The Chief AML Officer and their Role as the Head of Financial Crime Risk and Compliance
The CAMLO is far more than a risk manager or compliance officer.
Setting the baseline for this article.
The industry has created a lot of inconsistencies around the title, scope, and role of the individual charged with managing financial crime risk and compliance. For many organizations, siloed approaches are the norm when contemplating the setup of an AML or fraud program. These programs are often layered into middle management under executive verticals like risk, legal, compliance, operations, or shared services.
Regulators only compound the problem by offering obscure guidance or leaving boards and management with the courtesy of using their discretion.
I have been an advocate for the integration of the financial crime domains as a writer, speaker, advisor, and practitioner for nearly two decades. As such, I am an advocate for a single point of leadership, at the executive level, when it comes to managing financial crime risk and compliance.
What is financial crime risk and compliance?
Five (5) domains fall under the financial crime umbrella: (1) fraud, (2) cybercrime, (3) money laundering, (4) corruption, and (5) sanctions. Each domain presents a risk management and regulatory compliance burden to financial services firms and corporations in other commercial segments.
Who is responsible for financial crime risk and compliance?
Ultimately the board is responsible for ensuring that management has implemented programs designed to mitigate financial crime risks and comply with applicable laws and regulations.
→ Article on “The Board's Role in Overseeing the Management of Financial Crime Risk and Compliance”
Under law, a board-designated individual is responsible for implementing the board-approved program. Commonly referred to, in the US, as the BSA Officer, this article will use the title, Chief AML Officer.
What role should the Chief AML Officer play in running the financial crime risk and compliance function(s)?
In short, the CAMLO is the leader of the enterprise business function that is financial crime risk and compliance. Leading the business function means doing things beyond managing risk and complying with laws.
When scoping out the role and responsibilities of the CAMLO you have to consider the many constituents that the role must serve.
Board of Directors
The CAMLO should play a direct role in providing the Board with unfiltered management information on all aspects of financial crime risk and compliance. Moreover, the CAMLO should build and maintain direct relationships with independent directors on the Board.
Chief Executive Officer
The CAMLO should administratively report directly to the CEO (a very debatable notion and not so common of a structure). This gives the CAMLO the stature required to be successful. As a management team member, this also enables the CAMLO to foster the necessary Board interactions.
Committees
The CAMLO should be actively participating in both Board and operating committees. Regardless of the organization’s size and complexity, a dedicated committee for financial crime risk and compliance should be chaired by the CAMLO.
Business Leaders
Building partnerships across the enterprise is a key measure of how effective a CAMLO can be in fostering a whole of organization effort to combat financial crime. Moreover, understanding the business enables the CAMLO to truly understand risks and vulnerabilities across the enterprise.
Direct Reports
Senior leaders, or directs to the CAMLO, are essentially the individuals executing daily. Giving those leaders clear guidance, autonomy, and support as needed allows the CAMLO to more effectively operate at the executive and board levels.
Auditors and Regulators
The CAMLO should have open dialogue and sound working relationships with those who poke and prod the programs. Keeping these constituents in the loop vs. explaining after the fact or during the examination saves everyone time and friction.
Law Enforcement
On the most significant matters involving law enforcement coordination and interaction, the CAMLO should be driving internal plans and actions. In general, having a network across the law enforcement and intelligence communities can serve the CAMLO and ultimately the organization well (when appropriate).
Vendors
Having external advisors (consultants), service providers, and solutions partners should not be a burdensome constituency. These relationships can offer real enablement for the CAMLO’s personal and organizational success (when nurtured and managed correctly).
While not exhaustive, that is a big list of constituents, and those commanding the attention of the CAMLO.
The role capture specific to constituents is the ability to handle people, both internally and externally. Prioritizing constituents based on the needs of the organization at large. Maintaining sound relationships and knowing when to leverage those relationships for the benefit of the organization at large.
What comes first: Compliance Officer, Risk Manager, or Business Leader?
The business leader is fundamentally the most important aspect of the CAMLO role. Managing the function is inherently a business challenge. Motivating a diverse group of people (as described above) to be aware of, interested in, and invested in outcomes is a business challenge (leadership). Moreover, basic business challenges like budgets and operating approaches = fundamentals (business leadership).
Next, managing financial crime risk has tenacles like no other (financial, regulatory, legal, reputation, etc.) — being the risk manager is not simply identifying problems and issues — it is designing the frameworks that protect and mitigate the organization. Only a strategic thinker, one that sees the landscape today and plans for tomorrow, wins as a business leader with risk manager skills.
The regulatory compliance aspect should carry over the effective results of good business leadership and sound risk management. Focusing on the regulatory cycle might be a surefire way to distract the CAMLO from leading the business and managing real risk.
Things I learned as a CAMLO and advice for those currently serving in the role.
The primary challenge from my perspective was fighting for time and attention. Once you have it, don’t waste the opportunity. Fear-mongering and/or presenting as an external presence will kill any chance of you getting another chance (for time and attention).
First principle, you’re part of the team (not an external party). Build your credibility through this principle first. Enhance your credibility by understanding the business as a whole. Define your credibility through trust and confidence. Add to that with technical expertise and a vision for how you bring solutions to macro and micro issues.
When you nail trust, confidence, and credibility, you will find that those constituents (described above) will be consistently reaching out to you (seeking good counsel, advice, or maybe even simple collegial interaction).
Also, as depicted in the image for this article — being able to execute (at the end of the day) is the name of the game!
If this article sounds disruptive to the current state of industry norms, it is meant to be. Decades-old status quo approaches will never tackle the problem of financial crime (and its underlying illicit activities).