Daniel P. Stipano Interviewed by the Association of Certified Financial Crime Specialists in “2017 Conference Speaker Spotlight”
Association of Certified Financial Crime SpecialistsDaniel P. Stipano
Daniel P. Stipano was interviewed on August 24, 2017 by the Association of Certified Financial Crime Specialists in a “2017 Conference Speaker Spotlight” where he discussed a wide range of regulatory and compliance issues.
ACFCS: What is new in terms of regulatory priorities, focal points or gaps examiners are seeing and could be concerned about?
Dan Stipano: I don’t know if there is anything necessarily new on that front. I think that the kinds of things that result in problems for banks are the ones that have resulted in problems for some time. For instance, in the internal controls area. The basic building blocks, such as banks that get into trouble with the front-end risk assessment for not knowing what their risks are. Or even if the risk assessment is good, the bank doesn’t use the assessment to inform other areas, such as the level of transaction monitoring and SAR reporting. A risk assessment is very important because if you don’t get that right, you don’t have a chance to get anything else right.
ACFCS: What are some other consistent AML focal point areas for examiners? Where do you see problems that continue to be identified?
DS: Regulators are always focused on root causes for compliance failures. In practically every case, BSA/AML compliance program failures really boil down to two things: risk governance and risk management failures.
All BSA/AML program failures are essentially risk governance and risk management failures. They are also evidenced by a lack of a compliance culture. That continues to be a problem at some institutions. But then you get to the question: how do you create and maintain a positive compliance culture? That is an important question because if you don’t have it, you likely don’t have an effective AML program. You probably hear this over and over, but the tone at the top is critical. People pay attention to what leadership says.
But tone at the top, standing alone, is not enough: it has to filter down and permeate not just the compliance function, but down to the business lines as well. Organizations also have to look at the kinds of behaviors that are rewarded. Are people rewarded for simply making money? That’s very important, obviously. But if all that is rewarded is bringing in money, and compliance is a secondary priority, institutions will not do compliance well. So what behaviors should be incentivized should also be a leadership focus.