As regulators increase AML compliance demands on credit unions, the high cost of AML compliance is a critical challenge. How can credit unions both fulfill AML requirements and improve operations?
Over the past few years complying with anti-money laundering (AML) regulation has become increasingly difficult for many credit unions in the United States and Canada. With the rapid expansion of new technologies, industries, business models and cross-border transactions, regulators have ramped up their AML compliance demands.
While big banks have their own AML departments and are investing big bucks in their digital infrastructure, smaller credit unions generally lack the funds and other resources to keep up with it all. This shortfall in turn becomes a major impediment to complying with AML/CFT regulations.
In this three-part series we are going to take a closer look at AML/CFT compliance among credit unions. Specifically, we’ll examine the current cost of not being able to comply, some new compliance challenges and threats, the most essential elements that today’s credit union AML/CFT compliance programs need to have, and the easiest, most cost-effective solutions to actualize such changes.
The High Cost of AML/CFT Compliance
In a recent survey by CU Service Network of over 60 executives from credit unions ranging in size from $30M to $1.6B in total assets, a whopping 98% identified compliance as being their primary operational concern.
It’s not hard to see why. According to another study, this time from the Government Accountability Office (GAO), US credit unions spent up to 2.4% of their total 2018 operating expenses on AML/BSA compliance.
For smaller credit unions that percentage is likely higher since they do not have the same economies of scale or investment in IT infrastructure that bigger credit unions enjoy.
Yet, these numbers still don’t accurately reflect the true cost of compliance among credit unions.
At KYC2020, we offer consulting services to our clients to help them develop and employ a customized AML compliance program. During the risk assessment and workflow analysis, we will consider numerous indirect costs that may increase risk while reducing efficiency. For example:
- When first-line staff are tasked with duties related to regulation, reporting and record-keeping requirements that add to their regular responsibilities. This takes them away from their regular jobs and makes them less efficient.
- When compliance programs rely heavily on manual and repetitive procedures. This increases the chance of errors and omissions. Even small errors, such as incorrectly labeling a document, can lead to fines and costly downtime.
- When the credit union’s senior leaders are pouring majority of their time and money into cybersecurity and compliance rather than strategic initiatives and goals. This lack of strategic focus can lead to missed opportunities.
On the other hand, when credit unions are unable to prevent fraud and money laundering activities, they will inevitably suffer from declining revenues, lack of customer satisfaction, debilitating fines, and damage to their reputation.
It doesn’t have to be this way! There are proven methods for credit unions to get back all the wasted time and money.
The most successful credit union leaders are those who seek to understand the role that effective compliance management plays in the institution’s overall strategy. They make an effort to consider the impact of compliance on operations as well as customer acquisition and retention. Finally, they recognize their unique needs and circumstances and then implement the most appropriate tools to help them optimize their compliance activity.
By doing so, these leaders will be best positioned to help their credit unions grow and prosper, now and in the future.
Rethinking Credit Union AML Compliance
As the financial services industry continues to evolve and expand and new compliance rules emerge, many credit unions have been content to simply make tweaks to their current compliance programs, policies and procedures. This only leads to greater inefficiencies over time.
Instead, senior leaders need to completely rethink how compliance happens along four key verticals:
1. Conducting an Audit and Risk Assessment
Risk assessment is a pillar of AML compliance and generally is a crucial first step in building an effective AML/CFT program. Yet, many senior management teams get derailed when they try to rubber stamp a solution or a mix of solutions on to their legacy systems.
The problem with this is that there is no one-size-fits-all solution to fulfilling compliance requirements. While each financial institution must fulfill certain legal obligations, it is essential that the program be tailored to their unique needs in addition to the identified risks and vulnerabilities of their clients and third party suppliers
In practice, this means that an AML/CFT program must take into account factors related to their product and service offerings, their size and geographic location of the branches, the business activities, and knowledge of its customers activities.
Finally, another often overlooked factor is the ability to scale and adapt as the credit union matures and grows. A credit union’s AML/CFT program should have the built-in flexibility to adapt to changes in compliance requirements, technology, and its target market while maintaining strict data security and information management controls.
2. Establishing Internal Controls
A credit union’s compliance obligations include not only federal and state laws, but also the expectations of regional, and at times, international regulators. For example, the General Data Protection Regulation (GDPR), which requires businesses to protect the personal data and privacy of European Union citizens, could apply to a credit union with members from multi-national businesses.
Few credit union leaders would fail to acknowledge that their AML/CFT compliance program should focus on internal controls and systems to detect and report financial crime. But at the same time, several other items should be taken into consideration based on the modern realities of AML/CFT programs today. These include:
- The increasing number of mobile payments that significantly reduce financial transaction times.
- The impact of customer experience and expectations on revenues and customer retention. A recent study conducted by Forrester, revealed that customer experience is the most highly valued quality consumers are looking for in a financial institution. Many studies show the same results for business customers too.
- Cybersecurity and financial fraud have grown in scope and complexity in recent years. Fraudulent activity is getting increasingly more difficult to recognize and contain. When suspicious activity is identified, the response needs to be data-driven, intuitive, and happen in real-time.
3. Providing Continual Employee Training and Education
AML/CFT compliance always extends to a credit union’s employees. In fact, employees tend to be the weakest link in data security and compliance procedures. Staff members need to be aware of their roles and responsibilities within the system. They should know how to conduct due diligence and navigate the various organizational policies and procedures that help to ensure on-going compliance.
But given that compliance should be a dynamic system, employee compliance training and the communication of new systematic threats must also be dynamic and dealt with swiftly before becoming too much to bear.
4. Monitoring the Results
Although AML/CFT compliance programs require and independent review, the credit union should also involve a regular internal review of compliance controls in order to measure their effectiveness not just in meeting compliance standards but in achieving strategic business goals. Identifying the institution’s strategic goals while focusing on compliance is a core competency that will drive success among today’s credit unions.
In short, today’s credit unions are in need of dynamic and customized AML/CFT compliance programs. Achieving such a goal is actually easier and more cost-effective than it seems given the rise in regulation technology (RegTech) and vendor based compliance solutions.
Before we can take a look at these vendor based solutions, we need a deeper understanding of the challenges credit unions are currently facing when it comes to AML/CFT compliance.
We’ll discuss that in part two of this series.
About the Author
KYC2020 is a Chicago-based global regulation technology company. KYC2020’s team of CAMS™ certified AML specialists have combined next-generation technology with their deep understanding of Banks, MSBs, Credit Unions, and Cryptocurrency operations to deliver compliant AML solutions that are low friction and cost effective. KYC2020 is recognized as one of the world’s most innovative regulation technology solution providers by RegTech Analyst magazine. To learn more about the author, visit www.kyc2020.com
