Iran leads AML index… but…

Basel Institute on Governance, an NGO think tank focused on corruption, published a ranking of countries based on AML risk. Iran, Afghanistan and Tajikistan topped the list. The top ten were all countries with low income and a weak rule of law.

Aside from New Zealand and Chile, the bottom of the list were all European, with Switzerland, the home country, placing near the middle of the 152 jurisdictions ranked. United States scored better, even better than Canada. Transparency International has a corruption map where Canada fairs better than the US. This is interesting to note since TI’s data was included in the BIoG’s sources. Effectively, BIoG AML Index is an aggregate assessment of other research.

This is a troubling way to look at these rankings. All of BIoG’s sources are also aggregated assessment of other research. This is to say, there are multiple layers of laziness going on here. There are a few true research going on where people are put on the ground or required review of laws on the books and effectiveness of enforcement, and then there are a few that are simply taking the conclusions of that research and repackaging it with their own ranking methodology.

Oddly, this is the same kind of trap compliance departments can fall prey to when trying to come up with risk ratings on qualitative jurisdictional attributes using these think tank assessments. What is hidden is that there are some that are getting weighed more heavily than is otherwise apparent. A good analogy would be a patient recovering from surgery who is taking Vicodin and Tylenol, not realizing that Vicodin includes the the active ingredients of Tylenol within it – that’s why Vicodin labels warn people not to take Tylenol or acetaminophen, the active ingredient in Tylenol. The patient is accidentally taking a large dose of Tylenol than intended.

Taking a closer look at weighting of the source assessments, BIoG mentions issues regarding weighting but does not actually describe how the assessments were weighted. This makes it impossible for a compliance officer to undo undesirable aspects of this index.

Missing data section reveals that there was a minimum amount of data that was required to be ranked. This is helpful, but when I downloaded the spreadsheet, I expected the data. Instead what I found was a historical rankings on the BIoG AML Index. This is not helpful, since, a compliance officer is likely going to have to score the AML risk of jurisdictions not in the rankings.

The conclusion is this: BIoG’s AML Index can only be used to make a compliance department look better, but it doesn’t actually help compliance departments to be better because it does not add any value. No compliance officer should being using this index alone or in combination of other sources because this index will distort the actual research done by the other sources. While BIoG’s index is worthless, the index provides one thing of great value: its sources. It has curated a very good list of sources, which an compliance officer can use to educate himself on risks in various jurisdictions.


How does your firm score AML risk?

Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. He is a member of ACAMS and ACFE. 

Take Home Compliance

Whenever possible, Money Compliance has been trying to provide some job posts from LinkedIn in a post called Jobs in Compliance. As the blog transitions over from everyday to twice per week this fall, the Friday edition will be expanded. Jobs in Compliance will be a segment of the Friday post called Take Home Compliance. On Mondays or Tuesdays, there will be a post that will address specific compliance issues. If it hasn’t been clear, the transition of this blog will be from news (like JD Supra and FCPA Blog) and high level advice (like Michael Volkov and Richard Bistrong) to more nitty gritty. The idea is this: readers have multiple sources for news. “Experts” in the field who give advice and have exposure tend to focus on things that really aren’t very specific to compliance. Their advice could be about corporate culture in general. And while corporate culture is the best way to prevent running afoul of the law, there are lots of things that culture just cannot tackle that are really specific to the functions in the compliance department. This blog will try to provide that function specific information and advice. Also mentioned previously will be a greater effort to expand the resources page. Please look out for that in the future.

So, here’s the first entry of Take Home Compliance:

A cryptocurrency mining firm HashingSpace has filed with FinCEN as a MSB. The best known cryptocurrency is BitCoin. Money Service Business is a legal designation for non-bank financial transaction companies, not including credit cards. Western Union is the best known MSB. FinCEN is the abbreviation for Financial Crimes Enforcement Network, the division of the US Treasury that deals with the deterrence, prevention, and investigation of financial crimes outside of the capital markets. This is move to make BitCoin more accepted. BitCoin has taken a dive in the last year. A year ago it was valued above $500 per coin and now it is a little above $225, losing more than 50% of its value. The current problem with BitCoin is that it is being used as an investment rather than a vehicle for transactions. Nikhil Gupta at NewsBTC

DOJ has created a position for compliance counsel. The idea is to differentiate between effective compliance and paper compliance. Compliance with the law on a point by point basis by missing the purpose of the law is paper compliance. Common sense would lead one to believe that those in paper compliance will be prosecuted more harshly than those in effective compliance who may not meet the letter of the law because the whole point of compliance is to deter and prevent incompliance. Alison Tanchyk and Margaret Erin Rodgers at Daily Business Review

CFPB focuses on the little know Reverse Mortgages. A reverse mortgage is a unique type of loan for homeowners age 62 and older. This special type of loan is frequently insured by the Federal Housing Administration and allows homeowners to access the equity in their homes, without making monthly mortgage payments. Borrowers are not required to repay the reverse mortgage loan as long as they live in the home. However, the loan must be repaid when the last surviving borrower dies, moves out, or sells.” – Montoya M. Ho-Sang at Banking Exchange

Financial Regulator Compliance has become a boon for the people who might be working against the economy? That’s the perspective that is pushed in a Bloomberg article about JPMorgan has hired 8,000 people in compliance and controls. Supposedly even non-financial firms are hiring compliance officers to develop ethical policies to entice Millennials to join them. Even headhunters are focusing on compliance, some ditching other types of recruitment altogether. Anthony Effinger at BloombergBusiness

“Neither banks nor regulators emphasize regulatory excellence the way that they should.” That’s “why banks have trouble getting compliance right.” Kathryn L. Farrell at American Banker

From The Blog

Two compliance lessons from the Ashley Madison scandal: HERE and HERE.

