2020: Making the Right Move to Manage Money Laundering Risk
In the world of anti-money laundering, false-positive type alert management overtook money laundering risk management. How have reporting entities started putting more efforts on managing the creation of alerts rather than managing the risk of money laundering? Today, why does risk management translate into the management of resources working to close unnecessary alerts – false positives – generated by clients and transactions monitoring systems?
Several factors have diverted the reporting entities’ attention toward managing false positives instead of managing the risk of money laundering. Following are four of these factors. Three of them relate to the processing of alerts and one to managing risk.
1) This first factor is the deterioration of monitoring algorithms caused by a lack of knowledge and expertise that prevent continuous calibration. This deterioration generates an increase in alerts, causing increasingly significant delays, the infamous backlogs.
2) The second factor is the need to contain material, financial and human resources despite the increase in a number of products, clientele or markets. This containment of resources reinforces a constant focus solely on managing alerts. It is in fact a false priority, but necessary since the continuous calibration mentioned above is not in place.
3) The third factor stems from sometimes finicky inspections by regulators who spend more time on alerts and their processing than the risk sought during the creation of these alerts. Under the pretense of ensuring the requirement for adequate monitoring and processing within reasonable delays, the continuous monitoring required by regulations which must be applied according to the risk is therefore neglected.
These first three factors conceal the real goal for applying the law that fosters anti-money laundering action. The Canadian law is aiming to implement specific measures to detect and deter money laundering and the financing of terrorist activities. Strangely, creating algorithms and not continuously calibrating them generates a majority of unnecessary alerts, which is certainly not an efficient way to detect money laundering. On the contrary, it rather discourages the main actors from reporting entities who are relegated to carrying out repetitive and non-relevant work, except once every hundred or thousand times.
4) The last factor that also contributes to reversing the attention of reporting entities is also the main one. It is the difficulty to articulate a money laundering risk management strategy. A risk management approach needs an understanding of the reporting entity’s particular components, clienteles and characteristics that can promote money laundering. This understanding supported by a thorough analysis, not a points table or an evaluation done with a computer software, makes it possible to determine the risk areas. It then becomes easier to structure a targeted monitoring approach according to the entity’s risk and not a generalized and unique solution applicable to all without exception.
This in-depth work facilitating the understanding and identification of the risk is paramount. However, it is less glorifying and visible than installing software, having a large quantity of resources and talking about artificial intelligence. Yet, in-depth knowledge supports a risk management strategy that deploys material, financial and human resources to the right places in order to support the objectives of the law: detect and discourage.
Reporting entities must come back to basics and engage into an in-depth understanding of their operations in order to identify their risk management strategy. This will enable the channelling of efforts in the right place and stop the management of false positives. Furthermore, this identification will enable dialogue with the regulator about risk and mitigation measures, not only about the number of alerts. A dialogue undoubtedly more instructive for all.