YourABA May 2012 Masthead

Navigating anti-money laundering, privacy requirements

A recent Section of Business Law-sponsored CLE program, “Privacy and Anti-Money Laundering:  An Oxymoron?” described the challenges of navigating the complex and sometimes conflicting requirements relating to anti-money laundering efforts and privacy maintenance.  

Panelist Andrew Smith, partner at Morrison & Foerster LLP, explained the difficulty that many financial institutions face. Anti-money laundering reporting requirements necessitate programs to identify and report suspicious transactions to law enforcement. Yet at the same time, other separate requirements restrict the disclosure of personally identifiable information.

Specifically, under the Gramm-Leach Bliley Act, financial institutions cannot disclose personal information to non-affiliated third parties without an opt-out option for consumers. Other laws such as California’s SB1 place similar restrictions.

Staff working on anti-money laundering and privacy issues sometimes report to the same person such as a chief risk officer, but Brown believes that’s not enough for successful risk management.

While Smith points out that both laws provide broad exceptions for risk control and regulatory compliance, managing anti-money laundering initiatives and maintaining customer privacy remain challenging and complex.

Compounding the challenge is that anti-money laundering and privacy risk management are usually managed separately within an organization, said Catherine Brown, managing director at Treliant Risk Advisors. “Because their functions are so distinct and so operationally robust in their own right, it’s easy for [anti-money laundering and privacy maintenance] to be managed in isolation.”

Staff working on anti-money laundering and privacy issues sometimes report to the same person such as a chief risk officer, but Brown believes that’s not enough for successful risk management.  She said the key is strong communication and collaboration between the managers of the two groups. By working together, an organization can best balance the complexities of each area.

Anti-money laundering and privacy risk assessments are the foundation of sound risk management programs, continued Brown.  These assessments should be comprehensive and reflective of their connectivity. On a programmatic level, a commitment from the board and senior management is needed to ensure that a financial institution closely scrutinizes its efforts in this regard. Appropriate resources should be designated, a culture of responsibility and accountability should be maintained, and adequate skills and expertise for the managers involved are critical to success. 

Other topics discussed by panelists include special considerations for multinational organizations and non-bank mortgage lenders that are now subject to the new Financial Crimes Enforcement Network.

In addition to Smith and Brown, the program included Rena Mears of Deloitte & Touche, Nancy Baran of Prudential Insurance Company of America, Lisa Belle of Barclays Wealth Americas and Howard A. Eisenhart of BuckleySandler LLP. Agnes Bundy Scanlan of Treliant Risk Advisors moderated the panel.

Back to top



Making threats


Staking your claim: Safeguarding your law firm’s Internet interests


LinkedIn for lawyers: Expand, nurture your network; obtain results


Sixty must-see websites for lawyers from ABA TECHSHOW

Ethics of mobile computing: Obligations, security tips

Lawyers must heed dangers in using the technologies they love

How LA Superior Court is keeping its doors open during lean times

Tips on how to jump-start a mediation career

Create inclusive workplace to maintain, grow diverse workforce

Lawyering here and abroad:  Obtaining immigration visas for attorneys

Navigating anti-money laundering, privacy requirements

ABA Day in Washington spotlights legal aid funding, other issues of concern


Save nearly 40 percent on ABA job board postings!


New! Save 40 percent on award-winning Norton™ computer security products