How to futureproof your AML compliance programme
How to futureproof your AML compliance programme
Anti money laundering (AML) regulations do not stand still. This comes as no surprise when you consider the size of the problem.
It is estimated that between two and five percent of GDP is currently laundered globally each year, equating to between $800 million and $2 trillion. Regulations evolve to protect the global financial system from money laundering, but these changes don’t come without their challenges to regulated firms.
Throughout the last decade, compliance officers have been on the back foot, and have often been in a position of reacting to regulatory change rather than getting ahead of it. Many simply have not had the resources needed to effectively prepare for change. By harnessing new strategies, compliance officers have an opportunity to help their companies fight against money laundering while also taking on a strategic role that can impact business growth. Creating more efficiencies in the compliance process will in turn drive more profitability.
So how can compliance officers be in a position to get ahead of change, rather than having to react to it? The answer lies in developing AML compliance programmes and best practices that evolve dynamically and are agile enough to respond to inevitable change. Done in the right way, improvements can directly impact profitability as well as shareholder value. In this piece we dive into a number of components that will help you to build a dynamic, futureproof AML compliance programme.
Analyzing recent regulatory change
Having dealt with the sweeping change needed to respond to the EU’s 4th Money Laundering Directive (4MLD) in 2017, banks are now faced with the significant amendments required by the 5MLD and 6MLD. On a global basis, there are even more regulations to observe. Those who adapt the quickest and with the least disruption to clients will benefit from a competitive advantage. Here are some of the key areas firms will have to focus on:
Accessing new global information sources
The revelations of the Paradise and Panama papers led to a global push for increased corporate transparency and many governments have mandated the creation of centralized corporate and ownership registers. Regulators will fully expect firms to be using this data in their compliance process. But revising processes to ensure these new data sources are accessed consistently and in line with internal policies can be challenging, especially when processes for gathering and analyzing data are largely manual.
Reduced threshold for identifying beneficial ownership
Under 5MLD, the threshold for identification of Ultimate Beneficial Ownership will reduce down to 10% from 25% where an entity poses a significant money laundering or tax evasion risk. While some firms already operate at this level, those that don’t will need to update their policies as well as remediate their existing customer back book to bring KYC files in line with policy revisions.
A growing emphasis on virtual currencies
Regulation of the cryptocurrency space is a much debated topic. It’s no wonder when it’s estimated that 97% of direct bitcoin payments from criminals went to exchanges in countries with weak anti-money laundering laws. As a sector in its infancy, the standards for crypto AML compliance are still being defined. Firms offering crypto products or dealing in cryptocurrency transactions need to be able to quickly adjust to new requirements as they come into force without impacting the customer experience.
Improving the risk based approach
Last year, the 4MLD focused heavily on the importance of a risk-based approach, and we see this push continuing. Recently revised Hong Kong Monetary Authority Guidelines, for example, require firms to take a risk-based approach to manage their AML and KYC processes.
The guidelines require firms to make changes around the segmentation of their clients based on the countries they operate in and the services they provide. Specifically, the documentation states that a firm should “conduct its assessment every two years and upon trigger events which are material to the Authorized Institution’s business and risk exposure”. The ability to monitor and identify trigger events on an ongoing basis will be critical to meeting regulatory requirements.
Four strategies to support a dynamic AML compliance programme
Having a dynamic compliance program will free up resources that would traditionally be tied up managing the change process. The ability to streamline and speed up processes are also clear advantages for driving revenue and growth. Here are four strategies to help you build an AML compliance program that will evolve as regulatory change occurs.
1 – Improve access to global data
As regulation evolves alongside your organization’s geographical footprint, so do your data requirements. Having consistent, reliable access to comprehensive data gives you and your compliance team confidence that no matter what changes are around the corner, you will be able to meet Know Your Customer requirements on a global scale.
Sourcing new data sets and redesigning policies governing how they are accessed and interrogated to meet new requirements is complicated. Take for example the identification of global ultimate beneficial ownership. Corporate registry information, as a whole, is fragmented and varies in accessibility according to each jurisdiction. If you rely on manual data gathering, accessing these new sources will add significant time to the KYC discovery process, stretching limited resources even further. Adverse media screening is another example of regulation impacting data requirements. Regulators now expect firms to identify negative news relating to prospective or existing clients and an increasing number of organizations now rely on premium new databases and internet searches to fulfil this expectation.
