Don’t Forget Your Umbrella: How to Protect Your Bank From Financial Crimes
Brought to you by KPMG LLP
With banks of all sizes facing significant challenges in the management of financial crime risk, senior management and bank board members need an unambiguous understanding of the strengths and weaknesses of their organizations’ financial crime compliance strategy.
The escalation of mobile banking, the burgeoning role of fintech in banking and the spread of cybercrime are only a few of the key reasons for banks to establish a process that views financial crime risks in the aggregate—under one umbrella. Further, in our view, directors must have a firm grasp with respect to how the program has been designed and implemented.
An integrated view of financial crime compliance risk can give board members a sense of confidence that management has a robust financial crime compliance program in place. A view of issues in the aggregate provides management the ability to understand the entirety of the financial crimes landscape at their firm.
At their core, these programs require a dynamic and agile mindset at the board level. Directors must possess a level of confidence that management has established a strategic, well considered approach to detecting, preventing and reporting financial crime. A carefully managed, well designed, and integrated plan can also create considerable governance benefits across internal silos.
For banks currently without an integrated plan, the creation of such a plan requires:
- A strategic vision of a future program that engages senior management in the first line of defense (lines of businesses and operations) in the design of the vision—and has buy-in by the entire board.
- The integration of teams that in the past have approached such risks in a separate manner, such as compliance programs for anti-money laundering, anti-bribery and corruption, and Office of Foreign Assets Controls.
- A vision for how to change or enhance the bank’s information technology (IT) infrastructure.
- The designation of an individual as the bank’s financial crimes compliance officer.
Building an integrated financial crimes program under an umbrella structure presents opportunities for collaboration, improved data aggregation and analytics capabilities, heightened board awareness of the bank’s control environment, and the possibility of cost savings and enhanced regulatory compliance.
The establishment of a centralized financial crimes compliance unit, however, requires a multi-faceted approach. Employee roles and responsibilities will likely shift, policies and procedures many need to be consolidated to reflect the new approach, and compliance reporting mechanisms and IT responsibilities will be altered.
Recognizing that the landscape will shift, we offer a roadmap to an integrated financial crimes compliance program. Here’s a synopsis of our five-step plan for your board’s consideration:
- Compliance leaders recognize the importance of cultivating partnerships with business-unit leaders across the bank—as well as their internal audit teams. Thus, building a cross-functional working team is a must across the bank’s “three lines of defense:” the front office and lines of business, the support functions such as compliance and finally, audit. These members should consider perceived benefits, anticipated costs and potential obstacles. Dialogue and trust is essential.
- The team should strive to gain a clear view of the bank’s current risk management efforts and assess the underlying financial crimes risks. Too many institutions stumble at this stage by adopting models that may work for larger or more-regulated institutions, or conversely for smaller institutions with a different product mix or jurisdictional presence.
- The cross-functional team should draft a working plan for the centralized compliance unit, and the team should provide the draft plan, which would include the recommended step-by-step approach to establishing the unit, to board members and executive leadership for review. The plan would identify the individuals who will design and roll out the changes, the governance and oversight structure of the transformation program, and the unit’s staffing model.
- Perhaps as much as any these steps, clear and frequent communication to bank personnel about the program’s intentions, benefits and impacts is vital. Board members should be satisfied that management has established a plan for the timing and cadence of communications, has identified which audience will be targeted at each step, and has created specific messages to the bank staff regarding why the establishment of the unit is necessary and how it will benefit the organization.
- Once the bank has embedded its Financial Crimes Compliance Program, management must be certain that monitoring and testing mechanisms are working continuously, and that the firm is equipped to deal with changes as regulations change or are introduced.
A final reminder is worth noting: The journey is never over. Financial crime compliance risk, as a board agenda item, should be a constant.