[tyrfing]

One way to prove weak controls is also to show that low-level branch employees have the ability to override AML/KYC flags, and regularly do so. That's not just poor controls, it's demonstrating knowledge of the transactions being suspicious while enabling them anyway.

GP says "monitoring transactions should not be sufficient to satisfy KYC" - of course monitoring transactions is required to satisfy AML, flagging any transactions indicates specific knowledge of them being suspicious, and failing to act in any cases where it was warranted will be used as proof of lax controls, with fines starting in the hundreds of millions.

[creer]

Isn't this where documentation of actual KYC would come in? "Flagged for reason X; Overridden by local manager - follows 10 lines of CYA justification"? Normally that's good enough for administrations.

The second time it's flagged for reason X+1, include 10 lines from rank 2 manager.

[YawningAngel]

That probably would be acceptable but it's not clear it is worth the bank's while to do that

[creer]

It seemed in these reports that the local manager was surprised. ... But it may be that they were only "suprised", i.e. not about to say that the system did prompt them but they ignored the prompt. Possible. It is also possible that the bank only prompts the local manager if the client has enough estimated net worth or estimated lifetime client business value. The kind of thing that might make sense but wouldn't be disclosed until there is a lawsuit.