The ability to quickly and easily integrate new sources of data into your AML/KYC processes is increasingly important in meeting your regulatory obligations. Working with a partner who gives you seamless access to up-to-date global data sources is a clear advantage.
At encompass, we have more than 120 global data integrations that allow us to provide comprehensive coverage for KYC discovery. This allows our customers to continue with their trusted sources while benefiting from advanced automation technology to redesign and streamline their existing processes.
2 – Develop a structured change management programme
Implementing large scale change on an ongoing basis requires careful planning and thought. Manage the process incorrectly and you could expose your business to risk blind spots that affect the entire company. It’s important to have a change management system that can easily integrate new regulations, data sources, and business requirements.
Each change management programme is individual to each business, but a preliminary framework may include:
- mapping of existing organizational policies and rules
- assessment of regulatory requirements
- impact assessments and root cause analysis
- training across business units/compliance teams
- testing of internal controls
- ongoing audit plan
For those working in a predominantly manual system, change management can be a seemingly daunting task. Information is often spread across the business, making roll-outs of updates inconsistent and patchy. Policies may not be implemented uniformly and datasets can be missed. The right technology solution will help you eliminate gaps and irregularities when undertaking changes to your AML compliance programme.
3 – Futureproof your resources
As you probably know, it can be difficult to recruit the right people to execute effective AML compliance. Almost one third of employers are currently anticipating a shortage of compliance skills. Compliance teams are the engines driving AML compliance programme processes within financial institutions, but as the regulatory burden increases they need help. In the past firms have been able to recruit large teams of compliance experts but pressure on budgets means this is no longer the case. The right technology solution provides the support your business needs to stay ahead of the curve by:
- being quick to respond to change – change is time consuming, and adding human resources quickly is not possible when you consider the time it takes to train staff.
- being scalable – technology has the advantage of being easily scalable both upwards and downwards with little impact.
- being consistent – ensuring that all analysts are trained and working to the same standard is difficult on a global basis; technology minimizes ongoing training and oversight as when policies are updated it can be easily updated to reflect changes. Not only that but it effectively ‘railroads’ staff into following the new policies as they were intended.
By removing the burden of day-to-day administrative tasks, the right technology solution will free up time, allowing compliance teams to focus on more strategic, future-focused, issues that will inevitably arise with regulatory and business change.
4 – Use technology where it has the most impact
Tasks that are repetitive in nature, follow strict governance or that can be easily codified are best suited for new technology like intelligent process automation (IPA) or artificial intelligence (AI). Understanding when to use the right technology allows you to tackle seemingly insurmountable tasks. 95% of businesses already using IPA believe it has improved productivity and 93% stated it made compliance processes stronger.
Take for example KYC remediation. When new regulations come into force that impact internal policies, new requirements need to be applied to your existing clients. This means potentially tens of thousands of customer KYC files need to be quickly remediated to be brought in line with new standards. Many financial institutions currently tackle KYC remediation manually, and as a result, are unable to meet tight regulatory deadlines to have backlogs cleared. If you can’t remediate KYC files quickly enough, you are exposed to regulatory and reputational risk, and may have to stop transacting with some customers, resulting in revenue loss and a poor customer experience.
More rigorous requirements for identifying ultimate beneficial ownership can be easily managed using IPA. When identifying UBOs down to the 10% threshold, firms will be required to delve further into corporate structures which will potentially slow down the onboarding process. This is a laborious and gruelling task when you consider it on a global basis. Using IPA to automate data gathering and mapping of corporate structures would offer significant cost savings and get customers on board faster.
Regulatory change is inevitable, and it presents an opportunity for global financial system to work together to tackle the increased threat of money laundering and financial crime. Compliance teams that can adapt to change efficiently will be in a better position to protect their organizations and improve the bottom line. With the right tools in hand, the right team in place and the right approach, it is possible to develop an evolving programme that manages change now and well into the future.
At Encompass, our team of experts often see regulatory changes ahead of time. Working with multiple large financial institutions, we are exposed to industry best practice as it develops, which informs the development of our platform. We have built our SaaS automation platform to offer full flexibility, so that your policy changes can quickly and easily be reflected with minimal IT support. Changes that may in the past may have taken weeks, or even months, can be rolled out across your business in a matter of days. On top of this, every client’s dedicated customer success manager is always on hand to support them through change.