Sanctions and AML: a practitioner’s view of getting to grips with new directives

Following our deep dive into how businesses can ensure they keep up with evolving sanctions regimes with Martha Kliss from UCB, a global organization within the pharmaceutical industry, we’re continuing to examine the landscape – this time with a practitioner’s views and insight into implementing Anti-Money Laundering (AML) directives.

Olivia Tawadros is a Senior Analyst at UAE’s Financial Intelligence Unit (FIU), who was a key figure in the implementation of the goAML reporting platform, developed by the United Nations Office on Drugs and Crime (UNODC) to facilitate the receipt, analysis and dissemination of suspicious transactions and activity reports to the UAE’s authorities.Here, she tells us more about what she’s learned through that role, in terms of best practice for financial institutions (FIs) when it comes to tackling money laundering, and how the increasing compliance requirements in the region have impacted…

Olivia’s view on sanctions and AML directives*

What are some of the lessons you learned along the way that you think would be useful for FIUs and financial institutions to know about when preparing for the introduction of revised AML directives?

It is always best to be prepared and know your requirements in advance prior to starting an implementation process.

Ensure that the infrastructure is adequate. Get to know the platform you’re using, listen to experienced users and make the best use of it. It’s important to have proper policies, procedures and controls – complemented by technology – in place.

One of the key things to consider, especially with the new requirements of regulations such as the Fifth Money Laundering Directive (5MLD) is to ensure staff are up-skilled – this is extremely important. Particularly in relation to 5MLD, we know staff must be comfortable with the requirements concerning Ultimate Beneficial Owners (UBOs), so I think this is an area that must be taken into account, as I find that financial institutions lack training from the bottom up in this area.

What are your tips for financial institutions and non-traditional financial institutions to get aligned internally for new directives?

• Adopt a comprehensive AML programme, particularly if you are a non-traditional institution, like a cryptocurrencies exchange.
• Tighten existing transaction monitoring rules, specifically in relation with prepaid card top up transactions.
• Understand your risk appetite in relation to transactions that involve high value goods that could be a source for terrorism financing.
• Upskill the financial crime detection and compliance teams and train them on how to unwrap complex structures and  links between entities and UBOs.
• Apply analytics tools to manage the wealth of information that is publicly available for your client due diligence.
• Carry out Enhanced Due Diligence (EDD) on those concerned in high-risk third countries, as defined in 5MLD.

What are some of the issues you tend to see around AML adherence in the complex structures?

Complex structures are a key method used to disguise beneficial ownership. These involve the use of legal persons and arrangements to distance the beneficial owner from an asset through complex chains of ownership.

Key issues related to complex structures include:

• Deficiencies in on-boarding and ongoing CDD programmes
• Companies not maintaining shareholders registers
• Transparency issues related to these registries
• Complicated mechanisms in sharing financial intelligence and company information between authorities

There is also the difficulty that comes with dealing with dormant accounts, IDV and complex structure unwrapping.

What are some of the important measures for complying with AML due diligence requirements?

Customer Due Diligence (CDD) measures and controls, whether at onboarding or throughout the course of the relationship, are an effective risk mitigation tool. Measures include

• Identify and verify the identity of each customer on a timely basis.
• Identify the beneficial owner, and take reasonable measures to verify the identity of any beneficial owner. The measures that have to be taken to verify the identity of the beneficial owner will vary depending on the risk.
• Obtain appropriate additional information to understand the customer’s circumstances and business, including the expected nature and level of transactions.
• Relevant customer due diligence information should be periodically updated together with its risk assessment. In the event of any change in beneficial ownership or control of the applicant, or third parties on whose behalf the applicant acts, reasonable measures should be taken to verify identity.

What do you think of the move towards UBO registries in Europe? How do you think that these registries should be used by companies in their due diligence process when they onboard clients and/or suppliers?

As per the Financial Action Task Force (FATF) guidance on transparency and beneficial ownership, countries require their company registry to facilitate timely access to the public information they hold – hence the move towards UBOs registries in Europe.

Financial institutions should not solely rely on such registries to identify UBOs but rather should use them as a starting point. They should follow an enhanced due diligence process, especially with clients who are identified to have complex structures.

Unwrapping the layers of a complex structure and Identifying and verifying the UBOs should not only be done at the onboarding stage but rather should be part of their periodic reviews to ensure they’re compliant with the relevant regulations as well as up to date with their Know Your Customer (KYC) activities.

What is the role or benefit of having a verifiable audit trail for financial institutions if a potential compliance breach is identified?

The importance of having a verifiable audit trail is the first lesson I personally learnt when I started my AML career. It is vital that an institution has documents to cover itself, which means that every decision should be properly documented.

How do institutions benefit from showing a consistent process when AML compliance is questioned?

Consistency is key. It is important to be able to exhibit a consistent approach to AML compliance. It can be used to sustain an institution’s defence, should there be a one-off incident that causes the AML compliance program to be in question.

What do you think are useful ways to harness technology for AML?

Transaction monitoring
A good transaction monitoring system will help FIs in detecting any red flags or patterns that can be a sign of exploiting trusts, complex structures, and PIVs in potential money laundering schemes. Introducing machine learning and Artificial Intelligence (AI) is now the trend and, if exploited for the right cause, it can be cost-effective.

Suspicious transaction reporting (STR)
Most FIUs are now using advanced systems to receive, analyze and disseminate STRs/SARs. Using machine learning and AI as well can help FIUs during their investigations and strategic analysis process.

I think financial institutions should become more proactive with technology. Being proactive does not mean file more STRs/SARs, but rather take the initiative of using available technology for preempting risks by detecting trends and patterns to then design a mechanism for sharing them with the institution’s  community for everyone’s benefit.

How can technology be used to make the relationship between FIs and FIUs collaborative?

FIUs and financial institutions are increasingly working together in regulatory sandboxes, allowing banks to innovate, with the regulator’s guidance, and supportive oversight.

What do you think of the potential of technology for improving SAR submissions and subsequent FIU investigations? How does this change the relationship between financial institutions and FIUs?

Financial institutions that are eager to cover themselves by complying with suspicious transaction reporting directives have the counterintuitive effect of making it harder for FIUs to pursue legitimate financial crime due to the sheer SAR volume.

Institutions that undertake client vetting aided by technology approaches like Intelligent Process Automation (IPA) reduce the amount of clients that SARs come from in the first place. Applying AI in transaction monitoring once the client passes onboarding checks significantly reduces false positives and the SAR workloads at FIUs.

Institutions sending less erroneous SARs gives FIUs the time and capacity to chase up legitimate SARs and meet their respective financial crime fighting missions. Consequently, a collaborative workflow develops, with institutions sending more qualified SARs, allowing FIUs to focus on SARs that are more likely linked to financial crime.

This is an example of technology changing the relationship between financial institutions and FIU from potentially adversarial to collaborative.

*The views expressed in this blog are Olivia’s, and are not representative of her employer.