On September 10, 2020, the Monetary Authority of Singapore (MAS) issued its “Guidelines on Individual Accountability and Conduct.”1 Effective September 10, 2021, the guidelines focus on the measures financial institutions (FIs) in Singapore should enact to accomplish the following:
- Promoting the individual accountability of senior managers
- Strengthening oversight of material risk personnel
- Reinforcing standards of proper conduct among all employees
Specifically, the guidelines set out the five accountability and conduct outcomes that FIs should achieve and they provide a framework and best practices for strengthening accountability and standards of conduct. For example, an FI’s conduct and culture framework ought to address the following:
“ The standards of conduct expected of all employees, including but not limited to standards on honesty and integrity, due care and diligence, fair dealing (treating customers fairly), management of conflicts of interest, competence and continuous development, adequate risk management and compliance with the applicable laws and regulations.”2
This article discusses how effective anti-money laundering/counter-terrorist financing (AML/CTF) training is an integral part of a bank’s conduct agenda. It also suggests other measures that a bank may adopt as part of its AML/CTF program to demonstrate good conduct and risk culture within its organization.
Effective AML/CTF Training for the First Line of Defense
Poll question: As a private banking relationship manager (RM):
- I am an agent for the bank.
- I am an agent for the customer.
- I am an agent for both the bank and customer.
- I am not sure.
This was my opening poll question at a series of classroom AML/CTF trainings conducted for an international private bank. The trainings included business senior management, team leaders, RMs and associate relationship managers (ARMs) based in Singapore as well as those who refer clients to the offshore private booking center in Singapore.
The response was not unanimous. Some of the RMs argued that they were agents for the customer because they knew their customers (and their families) very well; a customer’s decision to bank with the FI was the key driver for the FI’s profitability and, ultimately, their compensation. Others argued that they could be agents for both the bank and the customer, assuming they could equally serve both interests.
If a bank’s business management and their RMs cannot accept their true agency, how should businesses be trained on AML/CTF risks and controls?
AML/CTF Training Objectives
AML/CTF training should cover more than local AML/CTF regulations, money laundering red flags, and the bank’s various controls and processes. The business should understand the money laundering and terrorist financing risks to their bank (or line of business). They should also appreciate their role as the first line of defense in their bank’s AML/CTF program, which is designed to safeguard the bank and to disrupt illicit activities sought to be conducted through the FI.
An effective AML/CTF training ought to achieve two objectives:
- Enhance the money laundering/terrorist financing risk awareness of the target audience
- Inform the target audience of the bank’s AML/CTF risk management effort
Case studies and lessons learned should be the staple of an effective AML/CTF training. Business heads, RMs and ARMs should be encouraged to decide when they should challenge the customer’s provided information and when they should escalate their customer’s conduct or activities to compliance as unusual or suspicious.
Where does compliance get the case studies and lessons learned for AML/CTF training? From suspicious transaction reports (STRs) and published enforcement actions against other FIs and organizations for AML/CTF control lapses or breaches. For significant STRs, AML and compliance should also undertake the lessons learned on why the STR was filed and if not timely, the root cause for the delayed filing. The sections where these STR post-mortems point to lapses in process or employee misconduct should be included in case studies for the first line of defense and second line of defense to learn from and comment.
Case studies and lessons learned should be the staple of an effective AML/CTF training
The outcome of an effective AML/CTF training can then be measured as part of the conduct agenda. Following training, there should be an uptick in the number of good queries and timely escalations from the business to compliance. In addition, the business should be making decisions to exit a client relationship because they were not comfortable with the adverse media associated with that customer or with that customer’s account activity with the bank.
The Executive Briefing to the Board and Senior Management
Regulators are looking to effective governance and management oversight of bank AML/CTF programs. For example, the guidelines explicitly state that the board and senior managers are individually accountable. They are also collectively accountable when they are part of the FI’s various management committees.
So, the board and senior managers must be trained to raise their awareness of AML/CTF risk and risk management, but one size does not fit all. The AML/CTF training for the business cannot be the same as the training used for compliance. Likewise, the AML/CTF training to the RMs and client-facing staff cannot be the same as the training to the board or senior management.
