As they seek to climb the maturity curve in their AML risk assessment programs, financial firms encounter a number of difficulties and challenges.  We have listed the most common challenges below, along with possible solutions.

  • Timeline pressures – Regulators are increasingly demanding more frequent and periodic AML risk assessments.  Solutions include automating (or partially automating) risk scoring to facilitate an ongoing view of the bank’s risk profile based on geographies, lines of business, products and services, and customer segments; implementing automated tools for data feeds from systems of record; and adopting a risk-based approach to scheduling AML risk assessments, so that high-risk areas are more frequently monitored and reviewed.
  • Resource restraints with competing priorities – There is limited availability of experienced AML talent at scale in local markets and an overreliance on longstanding AML managers’ experience and subjective analysis.  These limitations can be addressed by leveraging a center of excellence model to reduce resource demands by centralizing repeatable, resource-intensive activities, and by implementing a change management process to help schedule AML risk assessments throughout the year without undue demands being placed on line managers.  Lines of business should assume accountability by formally accepting or presenting detailed plans to mitigate high/critical risk events.
  • Limitations with current processes – The AML risk assessment process may not be adequately defined and documented to support robust analysis, and risk categories and factors may not be defined or weighted at levels appropriate to the bank. To address this, banks can implement an AML risk assessment methodology tool, creating standardization across regions and lines of business. They can also leverage case management to create additional efficiencies as well as enabling audit and reporting capabilities. Standardized taxonomies can help identify risks and controls and a standard rating scale helps assess impact, likelihood, and effectiveness measures.
  • Limited availability of data – There may be limited availability of data required to complete the AML risk assessment, with non-repeatable processes used to collect quantitative data. In addition, limited data granularity may affect the appropriateness and suitability of the data in the AML risk assessment.  To address these challenges, banks can incorporate all available information into the assessment, leveraging internal and external data and comparing risk and controls to internal metrics.  A standard data dictionary can be consistently used by all stakeholders including the lines of business, operations, compliance and technology.  Banks should recognize the subjective nature of the AML risk assessment, but can drive consistency through standardizing terminology and the overall assessment process.

As we have discussed in these blogs, a financial firm’s ultimate objective should be a program that supports repeatable, scalable, and cost efficient execution of AML risk assessments on a cyclical basis.   Please contact me if you would like to discuss AML risk assessment in more detail.

For more information, view our presentation on how financial services firms can set-up an effective AML risk assessment program.

AML Risk Assessment Process

Submit a Comment

Your email address will not be published. Required fields are marked *