New York - Insurers have made great strides in combating money laundering but many have yet to apply the power of IT to the problem, a trend some experts see as troubling.
That picture of IT’s faltering focus on the crime emerged from an Ernst & Young LLP study called “Anti-Money Laundering Survey for the U.S.-Based Life Insurance Industry.”
Meanwhile, the need for IT to automate anti-money laundering (AML) processes has become clear, says Dan Higgins, principal, New York-based Ernst & Young LLP.
“With the significant [number] of daily transactions insurers process, it is highly unlikely that manual processes will meet their long-term control needs,” Higgins says.
His company’s survey included 16 U.S.-based life and annuity insurance companies, many from the top tier of admitted assets.
Of those, fewer than one quarter (21%) of insurers view their AML processes as “highly IT dependent,” half (50%) say they are “somewhat IT dependent” and just under one-third (29%) admit they are “predominantly manual.” In addition, 64% of respondents are using in-house IT solutions vs. 43% who have turned to vendors.
The majority of insurers spent less than $100,000 on software (62%) and less than $100,000 on hardware (57%), and all respondents kept their total software and hardware budget under $250,000.
Most Insurers (91%) say they have accomplished their AML cost objectives, but only two-thirds (67%) are meeting their reporting goals and even fewer (58%) are meeting their efficiency objectives.
Respondents did indicate a commitment to implementing future AML technology, with half (50%) planning initiatives around process efficiency and warning indicators.
“The early stage of adoption for these new rules in the industry is likely driving the lower reliance on technology,” Higgins says. “Firms are also still dealing with a rather nascent vendor landscape when it comes to solutions that consider the unique money laundering risks introduced by insurance products.”
Those factors create an opportunity to leverage technology to build more efficient and effective AML programs, Higgins says, adding that “the time time is right for the IT community to respond by customizing solutions.”
Some of the survey questions centered on governance. Asked if their AML was centralized under a single compliance officer for the parent and subsidiaries or decentralized, respondents split evenly. Regardless of the governance model, the vast majority (88%) dedicate five or fewer people to AML, with only 6% employing more than 10 full-time equivalents with AML responsibility.
About 94% of survey respondents say they have developed a formal, documented AML risk assessment, the cornerstone of an AML compliance framework, according to Ernst & Young. The majority sought assistance from compliance units (87%), legal units (73%) and the business units (67%) to develop the assessment, with few firms leveraging the risk and control perspectives of internal audit (13%).
While all of the companies with a formal AML risk assessment address product features, the numbers decline for other key factors. Eighty-seven percent include distribution channels, 80% say cash flow processing is addressed, 67% include geographies, and fewer than half incorporate client attributes (47%) and organization structure (40%). About 40% of the insurers have decided to include non-covered products in AML programs, indicating the insurance industry understands the importance of combating money laundering, Ernst & Young says.
In terms of implementation, 60% of respondents indicated they have established risk assessment policies that take effect when certain types of transactions occur; 53% evaluate policies at the time they are issued; and far fewer conduct periodic assessments on an an nual (27%), quarterly (7%), monthly (13%), or daily (13%) basis. More than half (53%) of respondents use a narrative approach to their risk evaluation and only 40% use a high, medium or low categorization.
“The value of a formal, thorough, maintainable risk assessment program cannot be underestimated,” says Steven Beattie, Ernst & Young principal and AML services leader. “The risk assessment helps target efforts to areas of most significant exposure, while also allowing management to right-size controls, training and reporting. A challenge for many organizations without a risk-based approach is the potential to overspend on operational solutions.”
Meanwhile, the industry is still learning to cope with Monitoring and Suspicious Activity Reports (SARs), the report indicates.
While Department of Treasury regulations require an AML compliance officer to oversee monitoring, the process can be performed by teaming business units and compliance people. That way, they can combine knowledge of AML with product insight.
Over half (57%) of respondents say AML monitoring is primarily conducted by compliance vs. 43% who cite the business units as having the principal responsibility.
More than three quarters of insurers’ AML monitoring includes ongoing policy activity (86%) and new business activity (79%), according to the survey. Seventy-one percent identify money laundering risk in nonmonetary contract transactions, and 61% monitor customers and the sales force. In addition, 71% have used enhanced due diligence (EDD), but 50% of those companies still rely on manual procedures for EDD.
While insurance companies have made progress at monitoring, half (50%) of the respondents have not yet filed any SARs related to life or annuity operations, and respondents filed no more than 55 SARs collectively during 2006. While no specific number of SARs filings can be considered an industry standard, the current statistics may indicate a lack of AML maturity or a view that insurance products pose a lesser risk as a vehicle for money, Ersnt & Young says.
Almost two thirds (64%) of the respondents have separate and specific training for agents and employees, with companies more commonly creating their own programs for employees. For agents, 55% have used self-developed training and 73% have used vendor programs. Among employees, 79% have self-developed and 36% have vendor-purchased training. Insurers are also using the Web for both groups, with 45% using Web-based training for agents and 50% leveraging this platform for employees.
More than three-quarters (79%) of insurers say they expected to meet the requirement to conduct a periodic independent test of covered products by the first anniversary of the regulation on May 1.
However, fewer than one quarter (21%) are using an independent third party to conduct their AML testing vs. 79% who are turning to internal audit.
“The IRS can be expected to use the independent testing results and workpapers as a launch point for its exam,” says Tom Ward, Ernst & Young partner and national director of insurance regulatory services. “The assessment should be performed by qualified parties [who] not only understand the elements to be checked off in a review, but also the underlying risks and exposures.”
As insurers continue the AML journey, they can learn from the experiences of those already subject to AML rules, says Beattie. “Satisfying the regulatory authorities will be challenging and will require a continued open industry dialogue as well as an ongoing investment in system development and internal education,” Beattie says.
Beyond the regulatory mandate, the proof of effective AML will be the industry’s ability to join the front ranks of companies working to deter money laundering, Beattie says.
The “Anti-Money Laundering Survey for the U.S.-Based Life In urance Industry” was conducted in December 2006 among 26 of the largest insurers, with 16 firms responding. The average admitted assets for those surveyed exceeded $100 billion, Ernst & Young says.
Source: Ernst & Young
