The LSAG is a cross-sector group made up of members from each regulatory and representative body in the legal sector, and this is the first time that the group has examined the guidance as a whole in detail. Their previous version in 2018 mainly focused on the amendments needed to interpret the 2017 Money Laundering Regulations.
It is clear that, here, the LSAG has sought to provide much more detail on what regulators consider good and poor practice. There are many instances of policies and procedures that the LSAG say ‘should’ be in place, and, whilst it is not mandatory to follow any of the guidance, a firm who deviates from it must be able to justify that decision if asked by their regulator.
Also, if there are any practices you have now that come away from their recommendations then it would make sense to record your rationale now, rather than wait to be asked for your justification.
Many will welcome the inclusion of a new chapter on technology. Whilst technology was referred to in previous versions, this new content provides clarity on the regulator’s expectations when implementing new technologies to assist with Client Due Diligence (CDD).
This focus is no doubt prompted by the implementation of the Fifth Money Laundering Directive (5MLD), provided for Member States to encourage the adoption of technology. It is important to note that the resulting 2019 Money Laundering Regulations did not mandate use, but did make clear the circumstances in which electronic verification was permitted.
The new technology chapter also clearly addresses the intention behind 5MLD. We can see from the Compliance Principles that the LSAG expect firms to evidence:
As a result of an amendment to the 2017 and 2019 regulations, firms now need to make sure that they assess the risk of implementing new technology in respect of money laundering or terrorist financing. When thinking about the types of technology this will apply to, think wider than any client due diligence systems. Think about methods of delivery of your services, through portals for example, which may increase the risk of anonymity.
Given you need to display you have assessed risks, your practice wide risk assessment appears to be the most sensible place to record this.
Technology for use in the CDD process is the focus for much of the chapter. In my experience, many firms now do deploy some sort of electronic ID&V in their process. For those, this chapter is a must read because you may need to create some records of your decisions and think about the training you provide to the users of the technology.
I think the key action points will be:
One thing is for sure, the LSAG are certainly supportive of technology, but not as a cure all. Firms will remain responsible for CDD, and need to explain how the technology helps them meet their obligations and mitigate their risks.
It is clear from the guidance that a great deal of importance is being placed on the use of technology in CDD, with the onus on firms to be able to evidence not only how technology helps them meet obligations, but also to ensure their clients have adequate understanding of that technology and process.
At Encompass, we work closely with our customers to understand their key use cases to ensure we provide a solution best suited to their KYC policy requirements to consistently search and retrieve key risk factor information to mitigate their risks. In essence, we replicate a customer’s existing policies in a more automated and streamlined environment.
We recognise that the inconsistent application of KYC policies, the varying quality and depth of information gathered and the potential for human error all pose risks to our customers. With Encompass, they can rely on a simple and repeatable process, which can be shared across users, offering much needed consistency and confidence, with our audit trails evidencing every action and decision made.
Even with limited identifying information, we can discover and build the ownership tree of an entity, screening and identity checking all associated parties, presenting all the information to ensure customers can make informed decisions.
As Amy points out, you need to understand the data sets your tool checks, and why, and how reliable they are.
When onboarding new customers, we work closely with them to understand the specific steps taken during their CDD process to retrieve and analyse information. Using this information, we create policies that automate this data collection from the same trusted sources. In this way, Encompass is able to fully satisfy their KYC policy requirements while automating manual processes. We review these, together, on an ongoing basis to ensure that they are still relevant and appropriate for our customers’ regulatory requirements.
As is highlighted by the guidance, technology solutions must be fully understood by users and explainable to regulators and auditors, like Amy. Encompass dynamically builds a full and accurate audit trail that records every search, action and decision taken, ensuring our customers are always regulator ready. In some cases, data providers themselves may conduct fuzzy matching on the search terms we have provided. Where this is the case, we present all the search results as returned, allowing the customer to compare this to the search details provided and make an educated decision.
When it comes to human error, the standardisation of processes provided by the Encompass platform ensures a consistent, robust and repeatable approach, ensuring a firm’s processes are consistently being followed, in an effective and efficient manner. Automating data collection and analysis ensures human error is eliminated, providing a sound base for further due diligence and onboarding processes.
Within Encompass, our customers’ policies provide consistency and offer uniformity in the information presented back, reducing the opportunity for this human error. Finally, here at Encompass, our Customer Success team offers regular training to all customers to keep them informed of new features within the platform and to onboard new users. We produce and maintain training packs specific to each customer, which can be shared for peer to peer training and used as helpful reference material, ensuring customers get the most out of the platform.