Spreadsheets for AML compliance? A recipe for disaster!

One of the clearest indications that things are not right in any system for managing AML compliance is the pervasive use of spreadsheets. Where do we begin in exploring everything that’s wrong with this as a strategy?

For starters, the use of spreadsheets is only slightly better than having a system that is fully manual. Migrating manual processes to spreadsheets brings with it all the same problems: error-prone, inconsistent, a lack of auditability, decentralised data and little or no consideration given to business continuity.

There are some obvious drawbacks in using spreadsheets as a management system. Whilst many employees will claim to be experts in using spreadsheets, they won’t be expert in using YOUR spreadsheet. Every user has a unique way of working, and what seems obvious to one user may be totally confusing to the next. The more complicated a spreadsheet becomes, the more formulae or cross-references it contains, the more likely it is to contain errors.

Spreadsheets are not easily shareable and do not impose a workflow. The result is a lack of consistency in AML compliance management processes. Auditability and accountability also suffer if the spreadsheet is stored locally and access is uncontrolled.

Spreadsheets can be resource-intensive and require a lot of data entry. There is often a duplication of effort as the same data needs entering into more than one spreadsheet. It is common practice to have a Customer Risk Assessment for each individual client spreadsheet, which makes it difficult to consolidate and visualise meta data (EG. How many high-risk clients do we have?). This lack of consolidation also makes reporting difficult. Not just the day-to-day stuff. Responding to ad-hoc reporting requests becomes complex and time-consuming.

Of course, not all information related to the client can be stored in spreadsheets. You still need a separate repository for documents and, more importantly, you need to be alerted when documents are about to expire. How do you manage this? The answer can’t be another spreadsheet!

On the subject of alerts, there is also a requirement to be informed every time there is a change event (internal or external) that demands an update to the data you hold. Sometimes these changes need to be reflected in the risk assessment framework or the template for the spreadsheet itself. If the template requires an update, there’s a chance you’ll need to re-input all the data too.

We could go on, but there’s no need to labour the point. While spreadsheets might serve a purpose for micro-businesses, they are not an appropriate solution for established firms or those with growth objectives.

For more information about InScope-AML, please download our eBook here.

If you are interested in scheduling a one-on-one discussion with one of our consultants, you can book a call here.

Or schedule a demo for an in-depth look into InScope-AML.