An MLRO of my acquaintance emailed me recently and asked whether I thought it would be OK for her – as her Board had requested – to incorporate her AML manual into a more general compliance manual. And this started me thinking about AML’s position in relation to other related concerns. As I remember it, when AML was first brought in seriously in the early 1990s, it stood alone. In fact, it was rather isolated. The MLRO was responsible for everything AML: he (and at this stage it was nearly always a he) designed the AML procedures, he argued for resources to implement them, he trained staff on them, he checked that all was being done correctly – and he took the rap if it wasn’t. But a few years ago, when the risk-based approach made its appearance, it was decided that AML should not sit in splendid (or, more usually, rather grubby and under-funded) isolation. Rather, it should be brought back into the fold and used to inform all decisions. We’re bringing out a new product: what are the AML implications? We’re targeting customers in a new jurisdiction: what are the AML implications? We’re shedding staff and turning instead to computerised checking: what are the AML implications?
But perhaps the pendulum has now swung too far the other way. Now that AML is everywhere, it is acting as a magnet for all other vaguely related concerns. We need someone to take responsibility for sanctions compliance, so let’s bung it in with AML. Who should oversee our shiny new anti-bribery and corruption effort? I know: the AML lot. We need someone to keep our PEP screening up to date, and it makes most sense for that to live with AML. In short, if it’s to do with dodgy money, it must belong with AML. But is this right? Is it fair to assume that staff with AML expertise can just take on sanctions and PEPs and ABC without extra time, money and training? And, perhaps more importantly, is it confusing for staff and customers? I’ve been doing quite a bit of sanctions training recently, and it’s quite hard to spend time explaining the concept of suspicion (for AML purposes) and then to change gear for sanctions, to make it clear that now it’s a case not of suspicion but of list-matching. How are you MLROs feeling about the increased workload, and perhaps the dilution of AML?