Analyzing Your High-Risk Customers
One of the most frequently asked question by regulators of financial institutions is how many high-risk customers do you have? Many financial institutions are confronted with the challenge of identifying and quantifying their high-risk customer population. In particular, internal controls should be designed, among other things, to ensure that such risk has a policy, process or other measure, as well as a control to ensure that the policy, process or other measure is being applied and works as intended. It is the responsibility of senior management to establish appropriate governance and oversight, system of internal controls and to monitor compliance.
Proactive steps to analyze and review high-risk banking customer population ensure compliance and risk management.
Following a targeted BSA/AML regulatory examination of a top tier financial institution, the institution was criticized for its inability to effectively identify and manage its high-risk customer base. These concerns were noted across the entire organization, both within and across business lines, support units, legal entities and jurisdictions of operation. Among the issues noted were:
• Inability to identify certain types of high-risk customers
• Lack of comprehensive AML/CFT policies and procedures
• Inadequate transaction monitoring system to identify transactions
• Lack of timely reporting of suspicious transactions
• Lack of firm-wide process for managing customer risks
• Lack of timely resolution including demarketing/derisking of customer(s).
Alacer consultants were hired to enhance the institution’s oversight and operational process regarding high-risk customers. Alacer worked with the first and second lines of defense, including the High-risk Customer Unit (HRCU) within the BSA/AML compliance department, to develop/enhance practices and processes designed to enhance governance and oversight while improving the internal control environment. This process resulted in the development of comprehensive policies and procedures, enhanced management reporting of customer risks, robust ongoing monitoring and investigative processes. Bank management approved the demarketing of more than 15% of the customer base due to the level of risks they posed to the institution and exited several business lines and operating jurisdictions.