What is a coverage assessment?
An effective AML transaction monitoring (TM) program should start with a sound risk and coverage assessment process. This process aims to identify inherent AML risks the business and products expose to and evaluate controls in place through a mapping exercise. The result of a coverage assessment is knowing the risks, knowing the coverages, and knowing the gaps.
How to do a coverage assessment
A coverage assessment for AML transaction monitoring is a three-step process:
An example of a typical risk indicator is with nested correspondent accounts, according to the FFIEC BSA/AML manual:
Nested accounts occur when a foreign financial institution gains access to the U.S. financial system by operating through a U.S. correspondent account belonging to another foreign financial institution. If the U.S. bank is unaware that its foreign correspondent financial institution customer is providing such access to third-party foreign financial institutions, these third-party financial institutions can effectively gain anonymous access to the U.S. financial system. Unacceptable nested activity and other activity of concern may be characterized by transactions to jurisdictions in which the foreign financial institution has no known business activities or interests and transactions in which the total volume and frequency significantly exceeds expected activity for the foreign financial institution, considering its customer base or asset size. U.S. banks should also focus on nested account transactions with any entities the bank has designated as higher risk.
https://bsaaml.ffiec.gov/manual/RisksAssociatedWithMoneyLaunderingAndTerroristFinancing/02
The mapping exercise deals with two aspects, on one hand, mapping to LOB (Line of Business) and products to see if the risk indicator applies to the organization; on the other hand, mapping to internal controls to see if the risk is covered.
A typical example for mappings to the products is, of course, a financial institution that doesn’t provide correspondent banking products would have no exposure to the risk. Whereas a typical example of full coverage would be an operational KYCC (Know your customer’s customer) procedure plus a TM monitoring scenario monitoring nested account transaction activities.
The mapping will be interpreted and reported through governance to conclude coverage, gaps, and roadmaps.
Special considerations
Coverage could be evaluated as full, partial or residue, contact us to discuss further details. Since manual controls are as important as automatic controls, coverage mappings should take into consideration manual controls whenever documentations are available.
Outsource your coverage assessments
Our firm provides full coverage assessment outsourcing services: