Back to Resources

AML/CFT Compliance: Why alert management is not the same as wrapping chocolates

Samantha Sheen, EFI's Financial Crime Adviser; Jeff Bateman, Director of Operations, EFI

16.06.2021

Introduction

Earlier this month the Australian newspaper The Age, reported on some AML/CFT regulatory questions raised by the regulator, Australian Transaction Reports and Analysis Centre (AUSTRAC), about the National Australia Bank’s (NAB) compliance programme.

AUSTRAC was said to have recently issued a letter to the Bank, disclosing it had escalated an investigation into potential serious and ongoing non-compliance with the country’s AML laws.

The reasons alleged for this review are yet another cautionary tale about how customer KYC and CDD information can be incomplete or inaccurate and what happens when trigger events are not handled in a timely and effective way.

And this time around, changes to the AML/CFT regulations are not to blame (sorry, no regulator bashing allowed in this case).

 

Review of customer KYC data

In the same article, The Age reported that NAB is undertaking a “mammoth” review, named Project Apollo. This involves the review of thousands of customer accounts that may be incorrectly risk rated due to false or out of date customer identification information or, as more commonly described, KYC information.

So, why the review? The article in the Age suggests that the review is being undertaken due to systemic and ongoing problems related to the resourcing of the bank’s AML compliance function.

Please leave a message after the beep…

Staff in the bank’s fraud team were dissuaded from escalating suspicious transactions for investigation, because the AML team was under-resourced to do them. As one staff member put it, “AML would never answer the phone”.

Vivian Vance and Lucille Ball ham it up at the chocolate factory in a famous food-centric episode of "I Love Lucy." Source: CBS/AP

 

The Lucille Ball chocolate conveyor belt

Ever seen the classic excerpt from “I Love Lucy” where she and Ethel are working in a chocolate factory and just can’t keep up with the assembly process? According to staff members who spoke with the newspaper, time targets set for clearing transaction alerts were set up under a system called “real time management”. Unfortunately, the time targets were far from realistic in terms of the total alerts AML staff were expected to clear in a given time period.

The staff responsible for clearing these alerts had their performance judged against these unrealistic time targets.

Some of this work was assigned to casual employees, similar to the zero contract arrangements here in the UK. The possibility of becoming a permanent staff member was hinged on casual staff meeting their targets.

You’ll pick it up as you go along

Finally, there was training… or allegedly a lack thereof. It was reported that staff received little or no formal training after they’d been enlisted by a local recruiter to work at the Bank.  As one staff member said, “they just sort of chucked me into it”.

The perfect recipe for disaster

I am always talking to people about the confluence of risk – and this news article describes just such a situation. Now the article does not tell us about the Bank’s 2nd line function or how often it checked its AML/CFT controls to make sure they were appropriate and effective. But the inevitable result is clear to someone without specialist knowledge of financial crime regulations.

According to one staff member, “people were in such a rush to tick off the cases to make it look like they were done. They weren’t checked thoroughly. It definitely could have left room for errors, mistakes”.

Importance of effective compliance operations – more Bill Murray than Lucille Ball

I shared my thoughts with my friend and professional colleague, Jeff Bateman, Director of Operations at Efficient Frontiers International, and asked him what he thought of the alleged operational failures at the Bank. He was kind enough to share the following comments.

Jeff Bateman

Sounds to me more like “Groundhog Day” rather than that episode of “I Love Lucy”.  I would love to say this is the first time I’ve heard of this occurring, but it’s one of the more common things I see when firms realise that some type of remediation of their AML/CFT compliance program is needed.

I find a lot of the time this type of situation results from a massive disconnect between what is required versus what is going on in operational terms.

At its core, the cause here is less related to the operational failures themselves and more to do with the strategic planning around a remediation project. The driving force and focus here seems to be “just get it done as fast as you can”, whereas it actually should be more “let's get it done properly”. I am very sure I know which approach an AML/CFT regulator would like to see used.

Setting KPIs or targets in relation to certain AML/CFT compliance activities are fine when used in the right way. They can be a useful tool to understand whether procedures are effective and appropriate. But when targets are set with unrealistic outcomes or have been set without taking account of proportionality (i.e., the work involved versus the skills of those undertaking that work), then yes, you might achieve a high turnover of alert reviews, but it will come at the cost of poor-quality results and, even worse, overlooked financial crime. And just like Bill Murray in Ground Hog Day, in a few years' time, the business will find itself back doing further remediation, often at the insistence of the AML/CFT regulator, to sort out all of those “missed” or substandard reviews undertaken.

It’s important not to undervalue an essential element of these projects – and that is people, understanding what motivates them and building that into the process developed to implement the remediation strategy. This is taught in every educational establishment that teaches business, yet very few managers put this into practise to understand what needs to be done to achieve the desired outcome. Give your staff the tools and resources to do their job effectively that includes investing in them, so teach them the right way and they will produce for you.

Why EFI?

Efficient Frontiers International is an expertise-based client services firm with significant experience managing KYC programmes for Tier 1 Financial Institutions. Our teams have delivered several large-scale projects across a number of workstreams, many with a global footprint.

EFI’s team of operational experts can support your organisation at all levels, from providing teams to deal with cases and quality assurance to project and programme management, taking full responsibility for the delivery of your programme, ensuring success and meeting regulatory standards.