ake I saw this today - Ark. Reminds Insurers of Anti-Money Laundering Responsibilities. The article had a key piece about what insurance companies should do:
At a minimum, insurance companies subject to the rule requiring an anti-money laundering program must establish a program that comprises four basic elements:
- A compliance officer who is responsible for ensuring that the program is implemented effectively;
- Written policies, procedures, and internal controls reasonably designed to control the risks of money laundering, terrorist financing, and other financial crime associated with its business;
- Ongoing training of appropriate persons concerning their responsibilities under the program; and
- Independent testing to monitor and maintain an adequate program.
All I could think of was "AAAAGGGGH". Written policies? Ongoing training? Independent testing? How 19th Century!
Here's what I would propose instead:
- A compliance officer who is responsible for managing a set of business rules that demonstrate compliance and for working with law enforcement to update these rules regularly based on current Anti Money Laundering best practice;
- Defined business rules reasonably designed to control the risks of money laundering, terrorist financing, and other financial crime associated with its business that can be reviewed by the business managers and law enforcement at need;
- 100% processing of transactions against these rules to ensure that all potential money laundering activities are identified and raised for investigation;
- Independent verification of the rules and of the process for applying the rules to ensure systematic monitoring of transactions for violations.
Is it just me or is this whole focus on manual compliance just pointless? Why would I try and defeat a problem dominated by terrorists and organized crime with "written policies"? I have written again and again on this topic on the blog under compliance. Ho hum...