Given the rising costs pertaining to Anti-Money Laundering (AML) compliance programs, on October 3, 2018, five U.S. regulatory agencies released an Interagency Statement on sharing Bank Secrecy Act (BSA) resources. This allows banks and credit unions to enter into ‘collaborative arrangements’ to share both human and technology resources to manage their BSA and AML obligations more efficiently and effectively, in a bid to reduce costs.
The Statement is addressed primarily to community banks as their costs of AML/BSA compliance can be significant and they presumably deploy much simpler AML compliance programs. The Statement elaborates on a few, non-exhaustive examples of such sharing activity including:
- Conducting internal control functions, including the drafting and updating of BSA/AML policies and procedures, developing risk-based customer identification and account monitoring processes, and tailoring monitoring systems and related reports regarding the risks.
- Independent compliance testing including scoping, planning, and performance of the BSA/AML compliance program independent tests
- Conducting BSA/AML training programs
The Statement makes it clear this arrangement in no way relieves a bank from its AML compliance responsibility. It also recommends documenting of any third party arrangement in this regard and providing periodic reports to the bank’s management regarding the functioning of the arrangement.
We believe that AML resource sharing shall be beneficial for banks; however, the implementation needs to be planned taking into account various challenges possible in this regard.
First, banks with more or less similar AML risk profiles should collaborate for the resource sharing program to be a lot less complex to implement. For instance, a regional bank should look into resource sharing arrangements with other regional banks, preferably, in the same region.
Second, the arrangement should be solely owned by third parties, with proper terms and conditions acceptable to all participating banks. There are many service providers with global AML operations experience and technology expertise that banks can consider in this regard.
Third, a common AML platform must be rolled out for all participating banks. The cost of procuring and implementing an AML platform for multiple banks together will be a lot less when compared to individual implementations. As the variation in the platform instances across banks is expected to be quite less, i.e. less than 20%, given the expected similarity in the profiles of participating banks, the variation in the instances shall be minimal, thereby reducing the overall implementation effort, timelines, and cost. Such an option also reduces the ongoing platform maintenance cost for banks. It would be ideal if the third party owning the arrangement brings in the AML platform as most service providers would have either their own AML platforms or have alliances with leading platform providers. Since the services shall be provided in a bouquet format (including technology and manpower), the overall cost of the arrangement will be significantly lower when compared to bringing in multiple players.
Fourth, the identity of participating banks should be kept secret to the extent possible. Technology can support in masking the data appropriately. This reduces the risk of losing confidential information.
Lastly, banks should identify some core activities, such as setting up the alerts and periodical tuning of the same, that are conducted in-house rather than allowing them to be handled through the sharing arrangement. Such an approach would ensure a more efficient way of resource sharing as the core activities tend to be a lot more complex, and are unique to a bank.
We are of the view that banks should judiciously use this regulatory stance to reduce the cost of their AML programs and improve their effectiveness. What do you think? What more must banks consider when partaking in resource sharing initiatives?