Question: In implementing our AML program, we recognize there are the basic requirements of the law. However, what is the difference between what is required by law and what are best practices for an AML compliance program?
Answer
Frankly, the law is very general, even vague at times, with respect to distinguishing it and best practices. The result often leaves those who must implement an AML compliance program with little practical guidance as to what should be done.
Over time, industry participants develop ways to comply with the legal requirements for compliance programs. As methods are adopted within the industry, they may be referred to as “industry standards.”
When clearly better ways to comply emerge, they may be referred to as “best practices.” But not all industry standards or best practices will be legally compliant. Therefore, compliance with an industry standard or even a best practice may not satisfy the legal requirements.
At minimum, an organization should consider having a basic set of policies and procedures for assessing its risks for money laundering and terrorist financing. The institution should also have policies and procedures for conducting due diligence on its customers, clients, employees and agents, vendors and third-part service providers. In addition, the policies and procedures should cover how the organization deters, detects and monitors for suspicious activity. Other policies and procedures should be included to address training and how the organization handles legal process, reports suspicious activity and otherwise cooperates with law enforcement and other entities. [FFIEC Exam Manual, 33]
An organization that is affiliated with other types of entities should also consider adopting policies and procedures that apply on an enterprise-wide or institution-wide basis. Such procedures should permit organization within the enterprise to view their customers’ activity across multiply business lines and geographies. [FFIEC Exam Manual, 160]
Jonathan Foxx is president and managing director of Lenders Compliance Group, Brokers Compliance Group, Servicers Compliance Group and Vendors Compliance Group, national companies devoted to providing regulatory compliance advice and counsel to the mortgage industry. He may be contacted by phone at (516) 442-3456, by e-mail at [email protected] or visit LendersComplianceGroup.com.
