Financial services providers who violate Anti-Money Laundering (AML) and Anti-Fraud compliance requirements by neglecting to report suspicious transactions expeditiously risk paying a higher price than ever. What should firms watch out for?
U.S. Regulators: Zero Tolerance for Violations
Particularly the financial services sector in the U.S. is feeling the increased pressure since the new Beneficial Ownership requirements of the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) went into effect earlier this year.
Enforcement actions under federal law in the U.S. by regulators have included fines in the million or even billion dollar range, banking or brokerage license revocation, and criminal charges levied against individual executives.
How can financial services firms ensure compliance under growing regulatory scrutiny? In many cases which resulted in enforcement action, companies handling transactions that should have raised red flags had not filed Suspicious Activity Reports (SARs) as required by regulators.
Among the reasons cited frequently were technical complexities and the lack of internal oversight and adequately trained personnel. In many enforcement cases, these factors were exacerbated without need by a sluggish response to the investigating authority’s demand.
This begs the question: Why did firms continue to violate compliance once they were put on notice by regulators?
In addition to simple negligence, the available enforcement reports indicate two main reasons. Disparate data sources and a lack of compliance-ready IT tools prevent companies to “promptly produce” the requested documents as demanded by the authorities.
Inadequate Resources Result in Compliance Violations
The same factors play a significant role in the infractions that led investigators to the firm’s front door in the first place. Most cases involve the firm’s failure to appropriately monitor transactions and to follow up on alerts by compiling and submitting Suspicious Activity Reports (SARs) in a timely manner.
A common cause of such violations is the financial service provider’s lack of compliance-ready tools. To efficiently conduct basic Know-Your-Customer (KYC) checks, negative news research, enhanced due diligence (EDD) and suspicious activity investigations online, anti-money laundering and anti-fraud specialists often lack the appropriate tools.
Executives and Compliance Officers on the Hook
Whatever went wrong with procuring the tools for the in-house Financial Investigation Units: it’s ultimately the firm’s executives who will have to pay the price. This was illustrated earlier this year when U.S.-based broker-dealers Chardan Capital Markets and Industrial and Commercial Bank of China Financial Services settled charges brought by America’s Financial Industry Regulatory Authority (FINRA) for failing to report suspicious sales of billions of penny stock shares.
Chardan’s chief compliance officer and anti-money laundering (AML) officer was ordered to pay civil penalties and also barred from the securities industry for a minimum of three years. Far from being an isolated incident, this case followed the familiar pattern mentioned earlier.
Not only did the charged entities neglect to file SARs about suspicious transactions. During the investigation, they also “failed to promptly produce certain documents,” despite repeated orders, according to the SEC.
“Promptly Produce” – Or Pay The Price
Recent research indicates a direct correlation between the negligence of financial institutions sanctioned by regulators and the lack of a compliance-friendly and compliance-ready browsing environment at the disposal of their anti-money laundering and anti-fraud specialists.
Three factors stand out:
- Online research holdups: Because of the malware and compliance risks associated with the use of local web browsers, the compliance mission requires additional resources from IT (whitelisting of web resources, installation/cleanup of “Dirty Box” setups, configuration of VDIs) and often turns the generation of a single SAR into a tedious undertaking, involving multiple team members over several days.
- Supporting documentation problems: Locally installed web browsers indiscriminately download and process web content, including malicious code, on the local machine. Traditional methods of mitigating such risks make it difficult for compliance managers and analysts to download documents or take screenshots of web content for documentation, slowing down their workflow and further delaying time-critical investigations.
- Audit impediments: “Improvised” solutions for secure web research prevent a unified view into all user activity during AML research web sessions, aggravating the difficulties compliance managers face when being compelled to “promptly” produce documents for regulators..
How to File SARs Faster and More Efficiently?
For many firms, the lack of adequate tools to conduct investigations online poses a major hurdle on the path to compliance. A compliance-friendly browser built in the cloud, provided as a service offsite and centrally managed by IT, removes this hurdle.
FinServ and FinTech firms deploy cloud browsers for their teams because this step makes it easier for them to meet regulatory requirements aimed at fighting money laundering, fraud and corruption.
With a compliance-ready browser that is centrally run, managed, all web content is isolated and rendered in a secure container in the cloud. Only visual display information (pixels) is transmitted back to the user. No code from the web can touch (and infect) the firm’s IT.
The often tedious and lengthy process of obtaining policy exceptions from IT to access web resources that are blacklisted but are relevant for an investigation? A thing of the past. The cumbersome setup, configuration, maintenance and clean-up of machines solely used for web research? Ditto.
Anti-money laundering and fraud specialists supported by a secure cloud browser environment have reported operating significantly faster and more efficiently. FiServ firms confirm that deploying a cloud browser enabled their FIUs to close more cases in less time and file SARs more expeditiously, thus protecting the organization from – preventable – penalties and reputational damages.
About John Klasse
John Klassen is Product Marketing Manager at Authentic8 (www.authentic8.com – Twitter: @authentic8), maker of Silo, the compliance-ready browser in the cloud that provides security, efficiency, accuracy, anonymity and auditability for the world’s most demanding enterprises in tightly regulated industries.