Corporate AML compliance objectives are a balancing act of effective risk management, revenue goals, and cost savings, but the reality is that many organizations struggle to achieve this balance with their AML programs. Instead, they are hamstrung by disjointed
processes that fail to use or share all the data or resources across the organization. Here, we examine how a hybrid AML compliance program that combines a centralized model with the local insight of a decentralized approach can help organizations overcome
Decentralized screening: pros and cons
By keeping AML compliance at a local level, decentralized screening can make it easier to ensure effective local risk management and compliance. Deeper local knowledge and awareness of local regulatory trends are an advantage. Access to customers is better
and it is also easier to source local research when onboarding. The compliance team can also focus on applicable local laws without being distracted by less relevant group-wide requirements. And a local team may adopt more ownership of the process if they
have more autonomy in its execution.
Decentralized AML compliance can also cause disjointedness across the enterprise and makes it difficult to ensure equivalence in processes across locations, often resulting in inconsistent application of policies. Reporting can be challenging, as often the
head office cannot access local systems to see real-time information; rather reports are typically shared over email, making it difficult for the head office to gain a holistic view of evolving risks. There is also the expense of purchasing and maintaining
multiple servers and supporting additional staff at each location.
Hybrid AML compliance: how it works
In a global, centralized AML compliance model, different systems in local offices are brought together into a centralized repository of information. The systems and functions are based at the head office, while certain activities are performed at local offices.
However, everyone is connected to the group office through a centralized “nervous system.” There is, typically, a single server to manage, and it supports all global requirements, as well as several decentralized processes. The head office can set up a unique
user group for each office that simulates the main system and acts as a container for workflows, rules, and data. Initial AML checks and CDD can be done locally, with reporting shared electronically through the system.
Taking this approach, the head office has visibility into what is happening at each location. It can view critical statistics such as the number of suspicious activity reports filed and real-time access enables them to address the challenges of each office
Processes and people
Centralization makes it easier to ensure that all groups are using the required lists for screening. Sanctions, ultimate beneficial owner, and other AML compliance lists that must be globally screened by the organization are shared across all divisions,
and local offices can also screen against relevant sanctions lists for their territory or business. These lists are included as an additional “layer” at the local level where a first pass at resolving alerts takes place, with suspicious alerts escalated to
group compliance for enhanced due diligence when necessary.
Monitoring and reporting
With group oversight, it is easier to leverage best practices across the enterprise. Reporting is performed locally and integrated into the group-wide reporting structure. Group compliance has full access and can see what is happening in each office, for
example, which office has increased activity. Monitoring and reporting processes are simplified since the tracking of screening activities, results, and metrics is consolidated.
A centralized AML solution with decentralized capabilities typically requires only one server or cloud software subscription. Local offices do their screening by connecting to the organization’s global onboarding or payment system to enable ‘first line of
defense’ review at the local level, and they can see existing CDD and KYC information of any customers that have been previously screened and resolved. This substantially reduces repetitive screening of the same person across the enterprise, for example, if
a person has accounts at different divisions, and means the organization benefits from an enriched customer profile, where the information captured by various offices is shared, improving screening.
A centralized AML compliance solution with decentralized decision-making
A centralized AML compliance model with decentralized decision-making can deliver an excellent balance of business efficiency, local compliance effectiveness, and cost reduction. Centralizing AML software, processes, and information helps ensure consistency
and transparency across the enterprise, improves customer knowledge through shared KYC processes, and allows for complete oversight from the head office. Incorporating local insight into these processes ensures that local knowledge is not lost and encourages
ownership of the compliance processes. It doesn’t have to be a question of either centralized or decentralized AML compliance; instead, it’s a case of taking the best of both.