The fast-pace changes taking place in the anti-money laundering (AML) regulatory landscape, partially prompted by the scale of money laundering scandals such as Wirecard and the FinCen files, have placed financial institutions under greater scrutiny and pressure to be compliant.
As such, firms find themselves playing “a constant game of horizon scanning” on new AML requirements, said Erin Gavin, associate director at Protiviti.
Bernadine Reese, managing director at Protiviti, said “regulatory expectations are rising, so the information that is needed to satisfy the regulator’s requirements and AML is also increasing”.
“Anytime regulation changes, it sometimes impacts the data that’s required,” added Gavin. “One day it could be satisfactory and the next, it could be a remediation exercise to uplift that data to the recently implemented regulatory requirement.”
Rise in digital adoption clashing with legacy data challenges
In managing increased expectations, firms have turned towards technology to aid the process of compliance and transaction monitoring. The pandemic forced a lot of financial institutions into adopting digital processes “than maybe they were ready for” or they “have had to accelerate”, said Gavin.
Tracey Allen, COO for CLM managed services at Delta Capita, said technology is starting to play a “pivotal role” in AML compliance. “The use of AI, machine learning and digital ID are there to assist in the automation and can provide significant efficiencies in the alert management process.”
The annual cost of AML compliance is estimated to be £28.7bn next year, with expectations it’ll rise to £30bn by 2023, according to a report by Lexis Nexis. However, the practicality of compliance technologies used by firms has come under fire by regulators.
In June, the UK’s Financial Conduct Authority (FCA) published a Dear CEO letter addressing the “common weaknesses” of retail banks in the UK against their AML checks. The letter raised concerns around “a lack of understanding of the technical set up of the transaction monitoring systems from those individuals that have responsibility for its operation and effectiveness.”
Ciara Aitchison, AML subject matter expert at the Association of Certified Anti-Money Laundering Specialists (ACAMS), said AML technology “is not as simple as just plugging it in and play”. Firms also need to “make sure the right inputs are feeding into the technology.”
A lot of firms are still using legacy data sets that consist of fragmented or not consistently-categorised data that is making it harder for institutions to use their digital systems effectively, said Reese.
The issue of legacy data in the industry is substantial, said Gavin. “There are a lot of institutions who are not utilising that data in the right way or optimising it in the right way.”
This makes it harder to leverage new technology, she said. “Before [firms] are able to gain efficiencies through the use of new technology, they first have to go through the journey of organising, structuring, cleansing and prioritising the data that they have on customers.”
Alongside the data available needing to be updated, the technology itself needs to be “easily configurable to cope with the changing rulesets”, said Allen. Luckily, the AML technology available in the market is becoming “much more flexible and much more configurable.”
Evolving compliance data-skill sets: taking stock of the new crypto reality and growingly complex regulations
The configurability of AML compliance technology is something firms will need to consider as they branch into cryptocurrency and as regulations start to creep in the space. Earlier this year, the European Commission announced proposals to extend its current AML and CFT regulations to the entire crypto space.
“Crypto is a growing marketplace, and one of the biggest challenges is staying on top of who’s operating in this space,” said Aitchison. “Banks will be seeing more flows being channelled” into that space, she added.
“Banks will need to become familiar with what they should be screening, what they should be looking for and becoming comfortable with the risk.
“Understanding the risk is probably the biggest challenge.”
The digital transformation in the compliance space has also meant employees will need to be upskilled to adapt to the changing role of a compliance team. “It feels like a new skill set and new set of requirements,” said Gavin.
“Those who might have come up traditionally through a compliance background or legal background have to get to grips with all of these other issues from a data and technology perspective,” she said.
“There’s a greater emphasis on understanding the technology, understanding the governance around that: we’ve seen a lot of increase in data analysis type techniques.”
However, Gavin argued this isn’t being addressed as “proactively” as the industry needs.
Global institutions are often dividing resource to meet AML compliance needs across various jurisdictions. As a result, firms are spending more on resource to keep up with regulatory needs.
EBA AML proposals a key step towards harmonisation
With that said, the European Banking Authority’s latest consultation on updating the guidelines on the role of AML and CFT officers suggests AML regulations are moving towards a stage of harmonisation, according to experts.
David Pasewaldt, partner at Clifford Chance, said the authority’s consultation demonstrates central change.
“It’s not only about the content of the guidance, but it’s the nature of the guidance.
“This is one further step towards harmonisation within the European Union,” he said, as it will provided centralised guidance to national regulators on how they should apply the new requirements.
David Hamilton, senior associate at Pinsent Masons, said the consultation also recognises “the divergent approach between jurisdictions, which has also led to the divergent approach between financial institutions in how they’re implementing AML systems and controls.”
“This inevitably leads to arbitrage between those different jurisdictions as different parts of the business potentially may be held to different standards”.
The harmonisation of requirements and roll out of central body’s guidelines will help international financial institutions that are active in different member states as there is “only one standard they need to comply with,” said Gerson Raiser, counsel at Clifford Chance.
At the present stage, the various interpretations of AML regimes are often a pain point for firms, said Hamilton. The compliance framework architecture of a global firm will often suit the requirements in the jurisdiction it’s headquartered. This presents implementation and monitoring challenges for the other jurisdictions it operates, and overall creates administrative and compliance headaches, he said.
Similarly, the drafted guidelines seem to “comprehensively address, for the first time, the level for the whole anti-money laundering CTF space and its governance set up,” said Delta Capita’s Allen.
The clear expectations of the roles and responsibilities are “definitely needed”.
“The theme that’s coming out of the EBA guidance is the common challenge around the control frameworks that are in place including governance and oversight,” said Allen.
A technology-driven future
Despite the step towards harmonised AML regulations that will help reduce the complexity of internal compliance structures, the burden of AML requirements will continue to increase for financial institutions, especially as activity in the crypto space grows – translating into a stronger need for updated risk checks and data systems.
Firms will need to fully understand the risks they face when considering which AML technology to purchase, said ACAM’s Aitchison.
Alongside such digital transformation journeys, financial institutions will also need to focus on upskilling and training their compliance teams to be able to use the new systems and analyse new data.