Money Laundering Risks in 2025 with Crystal Trout

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   Crystal Trout is a director with Baker Tilly's Risk Advisory practice. Justin and Crystal discuss her career in anti-money laundering compliance, and what brought her to consulting. They discuss the elements of AML compliance and how the need for it stretches beyond financial institutions to any sector that involves large transactions, including virtual digital assets and investing. They talk about the $3 billion settlement TD Bank entered into with regulators in October of 2024 and the messages that sends both to financial institutions and money criminals. Listen to Crystal’s advice to risk professionals who may oversee large transactions. Key Takeaways: [:01] About RIMS and RIMScast. [:15] Public registration is open for RISKWORLD 2025! Engage Today and Embrace Tomorrow with RIMS at RISKWORLD from May 4th through May 7th in Chicago, Illinois. Register at RIMS.org/RISKWORLD. [:31] About this episode of RIMScast. Crystal Trout of Baker Tilly and I will discuss how Anti-Money Laundering regulations are impacting the risk profession. [:56] RIMS-CRMP Workshops! As part of RIMS’s continuing strategic partnership with Purima, we have a two-day course coming up on April 22nd and 23rd. Links to these courses can be found through the Certification page of RIMS.org and this episode’s show notes. [1:15] Virtual Workshops! On April 16th and 17th, Chris Hansen will lead “Managing Worker Compensation, Employer’s Liability, and Employment Practices in the U.S.” [1:29] On June 12th, Pat Saporito will host “Managing Data for ERM” and will return on June 26th to present the very popular new course, “Generative AI for Risk Management”. [1:44] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode’s show notes. [1:55] RISKWORLD registration is open. Engage Today and Embrace Tomorrow, May 4th through 7th in Chicago. Register at RIMS.org/RISKWORLD. Also, remember that there will be lots of pre-conference workshops being held in Chicago just ahead of RISKWORLD. [2:14] These courses include “Applying and Integrating ERM,” “Captives as an Alternate Risk Financing Technique,” “Contractual Risk Transfer,” “Fundamentals of Insurance,” “Fundamentals of Risk Management,” RIMS-CRMP Exam Prep, and more! The links are in the show notes. [2:38] Money laundering should be one of the top risks on your risk radar, especially in 2025 as new regulations are added or rolled back. Some high-profile resolutions have made recent headlines. [2:51] To help me make sense of it all for the RIMScast audience, here is the Director of Baker Tilly’s Risk Advisory Practice, Crystal Trout. Crystal has more than 23 years of experience working with financial institutions with a focus on financial crimes compliance. [3:08] We’re going to talk about anti-money laundering (AML) programs and get some best practices for implementation and reporting. [3:18] Interview! Crystal Trout, welcome to RIMScast! [3:33] Crystal Trout is a director with Baker Tilly's Risk Advisory Group. She joined Baker Tilly after having worked in financial crimes risk for over 23 years. Previously, she was in the financial institution space. [3:51] Crystal switched to consulting to help other financial institutions build out their AML compliance programs and ensure that they’re in a good spot for regulatory exams. [4:19] Crystal tells how she was drawn to anti-money laundering. In high school, she had an internship with a financial institution, and it was robbed. [4:37] When the FBI was doing their investigation, Crystal was trying to understand what they were doing and how they were going to catch the robber. She was so fascinated by the process that she changed what she went to school for and altered her career path.  [5:09] Crystal’s interest in understanding how fraudsters and money launderers act led her to use her banking career to work in the back office and investigation space. [5:38] Crystal says the institution used dispensers that limited cash, and the robbers only got $500. Because of the weapon they used, the robbers got a massive sentence at trial. [6:38] Crystal explains the current AML environment. Baker Tilly is staying close to any regulatory changes. The complexity of regulations is extensive. It’s critical that professionals in this space stay close to the challenges that extend even beyond the regulatory requirements. [6:59] We’re seeing more changes in regulations than we have historically had, Crystal observes. It’s a matter of understanding the landscape, staying close to the changes, and trying to predict which direction they may go and plan for either direction. The key is planning and not waiting. [7:32] Crystal suggests you should hope for the best and plan for the worst. Make sure that you’re prepared to go in either direction, whether regulations are rolled back or strengthened. [7:57] Justin recalls that TD Bank reached a $3 billion settlement with U.S. regulators in October 2024, pleading guilty to failing to maintain an adequate AML program, which unfortunately led to the facilitation of money laundering activities. That’s a huge penalty, Crystal points out. [8:37] This event provides valuable insight for risk professionals regarding regulatory expectations and also the consequences of inadequacies in their programs. [8:49] People need to understand that they can’t be lackadaisical in their compliance program. They need to be ahead of it. It’s all about preparation and planning.  [9:03] In the TD Bank case, regulators had identified substantial weaknesses in the overall transaction monitoring system and due diligence procedures. [9:17] TD Bank had allegedly failed to allocate the resources needed to operate their AML program, but they continued to have significant growth within their higher-risk customer segment and geographical region. [9:35] TD Bank wasn’t staying ahead and keeping current with its customer base and the risks that were taking place. Beyond the penalty, TD Bank has expenses for remediation efforts, enhanced compliance infrastructure, and independent monitoring. All of these are added costs. [9:57] Financial institutions may fail to realize the costs that happen beyond the penalty. They may say it costs too much to add the staffing or build the correct tools, not realizing it will cost them more when the regulators find these faults and weaknesses within their program. [10:18] A key lesson to learn is that compliance programs must be able to scale appropriately with the institution’s business growth and evolving risk profiles. [10:30] Regulators focus on the overall program effectiveness rather than mere technical compliance, particularly regarding the quality of suspicious activity identification and reporting. [10:41] It’s important for institutions that have to comply with these programs to be proactive and make sure they have the correct resource allocation. Those things are key when it comes to ensuring that AML compliance programs operate effectively. [11:11] There are five key pillars involved in an AML compliance program, including a designated compliance officer and following customer due diligence. You build an AML Bible, with paperwork that documents the steps you’re going to take to be in compliance. [11:39] It allows your people to understand the risk that the institution is willing to take, and what it’s not willing to accept. You document everything as evidence base for regulators, as having the correct tools and technology to support the program’s overall risk tolerance. [12:33] Justin and Crystal address the reputational risk to an institution that may come from a regulatory settlement. Crystal states that these settlements signal to the bad guys that they are going to be caught and they’re not going to be able to continue to act at that institution. [13:14] Crystal tells about the bank robber. For prevention, when someone comes into the bank, make eye contact, talk to them, and acknowledge them. If they’re scouting it out, there’s a lot less chance they’ll come back to that bank because they are being noticed. [13:37] A criminal may not physically be in the bank, but if you do due diligence up front when they open an account, asking the right questions, and looking for red flags, they may realize that you have a very strong AML program in place and they’ll go elsewhere. [14:07] Plug Time! RIMS Webinars! On April 3rd, join Zurich for “Understanding Third-Party Litigation Funding”. On April 10th, Audit Board will present “What CISOs Want Risk Executives to Know About Cyber Risk in 2025”. [14:24] Following the success of their recent webinar, HUB International returns for the next installment of their Ready for Tomorrow Series, “From Defense to Prevention: Strengthening Your Liability Risk Management Approach”. That session will be on April 17th. [14:40] On April 24th, RiskConnect returns to deliver “Better Together: The Marriage of Insurable Risk and Business Continuity”. [14:48] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [14:59] Important Announcement! RIMS and the Institute of Internal Auditors have entered into an agreement to deliver a selection of the other group’s educational programming to their members. Twenty-nine shared courses will be available to both association’s members. [15:17] RIMS members can explore the IIA courses that are now available to them at See Courses Here. To access RIMS’s complete selection of workshops, webinars, and courses, visit RIMS.org/Education. [15:35] Let’s Return to my Interview with Crystal Trout! [15:50] Are risk professionals who are not at financial institutions at risk of inadvertently being caught up in a money laundering crime? Crystal says this question is in the back of the mind of any risk professional. She remembers that running an AML compliance program is stressful. [16:22] There’s always the risk that a chief compliance manager could be cited for a failure and have to pay a significant, hefty fine. A risk manager should be aware of this when they’re performing any form of transaction. Listen to your gut if something seems off. Don’t ignore it. [17:26] Is paying in cryptocurrency a red flag? Navigating AML compliance specifically regarding cryptocurrency is new for a lot of professionals. There are risks and benefits to digital assets concerning AML compliance. [17:54] With any evolving form of payment, if risk professionals aren’t staying ahead, truly understanding and navigating how it works, it’s going to make it difficult for them to understand red flags and risks that might come, as well. [18:13] There is sometimes a natural fear in risk professionals that because they’re not comfortable with cryptocurrency, they’re not able to address any legitimate concerns or concerns that may be their internal fear due to the lack of knowledge. [18:45] Is it too risky for a company to announce the voluntary departure of a Chief Compliance Officer? Crystal says the company should already have a plan for somebody to temporarily step in and continue to operate so it doesn’t leave a gap or exposure in the organization. [19:22] It’s an opportunity for a risk professional to go into a financial institution and make a mark for themselves by helping the institution