In 2005 Ernst & Young released an article titled "No Room for Error: The AML War Heats Up" which details the fight financial firms face against terrorism and money laundering. The article starts out with a compelling statement:

Today, virtually all providers of financial services remain vulnerable to money laundering and terrorist financing schemes. As a result, they continue to be exposed to reputational, compliance, and operational risk.

To reinforce this statement, the article details the beginnings of the Bank Secrecy Act (BSA) back in 1970 and the subsequent regulations imposed by various government agencies culminating in the broadened rules and authority of the Patriot Act in 2001. These regulations impact industries ranging from mutual funds, charitable organizations to even those in the real estate market. The list, though comprehensive, is far from complete - especially when you take into account that many financial organizations these days are global and possibly bound by foreign regulations.

One interesting tidbit from the article states that regulatory agencies desire financial organizations to implement "proactive" measures such as data mining technology when executing their compliance programs. As a person of technical interests and as owner of Identacheck LLC, I can tell you that this is no small feat! How can regulatory agencies expect financial firms to be so proactive when the standards for compliance vary between laws, regulations, legal red-tape and technical jargon? Just what defines a well-rounded compliance program?

Herbert A. Biern testified before the Committee on International Relations that, at a minimum, financial institutions must implement 4 key components to comply with the major U.S. regulations:

1. A system of internal controls to assume ongoing compliance. This would include a document detailing the organization's compliance program as well as actually implementing the program which may include a process of checking clients against various regulatory lists for possible sanctioned and AML activity.
   
2. Independent testing of the organization's compliance.
3. Designation of an individual responsible for coordinating and monitoring day-t0-day compliance.
4. Training for appropriate personnel.

It sounds like a lot of work but it doesn't have to be. Many firms such as identacheck.com offer services that help companies implement a solid compliance program. From personal experience the following guidelines should provide a good baseline for such a program:

• Know your Customer (KYC) - Many government and financial agencies publish lists of persons and organizations that you should not do business with. These lists are usually available in a data format that can be downloaded and integrated into your database. The Identacheck RiskCheck page includes information regarding these lists. If you are in a bind to implement an interim compliance solution, one good tip is to use google.com site search feature. To do this, first identify the website you wish to search such as "www.ustreas.gof/ofac" and then perform a search against the site along with the person or organization you wish to research. Here's an example searching for "bin laden":
  
  site:www.ustreas.gov/ofac "bin laden"
  
  Just be aware that this may be a lot of manual work, especially so when you take into account that these list CHANGE FREQUENTLY. This implies that not only should you keep your version of the list up-to-date but also that you should re-check existing clients on a regular basis.
  
  
• Document Everything - Many regulations require that you maintain records on all aspects of your dealings with the customer. This serves as proof that the compliance program is enforced and mitigates risk of lengthy government investigations and possible fines.
  
  
• Verify, Freeze & Report - In the adverse event that you DO find an individual or organization that you believe is suspicious. Dig deeper. Use tools such as the Google.com search engine, news sites (Factiva, Highbeam and Keep Media are good ones) and discussion groups (BankersOnline.com has an active discussion board). Once you believe you have a "hard hit" (a true match) - immediately freeze the account including all funds and report the activity to the government agency the list is located on.

I hope you find this information useful, if you have any questions or comments - please feel free to email me at identacheck@ureach.com!


LINKS:
AML War Heats Up - Ernst & Young Banking
Testimony of Herbert A. Biern
OCC Advisory Regarding Electronic Record Keeping