What are the root causes leading to a look-back or remediation project? What are the challenges of a look-back or remediation? How do you create a winning strategy to approach a look-back or remediation?
Background and Origin
Remediation projects generally relate to a repair of a failure in a financial services company’s (FI) AML program. Depending on the type of failure, it may be necessary to review transactions from prior time periods –or “look-back” – to determine if the failure resulted in reportable activity going unreported. There are typically two sources for look-back and remediation projects. First, action by a regulatory agency may require a financial FI) to conduct a look-back. Second, a FI may self-identify an issue and decide to remediate it.
At the simplest level, remediation projects and look-backs arise from a breakdown, or lack of controls. These control failures mainly occur as gaps in transaction monitoring, failures in watch list management, and ineffective customer risk rating models. These failures often result from data inaccuracies, systems issues, or an ineffective risk assessment. It is also possible for control failures to occur through actual misconduct within the FI.
The most serious challenge in carrying out a look-back or remediation project are the potential unwillingness of executive management to recognize the breadth of the control failure, and the magnitude of the possible adverse impact the failure can have on the FI. Failure to identify and report suspicious activity can expose a FI to regulatory sanctions, substantial monetary penalties and serious reputational harm. Delaying a management response or declining to respond at all can have severe consequences.
Another challenge to this process is cost management. It is imperative to clearly define the scope of the look-back, both in what is being looked for and during what prior time period. Without careful scoping, a look-back can take on a life of its own – resulting in the need for a re-examination of a broader range of transactions or a longer time period than is necessary to determine the extent of the failure being remediated – ultimately opening up the possibility for a significant increase in the cost of the project.
Once a control failure has been identified – what’s next?
- Assess the problem and scope it
- Apply a basic red team analysis to the problem
- Develop two plans to execute (one the preferred and one the contingency)
- Evaluate whether a third party with independence and a broad range of experience is necessary or if FI employees can be leveraged to remediate the failure with failures identified by a regulatory agency, a FI may be required to retain one or more vendors to assist in the remediation
- Create open and transparent communication with the Board (and/or oversight committees), Audit, and the appropriate regulatory agencies
- Execute, evaluate and report; this last step is where you can reap many benefits from the effort and leverage many different forms of intelligence (lessons learned, new data, new process observations, etc.).
Establishing an effective plan to assess and remediate control failures, marshalling internal and external resources to implement the plan, and monitoring the effectiveness of the actions taken can restore the effectiveness of a FI’s AML program.
At AML RightSource, our Financial Crimes Advisory practice is well positioned to assist in creating a detailed winning strategy and plan to approach a look back or remediation project. In addition, our AML/BSA practice has over 1,000 full time professionals (analysts and investigators) who can execute your look back and remediation project.
 Red Team Journal defines red teaming as “the practice of viewing a problem from an adversary or competitor’s perspective. The goal of most red teams is to enhance decision making, either by specifying the adversary’s preferences and strategies or by simply acting as a devil’s advocate.”