Enterprise AML Program Assessment William Langford Director of Global Anti-Money Laundering JPMorgan Chase & Co.
Identify Business Units
Assess Risks and Controls Risk Factors: Products and Services Offered High-Risk Customers High-Risk Geographies Business Strategy Use Metrics to Quantify! Controls: Program Governance Business and Compliance Staffing Customer Identification and Verification Customer Due Diligence Transaction Monitoring Currency Transaction Reporting Suspicious Activity Reporting Training Compliance Testing Independent Testing
Establish Risk Definitions Assess Quantity of Risk Assess Quality of Risk Management Residual Risk
Use Regulatory Resources ü FFIEC BSA/AML Examination Manual – Appendix J Comptroller’s Handbook – Large Bank Supervision W ü Document your standards ü
Review the Assessments ü Ask questions: ü Was the assessment completed according to established procedures? ü Are risks sufficiently quantified? ü Is the assessment of risks and controls consistent with audit and examination findings? ü Document your review
Compile the Results Consolidate the results from each business unit into an easyto-read (and interpret) enterprise-wide overview ü Assess the results – where is your institution’s potential exposure? ü Develop an executive summary that highlights and quantifies the most significant risks and the quality of risk management ü Assess the direction the risk is trending and explain why ü
Communicate the Results Regulators Auditors BSA Officer Risk Assessment Results Senior/Exec Management Testing Units Risk Committees