In some of my recent articles, I have attempted to cover what I believe are the necessary components of an effective AML/CFT compliance program, which must be:
(1) Constructed to reduce risk to an acceptable level.
(2) Automated, to reduce the requirement for constant, repeated human query.
(3) Self-verifying, so that information, once obtained, will be confirmed.
Remember, there are three area that must be delivered, to the user, for successful program:
(A) Know Your Customer: the client KYC must be obtained, confirmed, and available online. Changes in Condition, or a material change in client circumstances, must be automatically reported to compliance monitors.
(B) Know Your Customer's Customer: all the client correspondent bank's KYC data must be in the onshore bank's program, be updated constantly, and shall deliver evidence of unsatisfactory events, or of material changes in the client's situation or condition.
(C) AML/CFT performance: A second-generation, cloud-based program, that extracts, and confirms, through third parties, relevant data, that is state-of-the-art, actually ahead of banking best practices, and which effectively delivers profile data, and evidence, far more efficiently than the first generation database which dates back to 9/11, and has not been upgraded since.
If your compliance program performs above expectations, on all three of the above tasks, KYCC, KYC, and AML/CFT, you are probably exceeding banking best practices, but if it is not, then switch to one that does.