While the board and senior management may not be too interested in a list of money laundering and terrorist financing red flags or with specific AML/CTF controls and processes, the board and senior management must understand that banks are at risk of regulatory enforcement actions for inadequate AML/CTF programs. Given the continued regulatory scrutiny and series of local and global enforcement actions against banks for AML/CTF control breaches, the board and senior management must consider this risk and agree on the action needed to mitigate it.
Therefore, case studies highlighting certain money laundering and terrorist financing typologies are not that relevant to the board and senior management, but lessons learned from published enforcement actions become highly relevant—either to assure that lapses will not happen at their bank or that actions have been taken to ensure their bank will not be cited for similar lapses.
Finally, the executive briefing should include a meaningful discussion of the latest results of the bank’s enterprise-wide risk assessment (EWRA) for money laundering and terrorist financing (and other financial crimes) risks and of the progress of the various action plans, including audit remedial actions, to enhance the bank’s AML/CTF program.
Tone From the Top
It means little if the bank can only point to one or more town halls where the CEO or branch manager discussed money laundering and terrorist financing risks as well as actions to fight those risks.
I recall an email from one of my former bank’s group compliance officer’s to the country compliance teams requesting instances when the business “overrode” compliance’s advice on client onboarding or retention. Of course, there would be none to report. As compliance’s approval/input is invariably required for higher-risk client relationships, compliance would eventually be “persuaded” to agree that the risk is acceptable or has been mitigated.
What would have been more relevant and revealing of the bank’s culture are the cases that go to the bank’s AML/CTF risk committee. I am assuming most banks have such a forum and that the quorum for these committees stipulates that senior members of both the business and compliance be in attendance. So what cases are tabled and why?
Some of the difficult cases warranting escalation would include the following:
- Cases where there is a high politically exposed person risk or risk arising from adverse media associated with a prospective or existing customer
- Cases where compliance does not agree to onboarding a prospective customer while business insists on the account opening
a. New account openings with incomplete know your customer or customer due diligence information, including inadequate corroboration of the customer’s source of wealth
- Cases where compliance recommends a customer exits for money laundering and terrorist financing concerns while business does not agree to exit
a. This is usually after an AML investigation and STR filing but may also include cases where a STR was not warranted.
Scenario 1 does not directly say anything about the bank’s culture. Rather, it is the test and application of the bank’ s risk tolerance statement to certain customer risks. While compliance may have a view, they will usually defer to the risk committee to assess if the potential risk in each case is acceptable to the bank or has been sufficiently mitigated to onboard or retain the client relationship. So, how does the AML/CTF risk committee discharge this agency on behalf of the bank?
Effective AML training informs and forms the money laundering and terrorist financing awareness for the FI
The more interesting cases are the stand-offs between business and compliance, where the AML/CTF risk committee must arbitrate and break the impasse. The following are two points to be made:
- A high number of escalations under Scenarios 2 and 3 suggest a certain lack of credibility and authority in compliance. Simply put, the business does not heed compliance’s advice. Hence the escalation up both “verticals” (namely, the business and compliance) and finally to the risk committee.
- The decision of the risk committee is a good indication of the bank’s culture. Can the risk committee make the hard decision? Or, does the committee invariably weave a case for the onboarding or retention based on considerations other than risk?
Increasingly, regulators and auditors are looking at the proceedings and decisions of these AML/CTF risk committees to understand the risk culture of the bank. Consequently, it is expected that the minutes of these meetings must be a fair and formal record of the risk discussion and decision. So, the “tone from the top” effectively comes from the AML/CTF risk committee as agents for the bank. An effective executive briefing surely equips the risk committee to make the right risk decision.
Effective AML training is not just training on the applicable AML regulations and of the FI’s AML procedures and processes. Effective AML training informs and forms the money laundering and terrorist financing awareness for the FI. When the board to the RMs know of the specific financial crime risks to their FI, they are able to manage these risks more effectively. The FI’s various AML controls and processes are no longer just tasks to be completed, but a way of participating more fully in the fight against financial crime.
Rosalind Lazar, CAMS, regional AML director-APAC, ACAMS, Singapore, firstname.lastname@example.org
- “Guidelines on Individual Accountability and Conduct,” Monetary Authority of Singapore, September 10, 2020, https://www.mas.gov.sg/-/media/MAS/MPI/Guidelines/Guidelines-on-Individual-Accountability-and-Conduct.pdf