AML Rules for Insurers Likely to Be Issued Soon
By Dennis Kiefer, Senior Manager, Forensic & Dispute Services, Deloitte & Touche LLPFinal anti-money-laundering (AML) regulations for insurance companies, under Section 352 of the USA Patriot Act of 2001, are expected to be issued by the U.S. Treasury Department in the near future. And, while AML compliance is already a fact of life for insurers that have affiliated broker/dealers and proprietary mutual funds, the new regulations are expected to apply to life insurance and annuity products as well.
Insurance companies have somewhat resisted AML regulation, arguing that their products have comparatively low risk as conduits for money laundering or terrorist financing. Regulators say their hands are tied: Congress has instructed them to impose anti-money-laundering obligations across a range of financial institutions, including insurance companies.
The AML requirements for an insurance company will likely include the following key elements: (a) development of a formal written AML program, approved by senior management; (b) designation of a AML compliance officer responsible for the program; (c) implementing education and training on an ongoing basis for all appropriate personnel; (d) periodic independent testing of the program's effectiveness. In addition, insurance companies will need to develop a comprehensive system for reporting suspicious transactions to the Treasury Department.
For insurance companies, one of the more challenging aspects of developing an AML program will be to assess and address the risks posed by its particular products and distribution channels. Products suspected to be most at risk include annuities and insurance with investment features, or stored value such as policies with cash surrender value. Products with a "free look" feature are also considered to be especially at risk. Companies using independent agents or selling products through the Internet may face the greatest challenges. For example, how will a company ensure that its independent agents are adequately monitoring for suspicious transactions? The Treasury Department has made it clear that it will hold the insurance company responsible if agents fail to comply with the rules.
The global AML practice at Deloitte Touche Tohmatsu has developed a total enterprise approach to managing money laundering risk. It includes the following eight points:
1. Setting the tone at the top-Managing the risk of money laundering is now an element of good governance, not merely a regulatory compliance issue. Leadership is responsible for demonstrating a commitment to AML practices, standing behind oversight, training, and compensation structures that reward scrutiny and caution. Employees charged with carrying out the compliance program must be empowered by leadership.
2. Establishing enterprise-wide policies and procedures-An anti-money laundering program must be enterprise-wide, traversing lines of business, products and services, jurisdictions, and technologies. Written policies must be accessible and state the organization's commitment and goals. Procedures must detail plans and systems required to meet the policies.
3. Maintaining a strong control culture-Knowing the customer is everybody's job. This is especially critical in an organization with independent agents.
4. Appointing a designated anti-money laundering officer-Top levels of the organization must prove their commitment with action, such as appointing a designated Anti-Money Laundering Officer (AMLO) to lead and manage the program. Companies with multiple locations need local AMLOs, each reporting to the global AMLO, who must have access to top management.
5. Ensuring good intelligence and communication-Good quality information and effective, enterprise-wide communication are essential. For example, a simple and easily accessible suspicious transaction reporting mechanism is critical.
6. Requiring executive and employee training-Ongoing training is not only required by regulation, it is simply good business practice. Training is not a "one size fits all" undertaking and needs to be company-wide and tailored to fit the functions to be trained.
7. Monitoring and testing compliance-Independent periodic testing of compliance is critical to determining its effectiveness.
8. Leveraging technology solutions-Technology provides the backbone of a firm's AML program, and includes transaction-monitoring software, systems that capture data and produce suspicious activity reports, and systems that can communicate with each other.
While the cost in time and energy to implement an effective AML program is significant, as a number of financial institutions have come to learn, the penalty from failure can be considerably higher.
The views expressed in this article are those of the author, and do not necessarily reflect the views of Deloitte & Touche LLP.