Jobs in Compliance

What particular compliance requirement is making your life difficult these days?

Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. He is a member of ACAMS and ACFE. 

ComplyTech: GoldTier

GoldTier is a client onboarding system and compliance solution. It is now Thomson Reuters Client On-Boarding, a product within Risk Management Solutions.

GoldTier is a leading provider to financial firms of software for onboarding new clients in compliance with KYC regulatory requirements. Having reliable and up-to-date due diligence on potential clients is necessary to comply with KYC and similar regulatory requirements. The incorporation of Avox data into GoldTier’s onboarding system will provide financial institutions with streamlined access to constantly updated, quality data throughout the client management lifecycle. – Reuters


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.


ComplyTech: Metavante/FIS Global

Metavante is a risk and compliance solution from FIS (Fidelity National Information Services), a major Financial Service Technology company. It focuses on regulatory information and reporting. MoneyCompliance has focuses quite a bit on tools for fraud and anti-money laundering, but this is different from those tools. This is very much a monitoring tools. The software solution used to be called Prime Compliance Suite. Because FIS focuses on payment technology, the compliance solution has taken a back seat. However, companies using FIS products are likely to see quite a lot of what used to be the Compliance Solutions integrated into the products by way of Fraud Management, ID Verification and ID Authentication.


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

ComplyTech: Accuity Compliance Solutions

Accuity is a technology company focused on the financial services industry. MoneyCompliance reviewed the database search product it developed for American Bankers Association early this year. (Not so great when it launched.) The company has a solution for compliance needs. No information could be gathered about what institutions are using the product.

A review of its offers seems to be along two lines: provides a centralized source of public data and integration into its other products. Accuity is clearly focused on providing more to its existing clients with its Compliance Solutions. Technology-wise, it is also much simpler to provide additional solutions to self-developed products.

This really means that the additional tools, when standing alone, compete with much bigger rivals like Thomson Reuters and Factset. Plus, one of its products seems to be powered by LexisNexis, so, it is merely an integration of another vendor’s product into its own product.

Not that there is no value in these solutions, but there isn’t a great amount of value unless Accuity is a primary vendor for your compliance department. That goes back to our first claim, which is that we do not know of any financial institution that uses Accuity.

However, there is great potential of Accuity. It is a subsidiary of Reed, a business information company. Should they really decide to invest in competing in this space, financial institutions will have more options. The question for Accuity is whether it has missed to boat on becoming the primary source of information for the compliance officer.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.


Account opening costs increases by $6.82

Last week ended with Merrill Lynch being probed for not detecting money laundering facilitated by its financial advisors. This is in addition to the FA being investigated by FINRA and, likely, will have licenses revoked or fined heavily. What caught my attention in a sentence in the a roundup paragraph in a Reuters article regarding this issue.

In December 2014, FINRA ordered two brokerage units of Wells Fargo & Co (WFC.N) to pay a joint $1.5 million fine for failing to verify 220,000 new accounts during a nine-year period.

This comes out to a fine of $6.82 per account not verified. This is less than minimum wage. Considering this fine covers a period of nine years, this is a relatively cheap. Many of those accounts might not even be open anymore, so, that would also mean Wells Fargo not having to go through the proper verification process for all of the 220,000.

Is your firm’s account verification process inadequate and willing to pay $6.82 nine years from now to fix it?

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

The Ashley Madison Lesson – Part 2

People are, of course, focusing on the sensational aspect of the Ashley Madison data breach. But since this has really captured the attention of so many people, I should like to point out something about the data that was stolen and shared with the public (so far).

There are, of course, information about the members, their profiles, their login information, their credit card transactions, etc. But it also includes loan agreements, compensation records, corporate bank account information and corporate strategy plans, including domains registrations. Even if this was an isolated incident that had already been contained, the whole business is not at risk.

This data breach now may have breached the Chinese wall. Chinese wall is an information wall that protects firms by blocking employees from being able to access information about a client when their interests present a conflict. All the work that was done to create that wall now must be examined because the wall is still there but this breach has served the information on a silver plate, no effort needed by the employee. This isn’t to say that employees are trying to breach the Chinese wall, but they may do so inadvertently.

Some refresher notices and training should developed to remind people about conflicts of interest issues, including changes in policies and procedures being made to adapt to the post-AshMad world. There isn’t much more that can be done on the compliance front because the rest is a technology issue. Some new testing of controls might also be required, now that there was a leak.

Do you have an account on Ashley Madison?
Shhh… I won’t tell…

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and other clients manage investigations and regulatory responses.