Successful Anti-Money Laundering Requires the Right Staff and Tools for the Job

Ricardo Bustamante, CIO of Banco de Crédito del Perú, attended the 11^th Annual International Money Laundering Conference & Exhibition in March. While there, he spoke with SAS e-newsletter Editor Shelley Sessoms about AML and its implications for the banking industry.

Shelley Sessoms: Tell me a little bit about what you've done over the past couple of years and your involvement in anti-money laundering and compliance.

Ricardo Bustamante: Over the last two to three years, we had been trying to find a tool to help us in the process of trying to correlate variables and data that can lead you to track suspicious activities. Once I started getting involved, I found it on one hand fascinating because of the technical challenge in terms of acquiring information, processing it and such. On the other hand, I found out the importance it has for an institution like us nowadays.

SS: Why is such importance being placed on anti-money laundering now?

RB: I would say there are two reasons for that. The main one is that it's the right thing to do. If you want to be a respected organization, you have to have things in place that are respectable. The other reason for importance is coming from the regulators. They have emphasized the importance of this topic in general recently.

SS: Tell me what makes for a strong compliance organization.

RB: For an organization to be strong in compliance, I would say that you have to lay down an agenda. Regulators are here to stay. By that, I mean the domestic regulators for Perú and, as we are listed on the New York Stock Exchange, we also have to comply with Sarbanes-Oxley. You have to be a secure organization, in that you have to provide the means for avoiding fraudsters and hackers and others. Second, you have to keep in mind that this regulation is here to stay.

SS: To compete in the anti-money laundering field, what must an organization do?

RB: I would say, besides having a very skilled staff and having an agenda, you also have to keep looking into best practices and attend conferences and keep updated in whatever is the latest in this regard. For that, you also have to be very informed on the tools that are out there, because there are many tools that claim – and to a certain extent they can do it – to track anti-money laundering activities or suspicious activities. However, your tools have to be consistent with your size. It's conceivable that you can track anti-money laundering activities with an Excel spreadsheet if you are a very small organization or if you are only tracking one export for your organization. But if you are a retail bank – as in our case where we have 200 branches and operations overseas, a branch in New York and the Cayman Islands and also in Panama – you operate in an area where your activities are more exposed. You have to have all the tools for the processes and the training for the people in order to be competitive. This also has a lot to do with the level of awareness that the whole organization needs to have in order to diminish the risk of falling into one of these types of activities.

SS: You mentioned systems and best practices. How do automated systems allow a company to be more effective and efficient at tracking money laundering?

RB: There are good packages out on the market. When you purchase the right package, with that comes all the knowledge that the company has put into it. The intelligence of the company that developed the package is put into the rules of the system, and you take the benefit of that pretty much right out of the box. For that, you have to look for a good package. These days, I cannot imagine how I would deal with the enormous number of transactions – counted in the millions each day – going through the system without any specialized tools to perform these activities. So in terms of effectiveness, you have to have a tool; otherwise, you have to have a huge staff of people working on all the alerts. In order to be efficient, you have to have an adequate staff, which can manage an organization like this. That's where an automated system allows the company to perform.

SS: What if a bank was targeted for money laundering? What's at stake? What happens when that goes on?

RB: I would answer this in two parts. What's at stake for the bank, the way the chairman of the board sees it or the CEO of the bank sees it, is the bank itself. We cannot afford to be exposed to involvement in these kinds of cases because this could, in terms of our reputation, harm us seriously. That is our reputation at risk. But other the real risk is, if we fail to report our suspicious activity or fail to comply with regulations surrounding this activity, even our license to operate in certain markets can be withdrawn. So we take this very seriously. What is at stake is the bank itself.

SS: Let's talk about keeping pace with the regulations and changes that are going on. How can a bank do that? What's your process for keeping up with everything that's going on right now?

RB: This is one of the main concerns I have, because our regulators don't regulate based on the capacity of the banks to implement their regulations. I have to be honest. We tried to talk to our local regulators and tell them that if they can issue quarterly all the things they are going to do, we probably can plan better to fulfill their requirements in a timely manner. In our case, here in Perú, our regulators talk with the banks, but they have their own point of view. That poses a huge challenge for us. What we have to do is our best, and if we are not meeting the specified deadline then we try to go back and talk with our regulators where we can. There are cases where we cannot talk with the regulators, and we try to do our best. I wish I could have said that we are completely managing this aspect, but the regulators are pretty much overflowing our work capacities. Foreign regulators are even worse. Our holding company also has to fulfill the Sarbanes-Oxley regulations that also have a specific agenda. I probably have a staff of 40 to 60 people in different areas dedicated to the work of the regulators: auditing, systems, operations and risk carriers. So I wish regulators wouldn't regulate at the pace they do, but that's life. We do our best.

SS: Well, it sounds like you're going strong, and it sounds like you already have some best practices in place. Can you share? You touched on some of them, but can you share those with me that other banks could benefit from?

RB: I would say that the first thing you have to do is realize the regulation is here to stay. And also, you have to staff the organization that is going to be in charge of compliance – that regulates the regulations – with the right people. Also, you have to get somebody from a very high position in the bank, in our case it's the CFO, to be the one who prioritizes what activities to do first, because we cannot do everything all together. And though we have, as I mentioned, a large staff in this regard, the work requires prioritization. Another thing that is very important is, once you have set something in place in terms of process or tools to perform certain activities, you have to keep it updated. The risk of putting something together and forgetting this is in production is very hard. You tend to forget the update that this requires.

SS: Is there anything I haven't asked about or haven't touched on that you want to tell the readers of our financial services newsletter about anti-money laundering?

RB: I would state two factors: You have to keep your organization – all the layers of the organization – informed as to what you are doing. Second, you have to keep the organization trained on all the cases. We have to inform the organization – and inform the regulators – on steps that we are taking, and also keep the organization trained in this regard and appraise all activities that are being performed. Also, see if the activities that are in place are now good enough, because these activities involve different staff. Once you have a different scenario, maybe that scenario is not good anymore because they found another way to do things.