AML Compliance in Banks: CDD, EDD, STRs & Risk-Based Approach
Discover how financial institutions implement AML compliance through CDD, EDD, STR filing, and the Risk-Based Approach under FATF guidelines.
CRCGS
0
0
Money laundering is an international threat to the soundness of financial systems, sustains organised crime, and profits from corruption and terrorism. The United Nations Office on Drugs and Crime (UNODC) approximates that as much as $2 trillion annually is laundered (UNODC, n.d.). Banks are the frontline in the fight against this criminal flow of money. Banks play a critical role in the implementation of Anti-Money Laundering (AML) policies, facilitated by international guidance such as the Financial Action Task Force (FATF) 40 Recommendations. This article covers the most significant AML roles of banks in four broad areas: Customer Due Diligence (CDD), Enhanced Due Diligence (EDD), Suspicious Transaction Reports (STRs), and the Risk-Based Approach (RBA).
Understanding AML and the Role of Financial Institutions
Anti-Money Laundering (AML) refers to the laws and procedures that make it difficult for criminals to give illegal money the appearance of legitimacy. Banks, NBFCs, insurance firms, brokerage houses, and online financing sites are the primary portals to the formal financial sector. They are, hence, the most suitable entry points available to money launderers and are, hence, strictly regulated by national governments. The international AML legislations, e.g., the U.S. Bank Secrecy Act (BSA), UK Money Laundering Regulations 2017, and India's PMLA, 2002, place some responsibilities on them to identify, hinder, and report suspicious transactions. They supplement international guidance that is published by the FATF for globally approved AML standards.
Customer Due Diligence (CDD): The First Line of Defence
Customer Due Diligence or CDD is the heart of any AML program. It deals with identifying a customer and the nature and purpose of their business relationship with the institution. CDD bars the institutions from doing business with money launderers, terrorist financiers, or financial criminal customers.
All the most important elements of CDD encompass identity verification (name, date of birth, address, and government identity), identification of beneficial ownership (particularly in the case of corporate clients), and familiarity with the customer's financial transaction pattern. The banks are also supposed to verify customers' activity regularly to verify if the activity is according to their known profile or not. For example, multiple small withdrawals from a clean salary account will not likely alert, but premature foreign transfers should.
As per FATF Recommendation 10, CDD must be applied by financial institutions not just upon opening an account but also upon routine review and where the incidence of suspicious activity is found (FATF, 2023). Inadequate CDD processes can facilitate the involvement of criminals, as in some high-profile incidents, like the Wirecard scandal, where poor onboarding procedures resulted in unmonitored fraud.
Enhanced Due Diligence for High-Risk Customers
Though CDD is applied to all customers, certain high-risk customers or entities must undergo additional screening in the form of Enhanced Due Diligence (EDD). This is performed for Politically Exposed Persons (PEPs), customers from high-risk jurisdictions, or those having unorthodox patterns of transactions or complex ownership.
EDD requires tighter controls in the shape of source checks of money and wealth, by appropriate background vetting, senior management authorisation before onboarding, and monitoring transactions more closely. These measures will assist in ensuring that institutions are not inadvertently facilitating crime.
The Danske Bank scandal is a case in point. The Estonian branch of the bank processed over €200 billion in suspicious transactions as a result of its not applying EDD to non-resident customers in high-risk jurisdictions. This resulted in significant regulatory fines and long-term reputational costs.
EDD aligns with FATF Recommendation 19, which requires organisations to implement more stringent monitoring of higher-risk business relationships, sanctioned and embargoed countries, and public statements jurisdictions by FATF (FATF, 2023).
Suspicious Transaction Reporting (STRs/SARs): Meeting Legal Requirements
Where there are sufficient CDD and EDD controls instituted, the institutions will have to stay alert by continuously monitoring the customers' transactions. The moment a transaction appears suspicious when viewed in the context of the profile established or appears to be crafted to obscure its true origin, the institution will be bound to report to the FIU of the country a Suspicious Transaction Report (STR) or Suspicious Activity Report (SAR).
Other standard warning indicators of suspicious transactions include structuring deposits to be below reporting thresholds (so-called "smurfing"), cash payments in value, use of foreign shell companies, and unexpected or unforeseen transfer of funds.
STR filing varies from country to country. In India, it is submitted to FIU-India under the PMLA. In the USA, it is submitted to FinCEN under the BSA. In the UK, it is submitted to the National Crime Agency (NCA) under the Money Laundering Regulations 2017. Erroneous and tardy STR filing has civil penalties, revocation of the licenses of banks, and even criminal prosecution as its potential sanctions.
These filings represent cornerstone information that would assist law enforcement and regulators in the construction and dismantling of criminal syndicates. It is not only a compliance, but also supports national and international financial security.
Risk-Based Approach (RBA): Smart Resource Allocation
Risk-Based Approach (RBA) is the key enabler of efficient AML compliance. RBA makes financial institutions allocate proportionate resources to the risk profiles of a subset of customers, products, services, and geographies. RBA avoids the inefficiency of the blanket approach by taking extra caution for higher-risk undertakings.
RBA involves carrying out a risk assessment that considers customer profiles (e.g., PEP status, business activity in an industry), geographical risk (e.g., FATF-listed countries), channels of delivery (e.g., remote onboarding), and product-related risk (e.g., crypto transactions, prepaid instruments). Institutions then decide how much due diligence and monitoring to carry out.
For instance, a politically exposed foreigner who conducts regular cross-border wire transfers through an offshore private banking facility would face an entirely different level of scrutiny than an in-country salaried employee with a standard savings account.
Institutions and countries, as per FATF Recommendation 1, should measure, identify, and evaluate the money laundering and terrorist financing risks and regulate them proportionally (FATF, 2023). Regulator institutions like the FCA in the UK and FinCEN in the US have produced guidelines on how businesses are supposed to adopt the same appropriately.
Frameworks and Guideline Documents that Assist
There are different international and local authorities issuing guidance on the implementation of AML control. One of the most well-known is the FATF 40 Recommendations, the global AML/CFT standard.
There are other useful bodies:
- FCA AML Guide (UK): Issuing reasonable CDD, STR, and risk assessment guidance.
- FinCEN Guidelines (US): Issuing guidance in terms of SAR filing, customer identification, and beneficial ownership.
- UNODC AML Toolkit: Issuing international best practice and risk indicators.
- These resources need to be available to create and support AML systems that meet local and international regulatory requirements.
Conclusion
The banking institutions are not only actors within the financial society but also master guardians of security and integrity. Whether they can identify, report, and block money laundering has direct consequences for national economies, international security, and law enforcement.
Well-designed along the lines of Customer Due Diligence, Enhanced Due Diligence, Suspicious Transaction Reporting, and Risk-Based Approach, an AML program encourages regulatory compliance, protects institutional reputations, and allows for disruption of criminal financial networks. Code of conduct, consciousness of global standards, and implementation of technology-facilitated risk detection tools are the mantras to success in such a fast-evolving compliance paradigm.
