AML POLICY
By having standardized protocols, practices and repositories
of information, FI s are able to maintain consistency,
cohesiveness and transparency in their operations
threats, vulnerabilities, and criminals. By
sharing information with one another, [FIs]
may gain a more comprehensive and accu-
rate picture of possible threats, allowing for
more precise decision making in risk miti-
gation strategies.” Specifically, FinCEN
notes that “collaboration and ongoing com-
munication among BSA/AML, cybersecurity,
and other units will help [FIs] conduct a
more comprehensive threat assessment and
develop appropriate risk management strat-
egies to identify, report, and mitigate cyber-
events and cyber-enabled crime.” 8 FinCEN
further notes that FIs “are encouraged to
internally share relevant information from
across the organization…information pro-
vided by cybersecurity units could reveal
additional patterns of suspicious behavior
and identify suspects not previously known
to BSA/AML units… such as patterns and
timing of cyber-events and transaction
instructions coded into malware…to 1) help
identify suspicious activity and criminal
actors and 2) develop a more comprehensive
understanding of their BSA/AML risk
exposure.” 9
While there is already a strong inclination
among FIs to share select information with
each other and government agencies, the
extent of this sharing and collaboration
could not only be expanded, but also made
more reciprocal in nature. For instance, FIs
can share entire data sets with each other
and government agencies can also share
certain data of their own with FIs.
Centralization
Centralization, for the purposes herein,
refers to the act of consolidating and man-
aging AML processes, procedures, func-
tions or systems centrally, such as by
designating a primary unit, utility, or hub to
manage a specific activity.
In the context of managing risk by centraliz-
ing functions and processes, the Federal
Financial Institutions Examination Council
explains the following: “risk assessment,
internal controls (e.g., suspicious activity
monitoring), independent testing, or train-
ing may be managed centrally. Such central-
ization can effectively maximize efficiencies
and enhance assessment of risks and imple-
mentation of controls across business lines,
legal entities and jurisdictions of operation.
For instance, a centralized BSA/AML risk
assessment function may enable a banking
organization to determine its overall risk
exposure to a customer doing business with
the organization in multiple business lines
or jurisdictions.” 10
Similarly, the benefits of a standardized
approach apply to guidance and procedures.
By having standardized protocols, practices
and repositories of information, FIs are able
to maintain consistency, cohesiveness and
transparency in their operations.
Creating a “holistic” (or enterprise-wide)
view, which is often an intended result of
centralization, is also encouraged within
the industry. For instance, regulators have
explained that in order to obtain a more
accurate understanding of a client base,
8 “Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime,” FinCEN, October
25, 2016, https://www.fincen.gov/sites/default/files/advisory/2016-10-25/Cyber%20Threats%20
Advisory%20-%20FINAL%20508_2.pdf
9 Ibid.
“BSA/AML Compliance Program Structures—Overview,” FFIEC, https://www.ffiec.gov/bsa_aml_
infobase/pages_manual/OLM_039.htm
10
78
ACAMS TODAY | SEPTEMBER–NOVEMBER 2017 | ACAMS.ORG | ACAMSTODAY.ORG