CFO’s of any organization are protectors of the corporate assets. It is their job to assess business risk in two categories – cybersecurity and, if a banking or other financial institution, money-laundering. These two areas require constant vigilance and up-to-date training on the part of the CFO and, ideally, all staff.

Cybersecurity

Cyber-attacks are so common today, that everyone if fully vulnerable – individuals, retailers, government, banks, investment firms, etc. As fast as IT solutions are found, sophisticated IT criminals find methods to circumvent them. Cyber risk has to be assessed and managed.

• CFO’s must identify all critical information that must be protected (investor and/or customer data, financial records, trade secrets, etc.) and to meet with IT staff to address any issues and need for further security investment.
• CFO’s are also responsible for providing training for everyone, especially those in IT departments, and continued investments in sophisticated security systems.

It is no longer a question of if, but of when an organization will be hit with a security breach. A crisis plan must be in place to manage the breach in the most risk-averse manner

Money Laundering

All governments continue to conduct reviews of banks and other financial institutions, in order to assess the risk of money laundering. As they discover risks, they adopt and enforce new regulations to which all financial institutions must comply. And they indeed monitor compliance. There are big fines to pay when an institution has not achieved the compliance.

According to Aperio Intelligence, Britain’s FCA conducted reviews of banks, large and small, as well as insurance intermediaries, in both 2011 and 2014, and found serious risk issues. One of the parts of the final reports related to the lack of knowledge on the part of compliance staff in the areas of risk assessment, monitoring of high-risk accounts, and basic understanding of AML regulations. As a result, the FCA, as well as government financial regulatory agencies all over the world, will raise the ante with higher penalties and fines for non-compliant institutions.

There can be serious consequences for AML non-compliance. In the U.S., for example, regulators who find non-compliance issues not only impose fines. They deny mergers and acquisitions and withhold any federal funds from being placed in an institution until it is in full compliance.

Tips for CFOs to Avoid AML Violations

1. If there are policies and rules in place to comply with all AML regulations, are they consistently enforced throughout the institution?
2. Is there regular assessment of AML compliance with a full reporting to the Board?
3. Is there a functioning whistle-blower program so that questionable financial transactions are reported?
4. Do the CFO and all employees receive regular training on AML, financial crime issues, risks, actions, and compliance?

The most important of these 4 tips is in the area of regular training. As the folks at Aperio Intelligence point out, the majority of non-compliance and other risk issues are the result of ignorance, not deliberate decisions to ignore and avoid.

The smart CFO’s of banks, investment firms, and insurance providers will see to it that they and all staff members are enrolled in ongoing education and training efforts.