In previous times, firms were free to focus on the customer, but now compliance issues also require significant investments of time and resources. Indeed, compliance officers may feel that compliance has usurped the customer as the bank’s number one priority.
The adoption of anti-money laundering (AML) legislation globally has developed much like the rings expanding from a rock thrown into a pond. The basic regulatory approach for AML was established in 2002 with the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act in the US and in 2007 by the EU’s Third Directive on Money Laundering. These two compliance frameworks and their updates have influenced AML legislation throughout the world. Moreover, the evolution of regulation in any given country has often followed similar patterns – by tier, by financial sector, by pace of technology adoption, and by AML focus (watchlist filtering/customer diligence and transaction monitoring).
Broadly speaking, regulators tend to focus first on large banks, due to their role in international financial transactions as well as their domestic importance as money centres. Scrutiny will then be applied to other financial sectors, primarily brokerage, insurance and money services. Next, examiners will knock on the doors of smaller financial institutions such as credit unions and community banks. In terms of operational requirements, in the initial stages, banks are first asked to comply with the goals of AML by implementing procedures for customer due diligence, identifying suspicious behaviour and so on. The next phase is when regulators direct institutions to implement technology to achieve more effective results in AML.
The story does not stop there, however. Regulators devise refinements to the AML regime, such as the risk-based approach to customer due diligence developed first in the EU, legislate harsher penalties for compliance failure, or take action against specific institutions. All of these developments drive banks to refine their operations and seek new technology to keep up with the evolving requirements and avoid regulatory risk.
This pattern has unfolded over the past eight years in the US. A similar pattern can be seen in numerous other jurisdictions globally, although the speed at which AML regulation develops varies from country to country.
In Asia, jurisdictions including China, India, Indonesia, Malaysia and the Philippines have had AML regulations and Financial Intelligence Units (FIUs) in place for some time, but have been slow in requiring banks to implement AML programmes and technology. On the other hand, Australia entered the AML regulatory arena fairly late, but moved swiftly to require operational and technology compliance from the banking industry.
A number of jurisdictions in Asia have followed an additional pattern of regulatory development in terms of AML focus. Jurisdictions including China, India, Hong Kong and Japan have first required banks to implement watchlist screening capabilities, designed to identify sanctioned entities, and the filtering software to support this. Only at a later stage do regulators require banks to implement transaction monitoring software, for the purpose of identifying suspicious activity. Moreover, a number of countries are still in the first phase of this process.
Understanding these commonly found patterns in the evolution of AML compliance – by tier, industry sector, pace of technology and AML focus – can aid local and multinational financial institutions alike in implementing their compliance programmes in a phased manner, and to allocate resources to the problem at a level appropriate to each stage in the compliance rollout.
Another indicator of when to ‘pull the trigger’ in investing in AML is when a country, or even a specific bank within a country, receives a bad AML report card by regulators from an influential trade partner such as the US, or by an international AML consortium such as the Financial Action Task Force (FATF). Typically this will result in local regulators setting a timeline for financial institutions to improve their AML compliance, and often stipulating the adoption of technology as a cornerstone of this effort. The enforcement action issued against a Japanese bank by the US Federal Reserve and the FATF review of AML in Hong Kong are good examples of this.
At large multinational banks, the processes and technology of AML compliance are being affected by this spread of AML regulation from North America and Europe to countries around the globe. For large multinationals operating in many countries, this is driving a need to standardise processes across regions. These firms must maintain the regulatory levels of their home markets, while still complying with country-specific regulations in each locality. To achieve this, multinational firms have been centralising aspects of their compliance operations in regional hubs, which optimally then report into to a global compliance back office.
This centralised approach requires technology platforms that can support compliance operations for multiple countries, both the specific local requirements and the global standardised requirements. A number of software providers have developed solutions with this capacity, across the three major modules of AML technology: transaction monitoring, watchlist filtering, and case management.
Large financial institutions are continually seeking to refine processes, realise efficiencies, and reduce compliance risk. As they gain experience in their AML practice, it can be hard for vendors to keep up. Five years ago, banks were struggling to understand the details of AML compliance, and particularly the various requirements in different countries. At that time, firms tended to rely on AML software vendors for information on the finer points of compliance and multi-national deployments. Today, having built out their AML operations and developed business processes, often through trial and error, banks now may have a very clear idea of the specific capabilities they need. In a sense the tables are turned, and it can be difficult for AML vendors to fully accommodate their clients’ requirements.
The insistent evolution of AML regulation and AML best practice has a very clear effect on the cost of AML programmes at banks. Financial institutions both in jurisdictions that are putting in place AML regulations, as well as in markets with mature AML compliance regimes, can expect AML compliance costs to continue to increase at a rate of 5-10% annually for the foreseeable future. This is another factor driving best-practice firms – particularly multinational financial institutions – to standardise and automate their AML operations. If successful, this approach can keep overall AML investment flat by reducing operational costs for existing processes and technology, even as spending on new compliance rises. This balancing act will be the key to financial institutions to outliving the never-ending story of AML compliance.
Regulation technology is fast gaining currency by transforming how financial institutions can tackle compliance in a swift, comprehensive and less expensive manner.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.
Banks might feel justified in victim blaming when fraud occurs, but it does little for customer confidence.