The Bank for International Settlements has released its "sound management of risks related to money laundering and financing of terrorism" guidence that is a detailed and a useful read for compliance, audit and risk teams in financial institutions.
Bank for International Settlements Guidence on AML [LINK]
This compliance guidance takes on a Risk Based Approach to AML that may require banks that have only implemented simple tick box policy, to go much further and deeper with their work.
The document is certainly an explicit read, clear to understand, well referenced and highlights essential elements that should be in place for Anti Money Laundering procedures to be deemed as effective. All this said, actions and directives to and from "competent authorities" that may require a bank to pass information out of the bank or to freeze assets, is not treated within this guidence document.
Interestingly and in line with other audit practices; "The Three Lines of Defence" kind of thinking has slipped into this guidance and BIS describe in detail what is expected from each of line of defence including the audit function of a bank.
One area where banks have been weak when it comes to Anti Money Laundering control is in Correspondent Banking but that is all about to change.
"A bank should establish specific procedures to manage correspondent banking relationships. Business relationships should be formalised in written agreements that clearly define the roles and responsibilities of the banking partners."
Correspondent Banking ALM | BIS
Given the complexity of correspondent banking relationships and the types of instruments that may be traded between entities, meeting these requirements is not going to be straightforward.
From my observation of banks I deal with, which is a rather large number might I add; the majority of banks are going to need to think through and extend their AML infrastructure to become compliant with the new direction BIS are taking. Without integrating AML processes with other risk functions, the cost burden on some banks for full compliance will simply become untenable.
This entire compliance initiative needs to run as if it is a risk framework, not a compliance exercise and it would be ideal, certainly cost effective if banks were able to integrate AML procedures with other customer due diligence activities going on in their respective institutions.