Zeen Train pfp
Zeen Train
@zeentrain
Finally decided to do a mini-series on the Anti-money laundering (AML) regulations + KYC. This will be the first cast going over high-level regs + some examples to understand basics
5 replies
2 recasts
18 reactions
Zeen Train pfp
Zeen Train
@zeentrain
I was an independent auditor for AML + Sanctions regimes across a litany of entities such as small farm banks, international FinTechs, Crypto companies, and large regional banking firms. I have seen every type of program you will encounter and done it across different countries. aka I know what I am talking about
2 replies
0 recast
2 reactions
Zeen Train pfp
Zeen Train
@zeentrain
AML regulation is annoying with its checklist of acronyms, so I will start with a couple of definitions here: - Bank Secrecy Act (BSA) | AML framework in USA. The main point of reference here - Know your customer (KYC) | Common term for customer identification and ongoing risk management. Included within the term AML
1 reply
0 recast
2 reactions
Zeen Train pfp
Zeen Train
@zeentrain
At a high level, AML regulations are basically the same everywhere you go. Yes, there are slight differences, but the pillars don't change: - KYC - Transaction monitoring - Sanctions
1 reply
0 recast
2 reactions
Zeen Train pfp
Zeen Train
@zeentrain
A simple example of customer identification is that in the USA, by law, all affected entities must collect: - Name - Date of birth - Address - SSN - A way to verify identity via a document (license) or a non-documentary method (3rd party provider)
1 reply
0 recast
2 reactions
Zeen Train pfp
Zeen Train
@zeentrain
Contrasting that with Hong Kong, they require everything that the US does + some way to verify the person's address. Verifying an address is another piece of overhead the USA decided not to adopt, but the meat is the same
1 reply
0 recast
1 reaction
Zeen Train pfp
Zeen Train
@zeentrain
Since we know that AML regimes are 95% the same, we also need to understand the principle that underpins all of it, the Risk-Based Approach®. This is the most essential principle to understand AML and can be best described as a ~vibe~
1 reply
0 recast
1 reaction
Zeen Train pfp
Zeen Train
@zeentrain
Calling it a ~vibe~ sounds dumb and oversimplified, but it's true. In other banking regulations like SOC-2 or the loan A - Z regulations, 90% of the rules are defined and 10% are left to some interpretation of risk. A mortgage client needs to sign X sheet or be informed of Y change in Z timeframe. Straightforward stuff
1 reply
0 recast
1 reaction
Zeen Train pfp
Zeen Train
@zeentrain
For AML work, it is more like 50/50, which differs from most other auditor work. Because of this variation, the ~risk-based vibes~ come into play more often.
1 reply
0 recast
1 reaction
Zeen Train pfp
Zeen Train
@zeentrain
But how do we assess the ~vibes~? Let's break this down into 3 examples with varying granularities.
1 reply
0 recast
1 reaction
Zeen Train pfp
Zeen Train
@zeentrain
#1) The simplest high-level example is comparing JP Morgan to a small farm bank in Nebraska. JP Morgan has significantly more risk for money laundering passing through them because they cater to an international consumer base, have super complex financial products, and their products are most likely international
1 reply
0 recast
1 reaction
Zeen Train pfp
Zeen Train
@zeentrain
The farm bank in Nebraska doesn't worry about 99% of that stuff. They don't do international business, they don't have complex financial products and candidly, they probably know most of their customers by name. Inherently, there is less risk for money laundering within the Nebraska bank
1 reply
0 recast
1 reaction