In an already complex world of finance, money laundering and terrorist financing have become one of the biggest challenges businesses are facing today. Criminals seem to have put down the balaclavas and the duffle bags, and instead have become smarter, faster, with increasingly sophisticated methodologies to move funds. In a globalised world where money has no borders, an evolving regulatory landscape, and emerging technologies which always seem to move the goalpost, navigating regulatory obligations can present its challenges.
Technological Complexities
The world is currently facing a paradigm shift. The rapid advancement of technology nowadays makes it possible for faster detection of suspicious activity, automation of tasks and improved transaction monitoring. However, like everything new, it comes with its teething problems. Technologies such as Artificial Intelligence (AI) and Machine Learning (ML) are slowly becoming effective tools, but with the technology still in its infantile stage, the bots don’t always get it right. Systems need long processes of adaptation and calibration and a close eye to what is being flagged. This also sits on top of the needed specialised skills in managing the systems and careful consideration of ethical and legal implications. Throw in the mix the use of cryptocurrencies and wealth originating from crypto, the slowly growing decentralised finance (DeFi) and a world which is becoming increasingly digital and at risk of cyber-attacks, and you have the recipe for a massive headache.
Data, data, so much data
The further we go, the more data is generated and required for day-to-day tasks. From endless KYC and due diligence information to sifting through ongoing monitoring data points, behavioural information, real-time activity, and the rising new typologies, data management has become crucial more than ever. AML systems rely on large volumes of data to function, further emphasising the need of clean reliable data. Siloed data across departments makes processes harder to conduct, limiting access and creating risks of inconsistent data which impacts risk assessments and regulatory reporting. The systems themselves, when not well calibrated produce a lot of false positives which need to be combed through, and if not addressed swiftly, may lead to mistaking activity for false alarms.
Regulatory changes
The AML/CFT regulations are constantly evolving. As the industry grows at exponential rates, technology pushes us further into the future, and criminals always seem to be ahead of the curve. Regulators are always introducing new rules for businesses to keep up with the changes. This can create a significant challenge to stay on top of changing requirements, both at a national level and at an international level, affecting businesses on all fronts.
Cross – Border challenges
AML/CFT regulation locally can already be challenging, add to it different jurisdictions with different interpretations to obligations and varying levels of adoptions of regulatory frameworks and it quickly becomes a regulatory Rubik’s cube. While the EU is trying to address the issue through the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), the diverse AML landscape through the different continents can often be conflicting, with varying levels of transparency making life difficult for everyone. Managing customer due diligence across borders and effectively monitoring transactions spanning through multiple jurisdictions are hurdles that many businesses face daily.
Resources Constraints
Businesses are always feeling the increasing pressure to do more with less. Sophisticated AML systems are good to have but very expensive to acquire, set up and maintain. Skilled professionals are required to be able to keep up with the technical demands of systems, to collect and review information and to keep up with the varying facets of the legal requirements. Moreover, the increasing volumes of data require storage, safekeeping, and increased protecting from fraud and cyber-attacks. When also considering the skills-gap and retention issues many businesses face, keeping up with regulatory demands is challenging to say the least.
Even if navigating all these challenges may feel like an ever-rising mountain, there are a number of tools businesses can use to keep up with the pace and stay in line with their obligations. Here are some best practices:
The importance of an accurate and realistic business risk assessment
The Business Risk Assessment (BRA) can be an effective tool to mitigate risk when this is done right. When a BRA is done correctly, it can give the business a clear picture of the degree of risk the business is experiencing and an analysis of how effective the business controls are to mitigate these risks. When done wrong, the BRA can give a false sense of security and leaves the business unprepared and exposed. A critical element of an effective BRA is the degree, and the quality of quantitative data used to conduct the assessment. Some questions to consider are:
- Is the business collecting quantitative data for all the pillars for inherent risk?
- How inclusive is the data?
- Do the statistics used offer a realistic picture or are these very high level?
- What is the business doing to test the validity and efficacy of the controls in place?
- Does the BRA consider new typologies? Where does the business stand compared to the rest of the sector?
The Risk Based Approach (RBA)
When business have a clear picture of where they stand and what they are up against, the next step is to direct resources where they are most needed. Resources are finite, so it’s important to use them wisely. The RBA allows businesses to focus attention where the risk is highest, optimising the impact of the compliance measures taken and avoiding unnecessary measures for low-risk situations. The RBA also encourages a proactive approach to identify and address potential risks before they materialise, rather than just reacting when they occur.
Compliance Culture
The tone from the top is important for a healthy compliance culture. Employees at all levels need to understand and actively support the organisation’ s AML/CFT measures. When senior management actively demonstrate commitment to AML/CFT compliance, the rest of the organisation will follow in its steps. Nurturing the right approach by keeping open communication channels, creating clear guidelines and provide training tailored for all levels of the organisation is critical for maintaining a healthy AML/CFT ecosystem.
Effective due diligence
Businesses must have effective due diligence processes that work for them. Due diligence should be commensurate to the business risk exposure and the type of clients onboarded. It is important that due diligence implemented is in line with the RBA and provides robust knowledge of who the customer is and what activity to expect. The quality of due diligence conducted will determine the quality of the monitoring conducted on customers.
Data analytics and data management
Effective data analytics and data management are another crucial element for effective AML/CFT compliance. Elements such as data quality, data integration, data governance and security will determine the effectiveness of the measures implemented. Effective data analytics and management will improve detection, facilitate risk management, and improve timeliness and quality of reporting. An efficient use of data will also assist businesses to streamline processes and tailor measures to the risks being experienced, possibly also reduce costs from improved allocation of resources.
Collaboration and information sharing
Reach out for information whenever possible. Private-Public Partnerships are key to the global fight against money laundering and terrorism financing. The FIAU offers guidance and outreach to subject persons, AML/CFT clinics and numerous points of contact. Reach out to share the challenges you are experiencing on the front lines and the new typologies you can see emerging.
Stay on the ball
Always make sure to stay informed of regulatory changes, new typologies arising, sectorial changes and updated risk assessments such as National Risk Assessment (NRA) and Supranational Risk Assessment (SNRA) updates. Staying on the ball is not only external but also internal. Stay updated with regular testing of the internal AML/CFT framework, system scenario testing and validations, provide regular training to staff and update the BRA whenever material information arises to ensure the efficacy and effectiveness of the internal framework.
Speaker’s Bio: Ms Elise Ann Mifsud CAMS is a Financial Crime Compliance Supervision Officer with the Supervision section of the FIAU, having four years of experience in regulatory compliance supervision on Credit and Financial Institutions. Ms Mifsud Watson is qualified in both (CAMS) Certified Anti-Money Laundering Specialist and (Advanced CAMS) Certified Anti-Money Laundering Specialist AML Audit. She has also successfully graduated with a master’s degree in entrepreneurship