Maintaining the Spotlight on AML/CFT in the Post-Covid19 World
Over the last two years, through its position papers, Fintelekt has highlighted the key elements of an effective AML/CFT framework with a focus on improvement areas for banks, highlighting existing gaps. We also provided strategic recommendations for the banking industry, in the interest of contributing to a stronger AML/CFT compliance regime in the region.
Over the last year, the Covid-19 pandemic and resultant disruption to the global economy has presented new challenges to the AML compliance teams within banks in terms of operational difficulties, especially in AML monitoring and reporting, emergence of new threats and vulnerabilities, and in many cases, costs and budgetary pressures.
At the start of the pandemic, several regulators took a lenient approach towards banks and financial institutions, making allowances for delays in reporting and supervision. However, increasingly the regulatory expectation from banks is to continue to track new and emerging typologies and keep up the monitoring and reporting rigour. AML compliance departments are also expected to play a crucial role in maintaining business continuity and protecting the institution from the threats posed by the dynamic Covid-19 environment.
The role of AML/CFT compliance professionals has never been more important, and it is imperative for AML/CFT compliance heads to assume a leadership role within the bank and become significantly more valuable as true advisors, as banks and financial institutions navigate their way through increasingly complex regulations and risks.
(2) Compliance ecosystem maturity
The Financial Action Task Force, which is the inter-governmental policy-making body whose objective is to set standards and promote effective implementation of legal, regulatory and operational measures for AML/CFT to safeguard the integrity of the international financial system, has laid down the 40 recommendations which are in turn
enforced by country regulators. It identifies jurisdictions with weak measures with respect to AML/CFT and publicly lists countries with weak AML/CFT regimes.
The current list of jurisdictions with strategic deficiencies include Albania, Barbados, Botswana, Cambodia, Ghana, Jamaica, Mauritius, Myanmar, Nicaragua, Pakistan, Panama, Syria, Uganda, Yemen and Zimbabwe. The jurisdictions of Iran and North Korea remain in the High Risk Category.
Lately there has been a lot of debate about the FATF approach (and this is being acknowledged by the FATF itself as well) around the mutual evaluation methodology and there is also increasing dialogue within many countries whether the FATF process and approach itself is democratic or not, and this is especially felt in countries that may not have access to resources that are required such as access to technical expertise, internal capability and spending capacity.
And while many of the disadvantaged countries have the will and may want to do something about the problem but have genuine constraints, on the other hand we are actually seeing lack of will and inclination in certain areas of adherence to standards within some of the developed nations to control money laundering and terrorist financing.
And this begs the question – Are the developed countries justified in their demand of action from some of the developing countries and are they really right in the demands they make of the developing countries in the ecosystem. Now this is not an excuse for the disadvantaged countries to not comply, but I think it needs to be taken into account when different types of countries are evaluated at a global stage, so that there is no undue discrimination.
When it comes to actual compliance maturity evolution within a country, each sector has evolved at a different pace. For example, large multinational banks and insurance companies, and large national private sector banks and insurers, have really leapfrogged in terms of AML/CFT compliance evolution. But certain types of institutions – such as smaller public sector banks, insurers or cooperative banks, non-banking financial institutions, smaller insurance companies, DNFBPs, brokers, have arguably not kept pace in many countries.
So if one looks at it from a macro perspective, there has definitely been an upswing over the last many years, but at a micro level, one can still see plenty of vulnerabilities and each country is only as strong as its weakest bank or institution.
(3) Recent global trends in AML/CFT
Drive to Effectiveness v/s Technical Compliance: This is the first over-arching trend that we are seeing. Those of you who follow the FATF, will remember that last year, the FATF Executive Secretary made a statement at the FATF Plenary, where he said that there has been considerable failure in AML/CFT technical compliance and effectiveness globally across countries and institutions. And it appears clear from this statement that all parties involved – be it the government, regulators, supervisors, law enforcement, judiciary or the various categories of reporting entities – all have a long way to go on the path of improvement. Therefore for the global compliance ecosystem, there is a indeed still a lot of work to be done.
Risk-based Approach: The move to a risk based approach is definitely being spoken about a lot, and we also see regulators in many countries in Asia clamping down on reporting entities and mandating enterprise wide AML/CFT risk assessments.
Beneficial Ownership, TBML, Terrorism, Trafficking, Cyber: In the recent past, as many countries try to weed out corruption, we have also seen a higher focus on beneficial ownership norms. There is a high level of scrutiny on trade transactions, and we are also witnessing a rise in public private partnerships, more cooperation and coordination between various stakeholders such as the police, customs, income tax, enforcement departments and the financial services industry. The fight against trafficking, whether it is human / wildlife or organ trafficking, seems to be intensifying and while the problem is still huge, there now seems to be more cognizance within the financial sector to figure out ways to identify transactions and parties involved in this. Cyber fraud and other types of fraud schemes have witnessed a high upswing during the pandemic.
Public Private Partnerships: We are seeing more traction in Financial intelligence/information sharing partnerships (FISPs) which allow regularly convened public private dialogue on financial crime threats towards building a common understanding of risks, threats and vulnerabilities affecting the national AML/CFT system. These could be Strategic, which are aimed at the exchange of aggregate strategic information or Operational, aimed at advancing concrete investigations through the exchange of tactical operational information. These programs are usually aimed to be goal-oriented on priorities, create mutual value for all partners and complement the existing suspicious transaction reporting regime in a country.
