c. Assessment of metrics and key performance indicators( KPIs): The 2LOD also reviews the metrics and KPIs related to risk-based due diligence procedures. Metrics relating to timelines of performing risk-based due diligence, outstanding cases and penalties levied by regulators for nonadherence to risk-based due diligence can be indicators of whether the controls are functioning as expected or not.
4. Enhancement of existing controls or development of new controls
Control deficiencies or gaps identified in risk-based due diligence control are remediated either by enhancing existing controls or developing new controls to mitigate the risk posed by high-risk customers. A few examples of developing new controls or enhancing existing controls are listed below.
a. Updating policies and procedures: Risk-based due diligence procedures are updated to remediate any design and operational gaps as well as to reflect relevant and current legal and regulatory requirements.
b. Enhancing AML training and job skills assessments: Efforts are taken to design risk-based due diligence training materials and hold periodic training for the operational teams so that the teams have up-to-date knowledge regarding the requirements and execution of risk-based due diligence. In addition, external trainers with AML-specific training capabilities can be hired to impart training to operational teams. Another important control that can be implemented( if not already in place) can be verification of training completion from team members responsible for the execution of risk-based due diligence controls.
c. Implementation of automated ways to execute controls: With ever-evolving technology, the 2LOD can implement new software, models and use artificial Intelligence for risk-rating score calculation of customers, the aggregation of news and negative media sources and conducting searches more efficiently for timely detection of human errors.
5. Continuous monitoring and reporting
Last but certainly not least, an important aspect of highrisk customers’ risk management is monitoring the performance of new / enhanced risk-based due diligence controls to assess if the control is working as expected to mitigate the identified risks. As part of this stage, the 2LOD receives regular quantitative and qualitative updates on the performance of risk-based due diligence controls and if known risks are triggered above the acceptable limit. This information is also shared by the 2LOD to governance committees and boards.
Conclusion
Risk-based due diligence procedures are updated to remediate any design and operational gaps as well as to reflect relevant and current legal and regulatory requirements
For an FI, it is essential to build a strong risk management culture and framework. It is also important to leverage the risk management framework to identify key risks related to money laundering / terrorist financing and to enhance and develop controls to mitigate these risks on a continuous basis. While risk management is the responsibility of the 2LOD, one cannot emphasize enough the importance of equal participation from all departments of an FI in order to be actively involved in identifying and communicating the risks relating to money laundering / terrorist financing and financial crimes as well as suggesting controls to mitigate these risks.
Gauri Bapat, CAMS, CFE, audit manager II, Financial Crimes and Enterprise High Risk, TD Bank Group, 1
“ U. S. Treasury Announces Largest Settlements in History with World’ s Largest Virtual Currency Exchange Binance for Violations of U. S. Anti-Money Laundering and Sanctions Laws,” U. S. Department of Treasury, November 21, 2023, https:// home. treasury. gov / news / press-releases / jy1925
2
“ OCC Assesses $ 65 Million Penalty Against City National Bank,” Office of the Comptroller of the Currency, January 31, 2024, https:// www. occ. gov / news-issuances / news-releases / 2024 / nr-occ-2024-8. html
3
“ Klarna receives a remark and an administrative fine,” Finansinspektionen, November 12, 2024, https:// www. fi. se / en / published / sanctions / financial-firms / 2024 / klarna-receives-a-remark-and-anadministrative-fine /
4
“ FCA fines Starling Bank £ 29m for failings in their financial crime systems and controls,” Financial Conduct Authority, February 10, 2024, https:// www. fca. org. uk / news / press-releases / fca-fines-starling-bank-failingsfinancial-crime-systems-and-controls
ACAMS Today | September – November 2025 63