Several banking giants, such as HSBC and Standard Chartered are currently being investigated by US regulators for alleged anti-money laundering failings. What is the reason for these failures by these large banks? All fingers are being pointed to lapses involving outsourcing units which are operating without adequate oversight by these banks. Due to these scandals, banks that outsource increasingly sensitive and sophisticated work overseas to save costs will now be forced to step up oversight of back office operations.
Outsourcing may seem to be a cost-effective and efficient way of managing AML compliance, however can result in great disaster, if not adequately monitored by a financial institution. It is important to recognize the differences between AML outsourcing and other common outsourcing activities. AML compliance requires a higher level of training in contrast to standard outsourcing tasks. From a legal standpoint, the financial institution remains responsible for the quality of work which can give rise to many risks: legal risk, security risk, operational risk and reputational risk. For this reason, it is important to differentiate between tasks those can be outsourced and those that cannot be outsourced. There is some debate about how far a financial institution can go in offloading its AML compliance tasks to a third party. In other words, how hands-off can a financial institution be? Are there any tasks that should be kept in-house only?
Which AML compliance functions can be outsourced?
There are surely new opportunities for outsourcing companies in the AML space. However, it is critical to determine what to outsource and what to keep internally. Obviously, not all services or functions should be outsourced. The activities that are conducive for outsourcing companies are those that can be effectively and safely done by an outsider. For example, outsourcing companies are suitable to handle low-risk and labor intensive work which can include customer due diligence, enhanced due diligence and verification of customers identification. In other words, all resource-intensive and routine tasks can be easily performed by an outsourcing company. In the same vein, the other activities that can be conducive to outsourcing companies can include reporting of alerts and notifications generated by automated transaction monitoring systems.
Notably, a financial institution remains responsible for AML systems and controls in relation to the activities outsourced. There are risks associated with all forms of outsourcing and a financial institution should be well advised to review and address those risks before it even begins to think about outsourcing tasks.
Which AML compliance functions cannot be outsourced?
There are activities that are not conducive to outsourcing which include filling of sensitive reports. The filing of these reports is the obligation of the financial institution. The filer should be an employee of the financial institution. The targets of filings cannot be disclosed by a financial institution.
Transaction analysis is also considered the most sensitive part of the money-laundering detection process because it provides the underpinning for the filing of suspicious activity reports. Clearly, a third party is not even in a position to analyze transactions because it may not have access to all of the customer information, such as daily internet activity or loan files, which is essential in analyzing transactions.
Likewise, internal investigation of suspicious activities should also be handled by the financial institution and should be approved by the board of directors of the institution. This type of investigation may involve employee interviews, finding and reviewing documents and preparation of reports which should also be kept highly confidential. Also, if a financial institution is confronted with a government investigation, it is recommended to immediately consult a legal counsel.
Nothing is simple in AML Outsourcing!
On the face of it, AML outsourcing may appear to be a win-win situation. But is everything really that simple? Can a financial institution simply find the cheapest supplier of services and watch the overheads fall? Nothing is simple in AML outsourcing. It should be remembered that the ultimate responsibility of AML compliance can never be outsourced. This is the only key to avoid regulatory fines, sanctions and possible reputational damage and disruption of business.