Following on from the webinar hosted by Baker Regulatory, the Jersey headquartered regulatory experts, discussing the thorny topic of "How Do You Assess Your AML Culture?" below is a summary of the topics discussed.
While the main topic of the webinar was how firms can "measure" their AML/CFT/CPF culture there was a lively discussion around compliance culture, both the good and the bad.
The webinar was inspired by the Jersey FSC, who are one of the first regulators to specifically flag culture as a route cause of poor AML/CFT/CPF conduct as well as identifying 16 "red flags".
Key Indicators of AML Failure
A slido poll showed a range of indicators of poor AML/CFT/CPF conduct, the main ones being:
- Breaches – a high level of identified issues which were not resolved
- Dominant Managers – key individuals overriding compliance concerns
- Complacency – an assumption that the business was adequately compliant
- Business Prevention – a perception that compliance were trying to stop profits
Needless to say, the above list will look familiar to almost every compliance professional!
Boards & Role of NEDs in AML
"Tone from the top" was a theme running through the webinar, especially the critical role played by senior management in creating and building a corporate compliance culture, especially when so many AML/CFT/CPF driven checks and controls impact bottom-line profits and personal bonuses!
Non-Executive Directors (NEDs) can play a pivotal role in reminding the executive Directors of their legal and regulatory responsibilities, but some might not want "rock the boat" or second guess Executive Directors.
Measuring AML Culture
Peter Druker famously said that it wasn't possible to manage what could not be measured, which emphasizes the importance of attempting to measure a firm's AML/CFT/CPF culture.
While culture can't be directly measured, it can be indirectly measured through assessing indicators of culture.
By asking Directors and employees carefully crafted questions regarding their opinions and experiences of a firm's AML/CFT/CPF control environment it is possible to assess the firm's culture and its effectiveness.
Assessments of a firm's AML/CFT/CPF culture and effectiveness can be enhanced by adding "Risk Scores" to questions. By collating the Risk Scores, it becomes possible to "see" compliance using charts and graphs. Firms can also add analysis criteria, such as jurisdiction, division, legal entity, employee grade, etc.
Measuring a firm's AML/CFT/CPF culture allows firms to direct their efforts on rectifying the gaps identified, which results in a material cut in personal and corporate regulatory risk.
An anonymous AML/CFT/CPF assessment can be run annually, or more frequently, so firms can see how their culture is improving and if there is any back sliding.
It is interesting to note that just by asking Directors and employees about their AML/CFT/CPF experiences has a positive impact on their overall awareness of the subject area.
Finally...
Some of the questions the panel didn't have time to address included:
- Can a nebulous concept like culture be adequately measured with questionnaires?
- Is there value in measuring and managing culture when regulators fine firms for conduct failures and not for cultural failures?
- Even if a firm's culture can be measured, can it be effectively managed?
Hopefully we will have an opportunity to look at these questions in more detail in the future.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
