About once a year I will say in a dreamy voice, “Perhaps I should do a PhD in criminology…”. I love the idea of spending months in the library as I craft my thesis, and then becoming the first-ever Dr Grossey. But reality always kicks in when I remember that PhDs, and particularly those in subjects like criminology, have to be underpinned by numerical research. And it’s not just that I’m a bit scared of maths – although I am. It’s more that I know what a minefield it is to try to numericise (what? it’s a word… maybe) AML.
This was brought home to me recently as I worked with a client on their financial crime risk appetite statement. All was going swimmingly: we knew which financial crimes we were concerned about (with me banging the drum loudest for money laundering – nothing changes); we knew what could be tolerated (some financial crime, reluctantly but realistically, but no sanctions breaches at all); we knew who would be responsible for reviewing the risk appetite; we had even chosen a lovely font for the finished statement. And then we came to the dreaded metrics. That’s consultant-speak for measurements. How could we show in cold, hard numbers that we were keeping to our stated risk appetite? Take a moment and think about it. How do you measure that the amount of financial crime risk that you have taken on is within your tolerance? We came up with a couple of ideas of things that could be measured – number of internal SARs received and converted, number of staff doing AML training – but it’s definitely the trickiest part of the whole process. Any ideas, AML-ers so wise?
(And yes, I did a ton of Googling looking for suggestions. There are dozens of papers out there explaining what a risk appetite is, and what the statement should include – marvellous. But when it comes to metrics, they all say, in essence, “make sure that you include metrics”. Thanks a bundle.)