutions serving virtual
currency exchanges can now engage in using new technologies, like independent node
verification networks (INVNs) and stable coins, to perform bank-permissible functions, such as
payment activities, to address risks and risky behavior associated with virtual currency
transactions: advanced technology, geographical risk, transaction size and frequency,
transaction patterns, and source of funds. On January 14, 2021, FinCEN extended the comment
period for a proposed rule aimed at closing anti-money laundering regulatory gaps for certain
convertible virtual currency and digital asset transactions. In order to keep up with
ever-changing technological and regulatory advances, we implement innovative financial
solutions over more traditional ones, but this also adds to financial crimes and/or terrorist
Apart from virtual currencies, marijuana-related businesses (MRBs) is another market that also
is exposed to money laundering. Most MRBs struggle to find a bank willing to provide basic
depositary and other financial services to them. This is due to the curious legal status of
marijuana as a federally prohibited controlled substance, but a legal and highly sought-after
commodity under the laws of most U.S. states. Currently, thirty-five st ates, the District of
Columbia, Guam, and Puerto Rico have all legalized the use of marijuana to some degree.
As most MRBs cannot obtain traditional banking services, these businesses must deal with an
extensive amount of cash. Thus, the associated compliance costs and risks associated with
MRB banking still can be substantial. This poses a fascinating mix of opportunity and risk from
an AML perspective: although MRBs are no longer illegal under federal law, entities must obtain
licenses under a federally sanctioned state law regime.
With the rise of online gambling, the Casino industry is seeing an upward trend in online betting.
More and more states are legalizing online gambling, including Delaware, Michigan, New Jersey,
Pennsylvania, and West Virginia. Social distancing protocols instituted as part of the COVID-19
response have further resulted in building closures and increased the popularity of these online
platforms. While online gaming may be a new digital industry, their compliance responsibilities
are still the same as that of a traditional casino. Casinos have been defined as “financial
institutions” under the BSA since 1985. Casino (online or offline) also must file Suspicious
Activity Reports (SARs) when it knows, suspects, or has reason to suspect that a transaction or
attempted transaction is linked to illicit activity, or when it is simply inexplicable.
There is a plethora of tools currently on the market that provide automated transaction
monitoring and machine learning capabilities. Often, the transaction monitoring program is not
relevant to the overall BSA/AML risks faced by the bank, is outdated, or incorrectly calibrated.
Some reasons for this misalignment are that the transaction monitoring program has not been
revisited or reviewed since its implementation or BSA/AML risk assessment review.
As risk assessments are typically conducted on an annual basis, they are often updated only
when a “major event” occurs, such as a merger or acquisition; exponential growth in a new
market area; introduction of a new product or service; and/or significant changes in the
regulatory environment that could impact a financial institution. A financial institutions’ policies
and procedures, such as the risk assessment, should clearly detail the downstream impact
created by these “major events.”
Changes to a risk assessment should also trigger an independent risk coverage assessment to
be revisited for its applicability, which could further warrant a fresh round of rule scenario tuning
exercises; a coverage assessment is a deep-dive analysis of the conceptual soundness of the
model, a firm’s risk exposure, and risk coverage. The assessment determines if there are any
gaps in coverage that exposes the firm to suspicious activity and/or deficiencies in regulatory
guidance. Some examples of what the assessment reviews includes AML typologies, current
rule scenarios, and coverage for “red flags” listed by the regulators.
Regulators are looking for financial institutions to implement an effective risk-based approach
within their BSA/AML Compliance program, and it is the responsibility for the financial institution
to have sufficient controls when reviewing their overall risk profile on a periodic basis.
Demonstrating that they have thorough knowledge of the risks associated with their products,
geographies, and customers from both a qualitative and quantitative perspective becomes a
priority especially given the dynamic and fast changing environment. This understanding is
fundamental for financial institutions to define and manage an effective BSA/AML program that
limits exposure to risks associated with money laundering and terrorist financing.
Matrix-IFS provides advisory services to some of the largest financial institutions in the
world such as: Deutsche Bank, UBS, Rabo Bank, Mega Bank, Interaudi Bank, and many more.
Here are some of the testimonies we received from our clients:
Matrix-IFS has not only helped global top-tier financial institutions implement and upgrade
their risk, fraud, and compliance solutions, but is a recognized partner of Actimize, Oracle,
SAS, FISERV, BAE Systems, Bottomline, and Pitney Bowes. Additionally, Matrix-IFS
developers also have hands-on experience implementing out-of-the-box rule scenarios and
creating custom rule scenarios that match the customer type and risk profile for these
institutions. As part of every implementation project, the Matrix-IFS engagement team also
creates documentation, conducts user testing, and provides training and knowledge
transfer to the client’s business and technical teams. Matrix-IFS also offers proprietary
tools as additional services that assist with threshold tuning for Actimize and Mantas rule
scenarios, country code tool for improving geolocation on transactional data, and red flags
library for assessing risk coverage. This coverage assessment framework allows for the
easy identification of applicable red flags/typologies based on the products and services
offered, customer types served, and geographies operated in for each financial institution.