Non Face-to-face Due Diligence: At a tactical level, more recently, there has been an increased trend of moving to non face-to-face KYC, due diligence and risk profiling because of the pandemic, as well as measures on countering cyber fraud and the use of cryptocurrency for money laundering and proliferation finance.
Quality of Reporting: On the regulatory side, quality of reporting is seeing a tremendous focus and financial intelligence units are laying a significant emphasis on this, especially as they themselves come under pressure from the government and law enforcement units, and are in some cases themselves being audited for effectiveness. Having a robust transaction monitoring system, supported by a good team of AML analysts, is critical to the success of effective and efficient reporting. Equally important is training the customer facing staff to identify potential suspicious behavior and report it to the compliance team, without tipping off the customer.
Business Conduct and Governance: We are also seeing an elevated focus by regulators on banks’ business conduct, essentially more emphasis on ensuring that the tone from the top is actually helping to build a better compliance culture.
(4) The evolving role of the compliance professional
The world is going through tremendous changes now and it is unclear how this is going to pan out in terms of translating to stakeholder expectations, risk management and operations in the medium and long term. Compliance professionals need to continuously develop their ability to deal with uncertainty and at the same time acknowledge and accept that they own role is changing.
To draw a parallel, one needs to consider how the role of the CFO or the CRO evolved over time over the last three decades and became more strategic as opposed to operational. Similarly, the compliance role is also becoming more strategic as financial institutions realise that they need to conduct business in a sustainable and compliant manner. Therefore, compliance professionals need to, over the next few years, figure out how they can become more and more valuable to the institution in terms of being true advisors internally and not just be perceived as a tool for submitting regulatory reports. Earlier, the role was limited to understanding regulations, submitting reports to the regulator, ensuring that there is right technology in place, compliance training across the organisation, and ensuring a team of qualified AML analysts. Now, in the next step of evolution, the compliance officer has to be aware of the latest concepts such as RegTech and virtual currencies, know how to analyse patterns and not just transactions, work closely with product teams to ensure that new products being launched are not susceptible to money laundering, understand local and global typologies, and map trends based on historical data of suspicious activity and reports to ensure that customer facing staff is well aware of risks in each geography that the institution operates in.
All through this process, the ability of the compliance officer to adapt to rapid change – whether it is regulations, technologies, typologies, mindsets – is critical. It is now also incumbent on the compliance officer to provide a strategic view to the top management on how the compliance department can actually help business and not hinder it.
Regulators expect not just reports and data, but actual intelligence and analysis. Compliance professionals therefore need to take a look at the bigger picture and understand and implement controls and measures not just across various functions and departments within the bank, but factoring in a deep understanding of risks across the entire supply chain of third parties that the institution associates with in terms of customers, correspondent banks and institutions, brokers, agents and sources of capital. In many leading institutions, this is already happening, but in a majority of them we see this as something missing i.e. the inability to look at the big picture. Collaboration across the ecosystem is now being recognised as a way to more effectively fight financial crime in a collective manner, and this is something that compliance professionals need to tune their minds and actions towards – a more collaborative and collective approach.
Over the last two decades of AML/CFT focus, we have seen the evolution of the regime moving from transactions to patterns, from detection to prediction, from working in silos to collaboration, and from technical compliance to effectiveness. But what we have to recognise that the challenge today is NOT the absence of standards. The challenge today is the robust and thoughtful implementation of standards, and the need of the hour is collaborative action amongst all stakeholders – be it the government, regulators, supervisors, judiciary, law enforcement, intelligence agencies, public sector institutions and the private sector – acting in true partnership, against a common enemy, individually as well as through partnerships – both formal and informal.
Do not wait until the regulator slaps a penalty on your institution to implement a strong and demonstrable training program across all levels within the institution. A reactively implemented AML/CFT program does not bode well for your institution’s reputation with the regulator.
In a majority of institutions, the business will often look for loopholes to compliance practices… as a compliance person, it is part of your job to sensitize the business regarding the risks and to protect the institution. And this is also why you need to have a grasp of the business side, and not just focus on compliance in a silo. Encourage the business to follow compliance in the right spirit and not merely as a tick mark item.
Factor in the latest industry trends, new typologies and case studies into your AML/CFT program. It is not a very easy task, but it needs to be done. There are a number of publicly available resources to help with this, such as the latest reports from FATF, The Egmont Group, UNODC and Interpol. And Fintelekt Academy (https://fintelekt.academy) currently has more than 100 training videos available across various subjects within AML/CFT, and most of them are free-to-view, with new ones getting added every week.
Finally, one-time certifications are not the answer… remember that most large global institutions have been penalized despite having dozens and sometimes hundreds of certified compliance professionals in their compliance teams. Continuous, practical, peer-generated and role-specific learning is key to minimizing your risks.
The presentation file can be downloaded HERE.
Prepared for the Asian Bankers Association by:
Fintelekt Advisory Services Pvt Lt