No matter what it’s final form, we now know enough about AMLA to know it is going to require substantial changes to an institution’s BSA/AML compliance policies and procedures.
It follows that AMLA compliance will require financial institutions to allocate additional budget: for people and tech. Since you have the 2024 budget in front of you, delaying planning for ALMA implementation makes no sense. After all, budgeting is a planning process, and the point of planning is to determine what you may have to spend and where the money will come from.
Regardless of how implemented, AMLA will mean at least the following:
For sure, AMLA will require your compliance program to include FinCEN’s national priorities. Do you know where your institution stands with the compliance procedures needed to accommodate those priorities? Obviously, you need to take a look and and consider the implications for your institution.
AMLA will require more monitoring and more compliance imperatives for crypto transactions. Do your ACH and Wire systems already have features that will track those? If they don’t, have you talked to your vendors, and do they have solid plans to beef up your tracking ability? Don’t forget these imperatives will have implications for your existing policy and procedures.
Your BSA/OFAC Risk Assessment is going to be under pressure to be more “risk focused”. You may have already heard about this from your auditor and examiner. My feeling is in 2023 and 2024, risk focused risk assessments are going to get real. Risk-focusing the risk assessment will require added work, data and some third-party expense. Again, your existing policy and procedures will be affected.
AMLA will likely formalize Sanction compliance, requiring changes to your policy and procedures. You are already seeing Sanctions taking more of your institution’s resources. Don’t count on that going away this year or next. Now that Sanctions have proven to be so successful, you can’t possibly believe their usefulness will be unrecognized by the BSA agencies. Be prepared to re-allocate employees and add some tech to your current systems.
And, then there’s the new whistle blower rules, which by the way, in my opinion, are pretty much ready to go. These new rules will require changes to your BSA/AML policy and procedure, which will have to have some sort of feedback system to gather, investigate and act upon reported issues efficiently and quickly—and to document what you have done.
This is not a case of “not knowing what we don’t know”
AMLA is going to become, in some form or other, a BSA/AML compliance reality, if not later in 2023, then early in 2024. We may not know all the details, but we understand the substance. It is all but certain financial institutions will need to beef up resources to one extent or another. So, at a minimum, you should, at least, prepare a 2024 budget to deal with the variables introduced by the AMLA eventuality.
What I propose you do now.
- Research the proposed requirements. Make note of areas in which your institution will need to make changes in your policies and procedures.
- Break each of those changes down into the estimated people-time required to implement. This will help decide whether you have the people-resources to comply. If you don’t, what will it cost to add and train the added staff.
- Looking at the potential requirements, decide whether your existing systems can support the required monitoring and reporting. Will you need to beef up your systems? Buy additional tech? Talk with your current system providers. Are they prepared? Do they have timelines for delivering the reporting you need? Will your internal people have to create added reporting? Can they actually do this? What resources will they need, and which of those resources will require added budget. This will help you understand the amount of added tech and tech-support you’ll need.
- Add it all together, itemized by the specific AMLA compliance requirement. Now you have a “total budget impact” of the potential compliance requirement.
- Once you know the potential impacts, provide Board with the details they’ll need to make decisions if, and when, the implementing AMLA regs become real. And, thanks to you, they’ll be ready to act.
Planning to plan for AMLA is not the same thing as preparing. You can’t prepare until you have a plan. You can’t plan until you do research and account for the variables. All that takes time: time to gather data, time to contemplate the implications and time to run down the costs. That’s why procrastinating is a mistake. AMLA is coming. It’s time to get your institution prepared.
# # #
A&M Solutions has a 50-year track record of success in consumer compliance, marketing and marketing-tech.
We understand how institution compliance and tech should work together to keep an institution inside the lines.
30 Westgate Parkway, Suite 185, Asheville, NC 28806 | 828-230-5802