Global Factors Impacting AML Compliance in Banking
The intention of this paper is to highlight key factors in the global financial services space that are impacting the anti money laundering (AML) and countering terrorist financing (CFT) functions in the banking industry. The rise of digital payments and the associated entry of a variety of new players are challenging what used to be the turf of traditional banks and financial companies. The regulatory environment in new payment systems, including virtual assets, is continuously evolving and financial services institutions have to rapidly adapt to the regulatory changes and expectations.
At the same time, due to the ease of doing transactions globally, fraud, cybercrime, and other organised criminal activity is at an all-time high and is hitting the bottom-lines of financial services companies. There is pressure from consumers, investors and regulators alike – be it for service levels or for social and environmental aspects. It is among these pressures that the AML compliance function needs to be run, managed and improved and we will discuss some of the key trends within these issues and the remediation tools available for the banking sector.
I. Digital payments boom
The first and perhaps the most important factor is the boom in digital payments, and with it comes real time transactions and non face-to-face relationships with customers. There are advantages and disadvantages to it – advantages because non face-to-face customer identification has the potential to become simpler and more streamlined, verification of documents can become simpler due to digitalisation of national identity documents and databases now becoming available for government-issued credentials. E-KYC costs a fraction of normal KYC and can bring in huge savings for financial institutions. However, there are also disadvantages – the non face-to-face mode of communication has a huge potential for misuse (through impersonations, use of deep fakes, account takeovers). The reliance on technology for KYC and due diligence going forward will be very large and AML compliance functions will have to invest in new and innovative regtech solutions going forward.
II. New entrants into the ecosystem
A variety of new players have now entered the financial services ecosystem – mobile wallets, remittance and payment companies, virtual asset service providers and fintechs. The payments chain has expanded considerably and there are now new challenges such as data sharing across various types of companies, and the lack of visibility into the entire chain of transactions for any one player. A big challenge that we are seeing in the digital ecosystem is the difference in compliance levels, especially for the newer entrants. Many of the fintechs are started and funded by technology experts, for whom compliance is a very new subject. Although it would be unfair to expect them to get up to speed and up the compliance maturity curve immediately, criminals will be quick to misuse the gaps that are created. Across the region, we are noticing that regulators too are having open dialogue with fintechs and payments companies to ensure that the message of compliance reaches them quickly and effectively. It is the responsibility of the new entrants to provide the comfort to regulators that they are taking their compliance obligations seriously and implementing a strong AML programme in their organisations.
III. Evolving financial crime risks
Organised criminals are becoming increasingly global and run coordinated fraud and scam operations across countries. Especially since the pandemic, there has been a lot of focus on the use of money mules by criminals and their role in money laundering. In our very recent survey on this topic, the “evolving tactics of money mules” was the topmost challenge identified by compliance officers who participated in the survey. Regulatory hurdles also play a part in delays in stopping transactions or freezing accounts associated with money mules, and there are many countries where initiatives are being introduced for real time collaboration in identifying and preventing transactions association with fraud and cybercrime, where money mules are most often utilised. It is not enough for financial institutions to monitor transactions at the back end – there is also a pressing need to reach out and create awareness and education amongst customers against frauds, scams and money mules, especially the vulnerable populations such as young adults and senior citizens.
IV. More demanding customers
Customers have now got into the habit of benchmarking services from financial institutions with the likes of Google and Apple and Amazon. Naturally, they expect the same service levels from financial institutions and this often puts pressure on compliance teams, as a conflict with compliance can add to the turnaround time and interference with user experience. For example, if onboarding takes too long, the institution risks losing customers, which in the current competitive environment no financial institution can choose to ignore. However, neither can the institution afford to compromise on its compliance obligations and risk a monetary penalty and reputational damage. This is where compliance has to work very closely with the leadership, the business, and the technology teams to ensure an optimal balance between user experience and the regulatory obligations.
V. ESG and Sustainability
As the spotlight intensifies on ESG and sustainability goals, these can be aligned to financial crime compliance goals for mutual benefit. However, there is a significant implementation risk, as explained recently by a report from the Dubai Financial Services Authority on a concept called GreenWashing, which basically means claims made by an organisation to misrepresent the sustainability features, action or impact of its activities, practices or products, which varies in scope and severity ranging from confusing or inappropriate use of sustainability-related terminology to deceptive marketing practices and outright fraud. These are early days and the intersection of ESG and compliance is an emerging area and one to watch out for.
VI. Increasing regulation and collaboration
The last factor that I want to highlight is the increasing collaboration between regulators and supervisors not just in the same country, but also across regions and even globally. Regulators come together under various umbrellas – FATF, APG, Egmont Group, Interpol meetings and network regularly and exchange ideas. Public-private collaboration has been highlighted as one of the key goals of the current FATF presidency in addition to asset recovery, but now this is being extended to a concept called private-private partnership in some countries where regulated entities across sectors are coming together to discuss, strategise and implement risk mitigation strategies that will benefit the entire ecosystem, so that it becomes difficult for criminals to launder money through the lesser regulated sectors.
VII. Conclusion ensuring preparedness
So how can organisations ensure preparedness to deal with these rapidly evolving drivers, and yet adapt and grow?
Culture: The first and most important one is to build the right culture of compliance and send out the message that compliance is the shared responsibility of every employee in the organisation. It is all about self-discipline, which needs to be imbibed into every employee. This change cannot come overnight and needs years and years of work by the top management and compliance teams. But in the long run it will ensure that the institution can stay compliant in the face of any threat or challenge.
Risk-Based Approach: We have to be as diligent and comprehensive as possible, about applying the risk-based approach, which is the cornerstone of every money laundering prevention programme . If this exercise is undertaken seriously and not merely as a check box approach, it will ensure compliance that is based on carefully evaluated risks and curated controls, which will keep the organisation safe from criminals and at the same time meet regulatory expectations. An important part of applying the risk based approach is to conduct an enterprise-wide risk assessment (EWRA). Although it is easier said than done, institutions should drive more effectiveness in the EWRA exercise and make it as meaningful as possible rather than treating it as merely an obligation.
Training: Training is one of the most important pillars to ensure preparedness, especially ongoing and role-based training that not only upskills teams but also builds the confidence in them to take on their compliance responsibilities. It is important for institutions to build compliance career paths and build the next rung of compliance leaders in the organisation.
The Presentation File (PDF format) can be downloaded HERE.
The Video recording of Shirish Pathak, Managing Director, Fintelekt Advisory Services, can be viewed in the ABA YouTube.
Prepared for the Asian Bankers Association by:
Shirish Pathak
Managing Director
Fintelekt Advisory Services