cfotechoutlook

The Quintessential Technology Source for Corporate Financial Professionals

Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
8SEPTEMBER 2025CFO TECH OUTLOOKIN MY OPINIONBy Christopher Phillips, Director of Anti-Money Laundering Compliance and Senior Vice President, Valley BankUSING ADVANCED TECHNOLOGY TO CREATE A TRULY RISK BASED AML/CFT PROGRAMThe Anti-Money Laundering (AML) profession is rife with buzzwords and acronyms, with AI (Artificial Intelligence) currently dominating conversations. A close second, and for years the front-runner, is RBA (risk-based approach), which has been a standard for AML compliance for decades. For a term that is so pervasive in the industry, and such a cornerstone of what AML professionals do, it is interesting to note that there is very little agreement as to what a RBA truly entails. Some in the industry have even gone so far as to argue that the RBA is a fiction, and that the industry continues to suffer from a zero-risk mindset; that is, all identified risk must be mitigated, and resources allocated accordingly, rather than to where the risk is greatest. The detractors, alas, are probably right in that industry spends more time discussing RBA than putting it into practice. Understanding the RiskMost financial institutions (FI) do have a risk assessment process. For AML, a risk assessment is mostly about understanding the FI's customer base and product set. The customer base of a community bank will tend to act differently, and more homogenously than a larger institution. Customers of a community bank, with a handful of branches in a local geography, are probably going to use very basic services, such checking and savings accounts, with activity limited to cash, check and an occasional domestic wire. Counterparties for these transactions are most likely in the same or close geography, which reduces the risk to the bank for processing. By contrast, a larger institution will have a more diverse customer base, spread across a larger geography. In applying the RBA, a FI would allocate resources to the area of highest risk. For instance, a real estate developer, while more profitable, may pose a bigger risk to the FI than a fast food employee. The developer regularly moves large sums of money amongst a variety of counterparties, some outside the US, and may be politically well connected, all things that add risk to the FI. Because this customer poses a higher risk, the FI may elect to spend funds monitoring that customer's account on a periodic basis, and only look at the other account should something concerning come to the FI's attention. Current State Risk Assessment Today, most risk assessments are a "check the box" exercise. Generally annual point-in-time reviews, assessments are Christopher Phillips
< Page 7 | Page 9 >