strengthen its overall compliance program. [19:49] It’s a good practice for a company to announce the replacement chief compliance officer at the same time as the announcement of the leaving chief compliance officer. It’s part of succession planning. [20:47] The money laundering risk landscape is expanding significantly. Industries outside of finance and banking face substantial financial crime risk and corresponding regulatory scrutiny. They have less mature compliance infrastructure than their banking counterparts. [21:07] Crystal mentions the real estate sector as a potential vehicle for money laundering due to the high-value transactions, price stability, and the lack of historical regulatory oversight. [21:19] Digital asset providers, cryptocurrency exchanges, wallet providers, and any type of virtual asset service providers face intensifying regulatory scrutiny because the platforms can facilitate anonymous transactions. [21:35] The Financial Action Task Force has established clear expectations for virtual asset service providers to implement robust AML controls. Gaming and gambling services present money laundering risk. [21:53] There are other high-risk sectors that money laundering risk could expand to. FinCEN recently required registered investment advisors and exempt reporting advisors who have not been required to have an AML compliance program to have one in place by January 2026. [22:22] We’re seeing AML compliance extend beyond traditional banking. [22:34] There are very few industries that, in some form or fashion, could not be a victim of a bad actor performing money laundering. It’s just a matter of the bad guy finding a way to do it. [23:09] What steps should a company take when money laundering by an employee is discovered? The appropriate officer needs to start an internal investigation. That’s a lengthy process. Make sure the “i”s are dotted and the “t”s are crossed within the investigation. [23:47] Make sure all the evidence and documentation are aligned. Involve HR and the appropriate supervisor authority. If it’s shown to be true, interview the individual. It could lead to termination. The investigative process could take months. The authorities may be alerted. [24:39] The company may not want it out in public knowledge and may not file a police report. It can damage a company’s reputation. [25:00] Crystal explains her passion for AML compliance and why she became a compliance consultant to help more institutions. The downstream impact is so significant. She wants to make sure the bad apples don’t have the opportunity to launder funds. [25:54] Special thanks again to Crystal Trout for joining us here on RIMScast. I’ve got links to more RIMS coverage of fraud, compliance, financial risk management, and anti-money laundering in this episode’s show notes. [26:09] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [26:38] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let’s collaborate and help you reach them! Contact pd@rims.org for more information. [26:55] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [27:13] Risk Knowledge is the RIMS searchable content library that provides relevant information for today’s risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [27:30] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [27:44] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [27:51] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Links: RISKWORLD 2025 — May 4‒7 | Register today! Nominations for the Donald M. Stuart Award [Canada] Spencer Educational Foundation — General Grants 2026 — Application Dates Spencer’s RISKWORLD Events — Register or Sponsor! RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Risk Management magazine RIMS Now Announcement: RIMS and The Institute for Internal Auditors' Strategic Alliance on Education RIMS Webinars: RIMS.org/Webinars “Understanding Third-Party Litigation Funding” | Sponsored by Zurich | April 3, 2025 “What CISOs Want Risk Executives to Know About Cyber Risk in 2025” | Sponsored by Auditboard | April 10, 2025 “Ready for Tomorrow? From Defense to Prevention: Strengthening Your Liability Risk Management Approach” | Sponsored by Hub International | April 17, 2025 “Better Together: The Marriage of Insurable Risk and Business Continuity” | Sponsored by Riskonnect | April 24, 2025   Upcoming RIMS-CRMP Prep Virtual Workshops: RIMS-CRMP Exam Prep with PARIMA | April 22‒23 Full RIMS-CRMP Prep Course Schedule   Upcoming Virtual Workshops: “Managing Worker Compensation, Employer's Liability and Employment Practices in the U.S.” | April 16‒17 | Instructor: Chris Hansen “Managing Data for ERM” | June 12 | Instructor: Pat Saporito  “Generative AI for Risk Management” | June 26 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Related RIMScast Episodes: “RIMS Legislative Priorities in 2025 with Mark Prysock” “AI and Regulatory Risk Trends with Caroline Shleifer” “Financial Risk Management with Chris Willey of American Eagle FCU” “Maintaining an Award-Winning ERM Program with Michael Zuraw” “ERM in Banking & Finance with Eleni Willis”   Sponsored RIMScast Episodes: “Understanding Third-Party Litigation Funding” | Sponsored by Zurich (New!) “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog (New!) “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL’s New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today’s Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring Walmart ERM Director Michelle Black!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: Crystal Trout, Director, Risk Services Advisory Group at Baker Tilly   Production and engineering provided by Podfly.