Anti Money Laundering Compliance System

  In a previous newsletter I spoke on three basic steps required when conducting a risk-based approach risk assessment of your business. Step one was to assess the risk of the four different categories within your business which include clients, products, countries, and channels. The second step was to determine what your business’ risk appetite is. And the final step is to review your internal controls. In today’s article we will look a bit more in detail at how to assess your business’ clients, products, countries, and channels. The first category we have are your clients. Remember to keep in mind that you want to tailor your risk assessment based on your institution or firm. All businesses are different and will require different policies, procedures, and controls based on who and what you are dealing with. Let’s start with an easy enough question in terms of your customer base; Who are your customers? Sounds simple enough, but you’ll need to dig to find out information on who y...

  Cybersecurity article series: Cybersecurity risk analysis Staff training Detecting a breach and immediate action Recovering from a breach Cybersecurity risk analysis The first in our series of articles on cybersecurity will cover aspects of risk analysis for your business. Risk analysis is something that everyone in the world of regulatory compliance and AML is familiar with and deals with every day. For the most part though, our focus tends to be on external risks like new clients, businesses and industry practices. When performing a risk analysis on our assets in relation to cybersecurity, we must also have a clear focus on internal threats.

  In the world of Compliance, risk assessments are the foundation of a protected business. Knowing what risks are out there, how to mitigate them, and what your risk appetite is, will all help to ensure vulnerabilities and shortfalls can be addressed and managed properly. Just like with compliance, IT risk assessments are especially important because the risk landscape is constantly evolving, making it harder to keep up with the changes in risk to your business. Risk assessments can also help to keep costs under control and make audits more efficient. The following steps will assist your business in undertaking a quality IT risk assessment. Identify all possible  vulnerabilities : Make time to document all the possible vulnerabilities that could pose a risk to your business. Include ransomware, DDoS attacks, phishing campaigns, possible routes into your networks and which departments or personnel are more vulnerable than others. Also note any gaps in your current security po...

  As an avid reader, my favorite genre is mystery.  A good mystery writer will drop a clue now and then, just enough to keep me guessing and occasionally I may be able to figure out who did the deed once I reach The End. However, as much as I love a good mystery, a compliance manual should not read like one.  And yet, sadly, so many do.  Too many require the reader to hunt for the clues to a company’s anti-money laundering (AML) processes and policies and approach to risk analysis.

  SILO is Designed to Make AML Compliance Simpler, Faster, and More Comprehensive.  If you’re constantly updating spreadsheets to manage your Anti-Money Laundering customer due diligence obligations, SILO Compliance System is for you. AML compliance is too important to be managed on a spreadsheet or through a “module” bolted on as an afterthought to an accounting or document management system.

  After countless man hours and additional funding put in place to protect your business from cyber-attacks , there will always be residual risk of a breach. If a breach still happens after all the hard work you and your team put in, it would be easy to resign yourself to the fact that it was all for nothing. What you must focus on though is that all that hard work made it much more difficult for that breach to occur. A hacker may spend days, weeks or months attempting to breach a network, and they only have to be lucky once to call their operation a success. If they manage to do so, the best thing you and your team can do is ensure you learn from it. After every operation in the military, both training and real-world, comes an After Action Review (AAR), and you should conduct one of your own to learn as much as you can about any cyber incident. An AAR has several parts which are key to ensuring you learn as much as possible about the incident: What was supposed to happen?...

  Cybersecurity article series: Cybersecurity risk analysis Staff training Detecting a breach and immediate action Recovering from a breach Even after going through months and years of training your team to prevent and detect data breaches, it is of course still possible that your business gets added to the ever-growing list of victims of a hack. Remember that a criminal only has to be lucky once in order to gain access to your data. If your business has been proactive in keeping your devices and networks safe and in preparing for a possible breach, you’ll have the upper hand legally and ethically if one does occur. Once it has been confirmed that systems, networks or data have been compromised, there are a few specific actions that will help you along the road to recovery.