The Financial Crimes Enforcement Network (FinCEN) earlier this year issued an advisory, FinCEN Bulletin 2014-A007, “Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance,” stressing the need for financial institutions to have a strong culture of anti-money laundering (AML) compliance. A financial institution without such a culture, FinCEN asserts, is likely to have shortcomings in its Bank Secrecy Act/AML compliance program.
FinCEN’s advisory is just one of the latest governmental developments that places tremendous pressure on a bank’s board of directors to focus on AML compliance. The advisory attributes a strong compliance culture to, among other factors, the board of directors’ active support and understanding of the bank’s AML compliance efforts.
The need for a bank’s board of directors to be involved with AML compliance has been emphasized repeatedly in the past year. Recent enforcement actions against all types of banks, from multinational banking organizations to small community banks, have required boards of directors to play a prominent role in understanding and ultimately executing the enforcement action. Many actions have imposed remedial requirements on the board of directors itself to strengthen board oversight of the bank’s AML compliance program.
However, significant fines, compliance costs, and reputational damage from an enforcement action are not the only risks from a deficient AML compliance program. The federal banking agencies have delayed approval of several mergers, acquisitions, and other corporate transactions due to deficiencies in one of the parties’ AML compliance program. If a federal banking agency withholds its approval for a corporate transaction due to AML compliance, the closing for the transaction can be substantially delayed, thereby having the potential to make public in a highly visible fashion the compliance deficiencies as well as any remedial measures being taken by the bank.
All of these reasons demonstrate the importance of AML compliance to a bank and the imperative that the board of directors plays a significant role in overseeing the AML compliance program.
An effective AML compliance program requires significant resources and consists of several key components. The federal banking agencies’ enforcement actions and guidance have emphasized the following components:
- Tone at the top—FinCEN Bulletin 2014-A007 stresses the need for a culture of compliance, and this culture starts with a clear expression from the bank’s board of directors that the bank does not engage in money laundering and terrorist financing and will not tolerate deficiencies in its compliance program.
- Risk assessment—The cornerstone of an AML compliance program is a detailed risk assessment that identifies and measures the various areas of AML risk at the bank. The risk assessment provides insight into the areas of potential exposure to the bank, prioritizes ways to reduce risk within the compliance program, and enables the board of directors to track over time areas of risk and senior management’s implementation of internal controls to reduce risk. An AML risk assessment should be sufficiently detailed, updated periodically, and accessible to functions and business units in the bank with responsibility for AML compliance.
- Monitoring and reporting—Day-to-day AML compliance requires extensive monitoring of transactions for suspicious activity and compliance with reporting obligations. Aside from compliance with these legal requirements, however, daily monitoring and internal reporting help ensure that bank employees not only react appropriately to overtly suspicious activity but also proactively identify circumstances that, although not facially suspicious, warrant further review.
- Independent review—An AML compliance program is required to contain a mechanism for an independent review of the program. Independent review is an essential check on the program and those employees who are responsible for its administration.
- Training—AML training for employees has evolved substantially from its earliest forms as a single presentation made available to all employees on a company intranet page. Training can be customized to the business line or function, include frequent team updates to pass along information quickly and directly, and culminate with a mandatory test that employees must successfully pass.
Boards of directors should have confidence that senior management has taken the necessary steps to implement an effective AML compliance program that includes these components. The potential consequences for AML compliance deficiencies are simply too severe and far-reaching for a board of directors to be passive and not actively engaged with the program.