The scandal unfolding before a committee of the United States Congress this week: the background investigation of the NSA whistle blower, by an outsourced entity, appears to have been, a least in part, improperly performed by the investigators. The allegations are that hundreds, if not thousands of background investigations were, in truth and in fact, faked.
This brings up a weakness in AML/CFT compliance. If you are outsourcing any part of your compliance, or relying upon the compliance performed by others (if that is permitted in your jurisdiction), have you adequately vetted the individuals, and companies, who you delegated to perform those functions ? And if you delegated the vetting to yet another company, who vet the entity doing the vetting ?
Have you actually personally the viewed the qualifications and experience of the compliance staff who you outsourced these tasks to ? Did you call their work references ? Did you visit their offices, and observed their operation ? It is, unfortunately, far too easy to "check the box" from afar, and fabricate compliance work product.
Remember, at the end of the day, you are ultimately responsible for compliance performed at your direction, on matters involving your bank or NBFI. Make sure that you have qualified people at the
company that you are using, that you check their work frequently, and that you ensure that they do not cheat on the tasks at hand; no shortcuts, please.