As published in Finextra
The Binance situation should prompt organizations to reevaluate and reinforce their internal controls, focusing particularly on the human element. Read on for guidance on how to avoid similar incidents.
Those of us in the financial crimes compliance profession look at the current debacle with Binance and ask ourselves, “How could this happen?” We believe that with our policies, procedures, and technology this could not happen to us. But it can—and does—when we forget that key ingredient of our internal control structure: PEOPLE.
In the US, the Financial Crimes Enforcement Network (FinCEN) told us back in August 2014 when they issued Advisory FIN-2014-A007.pdf that “Shortcomings identified in recent Anti-Money Laundering (AML) enforcement actions confirm that the culture of an organization is critical to its compliance.” FinCEN provided guidance to financial institutions in that Advisory which noted that, among other things, leadership should be engaged and create a culture of compliance at the institution. In addition, the Office of Foreign Assets Control (OFAC) provided guidance that articulates the need for management commitment to compliance.
Certainly, Binance management was committed, just not specifically to compliance; rather, a culture of non-compliance was promoted. Given what we see in the enforcement orders, any chief compliance officer (CCO) at the organization should have resigned and not been party to the efforts of management to circumvent regulations.
So, what can we learn from this?
Any person or entity associated with Binance needs to look at their due diligence efforts and ask what went wrong. There was clearly too much reliance on statements provided by the company and little to no verification effort. The bad guys will be looking for a new platform, so everyone should beware of customers coming from Binance.
If you are a compliance professional, be aware of that primary red flag: the lack of a compliance culture. There needs to be a culture of compliance not just at the top of the organization, but from the top and throughout the entire organization.
As a compliance professional, make sure your service providers understand your business, the compliance risks you face, and how their system, when configured correctly, helps to mitigate risk.
As a service provider to financial institutions, make sure your customer is using your system correctly and not just as a “cover” for compliance.
The Binance situation should prompt organizations to reevaluate and reinforce their internal controls, focusing particularly on the human element. A genuine commitment to compliance must permeate every level of an organization, from leadership to the front lines.
We must remain vigilant, adapt to emerging challenges, and remember that technology and policies are only as effective as the people who provide and implement them. The lessons from Binance are clear: a culture of compliance is non-negotiable, and our diligence in fostering this culture is the bedrock of effective financial crime prevention.
Comments