Comprehending the concept of AML risk management: From ostrich policy to number one priority

Sammanfattning: Purpose : Regulators are combating money laundering through legislation and banks work intensively with AML related activities. The purpose of this report is, therefore, to understand how the public and regulatory environment affect how a Nordic bank conducts risk management practices and organize to mitigate risks connected to violating AML legislation. By providing such knowledge, the research further seeks to explain the consequences in terms of achieving both business- and compliance objectives. Theoretical framework: The theoretical framework should lay the ground for conducting analysis. First, theories related to risk management practices are described which is followed by a literature review related directly to AML and regulatory compliance. This is further followed by theories connected to corporate governance covering concepts such as accountability and how imposed regulations affect organizational structure. Lastly, Institutional theory is used to explain how the current institutional setting affect the implementation of AML risk management within the case bank. The institutional theory of competing logics is used to understand how the two logics, i.e. AML and business logic, manifest themselves in the bank and how they are managed. Methodology: In order to answer the main research question, we seek in-depth knowledge based on human organizational experience under the interpretive paradigm. To do so, we have chosen to conduct a case study within a Nordic bank. The primary data has been collected through semi-structured qualitative interviews with a total of nine respondents within the bank. We have chosen to use semi-structured interviews since it enables the gathering of in-debt knowledge in relation to the purpose. Furthermore, in order to understand potential internal conflicts that can arise and different perspectives within the bank, we have interviewed respondents that work specifically with AML but also respondents from the business operations working directly with customers. Empirical findings: In recent years, there has been a drastic change in how the bank views AML risk and how they work to prevent money laundering. The reason for this is two-folded, constituting of an increased public pressure arising from the vast bank scandal in the Baltic market, together with increased regulatory pressure. The way the AML regulations are formed creates a great deal of uncertainty regarding what is considered a sufficient level of control and Swedish banks do not work in a uniform way. AML procedures are time-consuming and require a lot of resources, investments, and time that otherwise could be spent to improve business activities. It also creates frustration among customers that are not used to having to answer extensive questions about their personal finances. In the long run, the potential conflict with customers creates tension between client managers and the AML organization. In order to mitigate this tension, it is viewed as important to have AML personnel with both knowledge and experience about the business operations and vice versa. Furthermore, AML risk shows both qualitative and quantitative tendencies, and managing the risk relies heavily on the measurement together with general business experience. Conclusion: The findings suggest that a regulatory pressure combined with a public pressure exists that has resulted in that organizational actions have been taken to mitigate AML risk. The current risk-based regulatory framework is identified as challenging which raises the level of uncertainty but allows the bank to form its own practice of managing AML risk. AML legislation is not a new phenomenon but the focus in AML within the Nordic region and in the case bank was insufficient prior to the Nordic bank scandal. The slow institutionalization process results in a pattern of overworking AML which advocates a homogenization achieved through regulative support and greater collaboration between Nordic banks. We argue that the immense pressure related to AML today has shifted the priorities within the bank. To enable adherence to both the AML and business logic, the situation can be described as what we call a forced merger. Both logics prevail through negotiation but the AML logic is commonly favoured. The centralization has been vital to ensure and enable adherence to the AML logic. Although decisions have not entirely moved upwards in the organization, a shift sideways is identified, meaning that decisions regarding clients are today deeply influenced by the AML organization, indicating that AML has gained organizational authority. The organizational impacts are significant and the focus in AML has in one sense changed the bank from within and is today considered a top priority. Lastly we identify valuable aspects in the AML process that the bank should make use of.