Anti-money laundering (AML)/ Know Your Customer (KYC) regulatory requirements have dominated the Financial Services industry for quite a while now. However, with the growing links between money laundering and terrorist financing, crime & corruption, there has been a renewed regulatory focus on AML globally. More recently, there have been multi-million dollar fines and penalties levied on financial institutions including ‘cease and desist orders’ and even the closure of businesses in some cases. An analysis of these cases shows that the AML programs were deficient and therefore not in compliance with regulations. The key areas of focus/ deficiencies noted from the regulatory actions are summarized below:
- High Risk Country Dealings
- High Risk Customer Dealings
- High Risk Products Dealings
- Deficiencies in Transaction Monitoring and SAR Processing
- Group Compliance
- Dealings with Sanctioned Countries/Parties
The regulators are working to improve the effectiveness and also enforceability of AML regulation by bringing more clarity into methodology and application of the regulation. The issuance of the European Union (EU) AML Directive IV has had a major impact on AML regulation. Some of the key provisions of EU AML Directive IV are summarized below:
The regulators are keenly aware of the compliance costs and business pressures involved at financial institutions in order to be in compliance with regulations. Hence, the regulators are moving away from ‘rule based approach’ to ‘risk based approach’ so that resources are focused on identifying and monitoring high risk countries, customers and products rather than potentially the entire customer base. RBA will be an important and integral element of AML programs going forward. The picture below summarizes the key features of RBA:
A division of customers into natural persons and other entities is recommended since the assessment parameters may be different for both categories and may assist in compliance with future regulation. The financial institutions will need to determine factors relating to each customer type. The standalone ratings for customer, country, and product may show lower risk but a combination of any two or more aspects may increase AML risk substantially. Hence, a combined rating for these three elements needs to be considered. Based on the customer score, level of customer due diligence (CDD) will be determined. In building these models, the financial institutions will need to use parameter weights, statistical techniques, back testing and validation techniques before the models are adopted. In order to gain efficiencies in an AML program, the institutions should focus on using RBA on identifying the majority of customers under simplified/ standard CDD and processing the majority of transactions under straight through processing.
The picture below identifies areas where the financial institutions can achieve efficiency while maintaining effectiveness of AML program:
Having said that, areas of challenges still remain in the implementation, documentation and on-going activities associated with AML compliance. Data protection and sharing of data continues to be major concern especially for entities in multiple geographies. Going forward, some of challenges could be addressed through leadership within industry groups, regulators and major financial institutions with a focus to forge co-operation and change in the future.