Compliance: Business Prevention or Business Protection?

Experts discuss why training your workforce in financial crime is an essential part of company culture

Many European airports have bottled water banks that employ an ‘honesty box’ approach to payment. If you take a bottle of water, drop in a euro in the payment box. Simple.

But here’s a question: If there were 100 bottles of water available on any given day, how many euros do you think the honesty box would have at the end of the day?

This was the question Shilpa Arora from ACAMS asked to kick-start a discussion on ‘Training your Workforce in Financial Crime’ for FFECON Week’s online conference on FinTech.

If you’re curious to know, Arora quoted a study that found only 92% of people who take a bottle of water actually paid for it. That means 100 bottles of water translate to 92 euros in the ‘honest box’ at the end of the day — a good way to start a conversation on the need for training staff in AML.

The statistics aside, Arora thinks compliance today is seen by many as optional and that needs to change not just for the sake of AML efforts, but for companies as a whole.

“For large financial firms, that 8% of people who decided not to pay can translate to thousands of employees across the world,” said Arora, who is the director of AML for EMEA at ACAMS.

For Mark Schnieder, financial crime risk specialist at TransferWise, risk and compliance go hand in hand and are both a part of the company’s product conversations. “There should be a two-way street where we think about risk and training as growing our products, but doing so responsibly,” he said.

“Responsible growth is important because FinCrime is not only about protecting our customers, but our customer’s customers. It’s a collective effort as a part of a culture that we must all adopt.”

Tony Brown, chief risk officer and MLRO at Pay Perform, argues that compliance is more than just an organisational requirement — it is an essential part of a firm’s culture. Stressing that compliance discussions cannot be left to the last two minutes of a meeting, he said of AFC teams: “We’re not business prevention, we’re business protection.”

So how does one begin training their workforce for fortifying the company’s AML efforts in a world where sales get a front-row seat to all important policy decisions? Brown says it all begins with senior management and how they view compliance.

“If senior management takes compliance seriously, the rest of the staff will too,” he said, adding jokingly, “It’s a monkey see, monkey do sort of a thing.”

Citing a wide range of resources available for employee FinCrime training, such as EU directives, Wolfsberg group principles, and OFAC, Arora listed out a 5-step approach to creating a training programme. Here’s a quick recap:

  1. Always start with a Training Needs Analysis, a document that sets out the rationale behind the content of the programme
  2. Governance, which she stressed is not the same as bureaucracy, but the act of taking input from the people that need to be consulted
  3. Audience identification, which recognises the kind of training needed for different roles within the company
  4. Development and delivery, including lists, visuals or mind maps of the process
  5. And finally, an evaluation of effectiveness that measures audience reaction to the training and identifies behavioural changes based on the learning leading up to the final result.


While training all staff is important, not all staff require the same kind of training. The CEO for instance has little to benefit from the same training required of a fraud investigator. But what’s most important is that everyone understands the importance of training.

“Most training ends up being a load of material that’s thrown at you, you have to do it once a year. Some staff do it because they don’t want to be on the naughty list,” said Brown.

“And sometimes, it’s just a quiz that you have to pass. Is that appropriate training for professionals in a regulated business that’s moving lots of money around the world? No.”

Arguing that most firms are now moving away from the view that compliance is a ‘necessary evil’, Brown suggested that a firm’s size and resources dictate the quality and level of training, adding, “ultimately it’s driven by a firm’s want and desire to have appropriate training for all its staff and that is a measure of culture.”

On the same note, Schnieder said that the requirement to take compliance seriously should be an expectation in the terms of employment, especially for FinCrime. “Fincrime is more than just AML. It involves fraud, sanctions, and other serious issues, for which training needs to be adequately risk-based,” he said.

Meanwhile, Arora said that measuring the effectiveness of training is paramount and suggested that simply emphasising the regulations to staff is not enough.

“We need engagement from our audience, not subservience,” she said.

Brown likes to put a human face to his anti-financial crime work. “Someone somewhere is being exploited and manipulated by people who live rock and roll lifestyles profiting from the exploitation,” he said.

“At the end of the day, we need to emphasise the roles our firms play in shutting doors to these people and the impact our actions have on the lives of the victims.”


By Vish Gain, December 8, 2020, published on AMLi


Recent Posts