Citigroup has been a hot topic in anti money laundering (AML) circles lately, thanks to its restructuring of AML compliance and operations arms into a single organisation. At the same time, it has been reported that both JPMorgan and HSBC have chosen to break up their AML compliance and operations units.
So what is the best model to adopt? As an ex-practitioner, I challenged myself to take on the role of the decision-maker, consider some of the pros and cons of both and decide which model I would prefer to adopt.
The Fragmented Approach
- Cost savings if certain parts of the AML function can be ‘operationalised’ – primary targets for this approach would be transaction monitoring, sanctions screening, production order units and even the nominated officer function.
- Processes could be standardised at a lower level, with escalation required at certain trigger points.
- The ‘operationalisation’ of such functions could also lead to resource cost reductions if the expertise required to follow the process was reduced, and greater elements of the process were automated.
- The ‘McDonaldsisation’ of parts of the AML function – the inherent danger of operationalising a function and reducing it to a process is the reduction of accountability, the reduction of expertise, loss of the ability to think and act ‘outside the box’, which could lead to a lack of flexibility and ultimately inefficiencies to deal with non-typical situations.
- The ‘silo’ mentality and the potential for issues to fall between the gaps as no single function has oversight of the end-to-end process
- Blurred lines between first and second lines of defence with a pseudo-second line or a first/second line hybrid
The Centralised Approach
- Better management of risk – the holistic approach and oversight of the end-to-end process, leading to increased visibility of issues or gaps in the process
- Greater interaction between the various parts of the AML function and the ability to more readily dovetail internal processes to meet regulatory and policy requirements, rather than considering parts of the AML function as operational, leading to potential loss of resource and expertise whenever there is a drive to reduce ‘operational’ costs
- Expertise and accountability – rather than sitting as a processing function outside the core AML compliance team, and simply escalating at trigger points, transaction monitoring (for example) is recognised as a key AML function, with appropriately trained staff who can see where they fit into the bigger AML picture; in addition, the appreciation of the interrelated nature of the different parts of the AML function
- Greater flexibility to deal with issues and more efficient implementation of the risk-based approach
- Clearly defined second line responsibilities
- Cost – of resources and training
- Talent gaps in the market
So on the basis of my quick and dirty comparison of both models, I vote for the centralised approach to AML, combining both the compliance and operational aspects of this function. From a risk management perspective (both for the business and the individual) this approach makes more sense to me.
And to quote an unnamed source: ‘I would not work in a place as the head of AML where I didn’t oversee directly the operations relating to transaction monitoring, investigations and reporting for both sanctions and AML.’
So what would you do? Split or stick? Please feel free to add any comments on this issue.
To stay updated on the latest developments in governance,risk and compliance, anti money laundering and financial crime prevention, please follow us on either LinkedIn, Facebook and Twitter where you are guaranteed to be notified when our next blog post goes live!