Anti-Money Laundering – Trends and challenges in the Digital Era
‘Digitalisation’ has become a buzz word in discussions within the organisation and in external communications with our clients, regulators, suppliers and other third parties. At times, these discussions are ‘demanded’. What is the impetus of these discussions? How does this impact our operations, predominantly in relation to Anti-Money Laundering (“AML”) compliance?
Comparing a snap shot of the way business was conducted a few years (if not months) back to one taken today would bring out great differences. What changed? Over the past 20 years, one may witness enormous AML compliance shifts with increasing regulatory layers. Our firms have evolved: globalisation of businesses, the building of substantial compliance operations, changes in policies and processes, new supporting IT systems, and considerable overheads.
In relation to supporting systems, the development strides have been great. Responding to these continuing regulatory changes, organisations have built substantial operations to simplify compliance and mitigate the risks of money laundering, terrorist financing and financial crime in general. These activities have consisted of modifications to processes, research for new supporting IT systems and the development of entirely new operational areas.
There are a number of sectors where digitalisation can be seen to facilitate AML compliance. At the fore is the role of digitalisation in subject persons’ obligations of customer onboarding and ongoing monitoring. Operators tend to find this an expensive, lengthy and disruptive process. In a 2017 report detailing the findings from a study into new technologies in AML compliance by the PA Consulting Group on behalf of the Financial Conduct Authority in the UK (FCA), it resulted that the “vast majority of respondents” to the study (across all industries) were of the opinion that “customer onboarding and maintenance were two of the areas where technology offered the most promise”. Furthermore, “a number of regulated firms [made it clear that] a move to truly paperless working was a priority in the short to medium term”.
In Malta, the 2017 updates to the Financial Intelligence Analysis Unit (“FIAU”)’s Implementing Procedures (“IPs”) introduced technological alternatives for conducting customer due diligence, for example, through the use of video conferencing tools, e-IDs and other additional measures for verification of the identity details and residential address of customers and their beneficial owners. In terms of ongoing monitoring, digitalisation may also assist in improving on mapping customers’ trends, the scrutiny and filtering of transactions, together with overseeing the expiry of data and documents which subject persons are legally obliged to retain.
At the same time, subject persons are being faced with the task of standardising and facilitating a process that ensures AML compliance together with customer delivery. There is a constant drive to deliver a more efficient and appealing customer experience with least ‘disruption’. This is most evident where different subject persons form part of the same group or are assisting customers in the same transaction.
This would also tie in with the reporting obligations of subject persons in AML compliance. Without the necessary tools, employees may not be in a position to be able to detect proceeds of crime, money laundering or suspicions thereof. This may bring about a failure on the firm’s duty to report through the right channels and within the short statutory time-period. On the other hand, technology may not be seen as the be-all and end-all solution for reporting. The role of the Money Laundering Reporting Officer remains key in this process, helping to determine whether the internal report submitted does constitute sufficient information to merit the filing of a suspicious transaction report to the FIAU.
At least annually, all Maltese subject persons are required to give an account to the FIAU of details on their AML compliance policies and procedures. This is known as the ‘Annual Compliance Report’. Additionally, this is sustained with ad hoc data requests from various authorities. The trend seen is that the questionnaires that subject firms are receiving and compiling are becoming more frequent and lengthier. The automation of reports coming from strong tools used by an organisation can save it large volumes of man-hours.
Distributed Ledger Technology (DLT) is currently a hot topic within the industry as financial institutions are looking for efficient solutions to cumbersome and costly regulatory burdens in AML compliance. While DLT may offer certain efficiencies (decentralisation, immutability, removal of intermediaries), certain challenges in AML still remain (lack of standardisation, permissions, different stakeholders’ input). However, it is safe to state that discussions on DLT for AML compliance have only just begun.
With the enactment of EU’s Directive 2015/849/EU on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (known as the 4th directive), the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.02) (the “Regulations”) have been amended to introduce the obligation on every subject person to carry out a risk assessment: this may be achieved by the subject person taking “appropriate steps, proportionate to the nature and size of its business, to identify and assess the risks of money laundering and funding of terrorism that arise out of its activities or business, taking into account risk factors including those relating to customers, countries or geographical areas, products, services, transactions and delivery channels and shall furthermore take into consideration any national or supranational risk assessments relating to risks of money laundering and the funding of terrorism”. There is also the responsibility to carry out this assessment at different stages of a subject person’s activities – the assessment is to remain up-to-date. This coordination of statistics, relevant to each and every subject person, requires the input of the best technologies to ensure that, on the one hand, this assessment is carried out to satisfy AML compliance, but also, on the other hand, for the firm itself to reap other different benefits from its self-assessment.
Ignoring AML compliance brings regulatory and financial risks: recent revisions to the local Prevention of Money Laundering Act (Chapter 373 of the Laws of Malta), the Regulations and the IPs issued thereunder have enhanced the sanctioning regime with a significant increase in penalties that may be prescribed against subject persons (amongst others). These serve both as a deterrent and against actual breaches by local subject persons in their AML compliance obligations.
In this respect, firms should make best use of technological advances to aid in their obligations to detect and deter money laundering and funding of terrorism. There are different approaches to digitisation: it may either be rejected in certain areas but rejected in the right way, for example in smaller firms with a focus on “a personal touch” towards a certain portfolio of their clientele; digital change may be embraced cautiously, from the top-most level within the organisation first and then implemented throughout; finally, a firm may be open to investing in experimenting, exploring and creating innovative solutions to place it at the forefront of the industry. Closing your eyes totally to digitalisation may no longer remain on the agenda. Putting in place suitable tools, frameworks, and policies is essential for staff to help in mitigating the AML risks that are ever-evolving.