webinar recap: OPBAS AML compliance – what can be learnt from the banking sector’s approach to digital KYC
The Office for Professional Body Anti-Money Laundering Supervision (OPBAS) has advised that law firms and professional services should be working to the same standards as banks, particularly in establishing robust controls around compliance processes.
So, what does that mean when it comes to core procedures and what they must change and improve on?
We asked Amy Bell, from Teal Compliance, and financial crime compliance specialist Steve Elliot, of LexisNexis Risk Solutions, who shared their thoughts on existing practices and how other regulated industries can learn from banks and implement new technologies to ensure consistent and effective compliance in a recent webinar.
Within the session, which you can watch in full here, our speakers looked at areas such as:
- current UK AML regulations
- how banks approach Anti-Money Laundering (AML) compliance
- the foundations of modern Know Your Customer (KYC) processes
- steps you can take to improve your own programme
OPBAS report findings
To position the discussion, Amy reflected on the second and latest OPBAS report on the findings from a review of the legal and accountancy sector, which she told us shows a “stark contrast” to the year before, with a “remarkable improvement,” but questions remain.
Grouping the findings into three key areas, Amy started by saying there had been an improvement in the application of the risk-based approach by the 22 Professional Body Supervisors (PBS).
OPBAS found in 2018 that not all PBS had collected information on their regulated populations and therefore had not been able to properly assess the risks. By the end of 2019, 95% of the PBSs had collected the information they needed and 86% were adopting a risk-based approach.
She also highlighted that more PBS are conducting risk based activities, including utilizing site visits as part of their activities and, in fact, the number of PBS conducting proactive supervision rose from 10% at the end of 2018 to 81% at the end of 2019.
And, importantly, here she brought out the OPBAS conclusion that there has been an increase in enforcement activity. There is a marked difference between the accountancy and legal sector, with accountants having more, but lower, fines than the legal sector.
In a message to firms for the future, she said:
Expect non-compliance to lead to disciplinary consequences. It is definitely time to make sure you’ve got your regulatory stack ready.
Interestingly, as well as delving into how to evidence a risk-based approach, Amy also shared her knowledge of gaps in firm risk assessments she sees, both firm-based, and client and matter, with some common issues cropping up in the form of:
- assessments not being specific to a firm
- inconsistent completion
- only being done at the beginning of a relationship
banking sector approach to KYC
Handing over to Steve, it was time for him to tell us about how banks conduct KYC and the importance of keeping your AML and anti-fraud processes current, focusing on lessons learnt and what could be taken from those now.
According to Steve, the first thing banks must do is know “who we are” and, adding that current systems gather “very few data attributes” in relation to individuals, he said that what we get instead is personal information, such as name, address, etc. He believes “we are much more than that” – we are our biometric profile, our moral compass, connected ecosystems, and so on.
It is only when you get a true understanding of a person’s ecosystem and of who they are that you will know who they do business with and the risk they possess, he pointed out.
Currently, Steve said, banks are using “very few data attributes to authenticate and risk rate people but they are building in more and more”, which is something he placed great importance on while giving examples of real situations, before emphasizing that it is vital to remember that just looking at the first level is not sufficient when looking for the full picture of a person and risk.
Illustrating the need to get it right and why it is imperative that ongoing effort is put into complying with regulations, Steve continued by looking at the cost of compliance. The UK has the second highest number of financial institutions behind the US and the highest cost market within the highest cost region.
- increasingly complex regulations
- data privacy limitations
- sanctions violations
- labour costs
learning from other sectors
After sharing with us his view on how compliance is achieved where he sits at the moment, and the challenges that come with this, Steve provided insight on what could be taken from other industries’ approaches to compliance.
Touching on how the use of AI in specialist areas such as medicine and the aeronautical space could looked at, he reflected:
In financial services, firms are trying to access more data attributes and looking at outcome data… then using AI to reverse engineer back through the data to find attributes they should have been looking at in order to give an early indication that fraud would occur. Those types of solutions are very effective for driving out fraud and money laundering.