You know a task is complicated when the teacher is always learning.
Fraud expert Jonathan Marks, CPA/CFF/CITP, CGMA, often trains compliance experts about guarding against money laundering. Still, even he is constantly monitoring developments in a rapidly changing environment.
"You could never know too much," said Marks, the partner leading the global fraud and forensic investigations and compliance practice for Baker Tilly.
Accountants who perform various duties in preventing and detecting money laundering know that recent developments have made this a difficult environment. Compounding the problem, Russian entities are attempting to evade sanctions. The use of cryptoassets has made it more challenging for businesses and financial institutions to know their clients and customers. And anti-money-laundering laws make it risky for financial institutions to do business with potential customers in the growing cannabis industry.
"It's put us as professionals on the hot seat because we have to be following all of this," Marks said.
Nonetheless, Marks said accounting professionals possess the skills to help clients remain in compliance by identifying the barriers, obstacles, and hurdles that stand in the way of their strategy. His tips for successful money-laundering compliance include:
Understanding the pillars
The revised U.S. Bank Secrecy Act identifies five pillars of anti-money-laundering compliance that can help businesses guard against funds from illegitimate sources. The pillars are:
- Risk-based procedures for conducting customer due diligence: Organizations are required to "know your customer." "This has become a whole new game today because of sanctions and the fact that people are hiding," Marks said.
- Designation of an anti-money-laundering compliance officer: Financial institutions are required to employ an officer charged with implementing their anti-money-laundering policies.
- Employee training: "Knowledge is the best defense," Marks said. "… Learning more about the three phases of money laundering — placement, layering, and integration — is important."
- A system of internal policies, procedures, and controls: "What's really stopping [perpetrators], or preventing or detecting them, is internal controls," Marks said.
- Independent testing: Once controls are in place, reviews and testing are the best ways to ensure they are functioning as intended.
The five Bank Secrecy Act pillars form the basis of a program that can be effective against money laundering.
Make sure the board is involved
An organization's board should provide thorough, competent oversight of its anti-money-laundering compliance program.
"Governance, risk, and compliance, or GRC, is a waterfall concept," Marks said. "You have to have good governance, which drives good risk management. Good risk management always drives the compliance program. It's not any other way, and there's no other configuration. If you don't have a good governance program in place, it's a big deal."
Boards need to perform oversight over senior management and the anti-money-laundering compliance officer, confirm that policies and procedures are adequate and adhered to, and make sure that staff members possess the appropriate expertise related to anti-money laundering.
"You have to be asking the right questions," Marks said. "If you're not asking about risk identification, risk tolerance, and risk appetite … and how those things are built into the compliance program, you're setting yourself up [for trouble]."
Going beyond lists and tools
One valuable resource for accountants in the United States is a group of lists maintained by Treasury's Office of Foreign Assets Control (OFAC).
OFAC maintains searchable lists that identify individuals and organizations that have been sanctioned, as well as terrorists, international narcotics traffickers, and others who threaten security. But Marks cautions that an organization's risk assessment shouldn't stop with a scan of the list.
It's important to also monitor for red flags that include large currency transactions, limited third-party partners, round dollar amounts, and duplicate invoices.
"You have to make your own assessment of risk," Marks said. "If they're not on the sanctions list and you find other information that could be detrimental … that can lead you into a different risk category with somebody saying, 'Hey, wait a second. Let's stop. Yes, we know our customer. … We probably shouldn't be doing business with them.' "
Marks said third-party compliance tools could also be helpful, but they need to be tailored toward an organization's individual risks. One of Marks's clients built a tool that created so many red flag money-laundering alerts that it was impossible for the staff to investigate all of them in a timely manner.
"There's no one tool that you can buy and insert and believe that it's going to solve all your problems," Marks said. "There are so many different aspects of this. There's the human element of it. Do you really understand who you're dealing with? Do you understand the fraudsters? Do you understand your client base? I would caution anyone out there that says, 'Hey, I can buy a tool and plug it in and it's going to solve my problem.' That's not the answer."
The answer, Marks said, is understanding an organization's risk landscape and its "objectives" to ensure you are creating those controls for the right purpose and subsequently monitoring the correct controls.
Evaluating cryptoasset threats
In March, Treasury's Financial Crimes Enforcement Network issued an alert advising financial institutions to be vigilant about efforts by Russian individuals to evade sanctions. The alert warned that cryptoassets could be used to evade sanctions.
Cryptoassets pose a particular danger related to money laundering because of the cryptoasset's pseudonymity, and holders can move assets without the knowledge of the true ownership. "Knowing your customer" is a pillar of anti-money-laundering compliance, so financial institutions and businesses that exchange cryptoassets should be wary of the digital assets' potential for legitimizing ill-gotten gains.
Platforms for cryptoassets make it possible for bad actors to use legitimate exchanges to hide or transfer assets, concealing them so they can then be converted into proceeds that appear legitimate. Marks said stablecoins, whose values are tied to a real-world asset such as gold or the dollar, present additional challenges related to money laundering because of their fast transaction speed and quick settlement.
Marks said it's imperative for accountants to understand the cryptoasset ecosystem.
"If you understand what vehicles and mechanisms the bad actors are using, it allows you to be more prepared and develop systems and solutions that will potentially either inhibit or deter them from actually executing on some type of money-laundering transaction," he said.
— To comment on this article or to suggest an idea for another article, contact Ken Tysiac at Kenneth.Tysiac@aicpa-cima.com.