As long as there is a global financial system, criminals will look to exploit all channels into that system. While most of the key laws that deal with Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) have not evolved, criminals looking to exploit the system are evolving and keenly aware that the financial system, like everything, has become more digitized and automated. Gone are the days (for the most part) when people fly cases of cash to offshore locations. These things can now be done by leveraging technology and hiding behind sophisticated digital platforms that have become increasingly difficult to trace.
Financial firms, with finite budgets, staff and time work hard each year to prioritize their top key risks unique to their firms, in addition to just complying with the letter of relevant laws. While there will always be competing priorities and new emerging risks, the top four areas of focus every compliance professional should be thinking about in 2019 will probably remain a high priority for years to come, especially as we enter the age of automation.
1: Data quality is at the heart of every (successful) technology implementation
As Financial Institutions (FI) rush to jump on the “automate AML” bandwagon, few people talk about the criticality of data quality in this process. Almost every single FI struggles with data quality, and yet – millions of dollars are spent every year implementing new technology. The latest focus is on utilizing artificial intelligence (AI) and machine learning to sophisticated transaction monitoring systems to help optimize the suspicious activity identification process and streamline the investigation process. By its very nature, machine learning models are acutely sensitive to the quality of the data utilized, with poor data quality leading to massive errors and critical failure. While most FIs are keenly focused on their technology; the real focus should be on improving data, which could easily be a two or three year intensive project depending on the size of the organization.
2: (Really) know your customer
Global regulators have had their focus on the topic of Ultimate Beneficial Owners (UBOs) for a few years now, and this will only increase with the recent passage of FinCEN’s Customer Due Diligence (CDD) rule (now considered the fifth pillar of an AML program), as well as the Fifth EU Directive’s public ownership registries and the UK’s UBO registries for companies in overseas territories by the end of 2020. Compliance officers should be prepared to work closely with first line counterparts to breakdown, document and understand these ownership structures that will only continue to increase in complexity. The regulatory demand for really knowing your customer is not going away.
3: Implementing an effective (and compliant) sanctions compliance program is only getting harder
On the back of the Standard Chartered Bank $1.1B fine for AML and sanctions failures, OFAC promulgated one of the most useful pieces of guidance on the topic of sanctions programs in a long time: ‘A Framework for OFAC Compliance Commitments’ published in May 2019. Unfortunately, designing and implementing a sanctions compliance program that is nimble and flexible enough to respond to the rapidly changing sanctions landscape remains the real challenge, even if you have the points in the Framework covered. The critical aspects of a sanctions compliance program is understanding the rapid (and complex) changes in law; getting them incorporated into your system; screening against your customer base and being alerted to changes in your customer’s risk or critical hits at near real-time speed.
4: Crypto-businesses will start feeling the pain of regulation much like FIs, but will crypto-currency regulation change regulatory expectations for traditional FIs?
The regulation of crypto-currency businesses and virtual assets is inevitable. In June 2019, FATF released its much anticipated ‘Global Standards for Crypto Assets’ which can now aid governmental regimes across the world develop better and more consistent AML laws and regulations for crypto-businesses. While FATF calls for implementing much of the same AML requirements on crypto-businesses as on traditional FIs, only time will tell what happens when bank examiners go in to review the programs implemented by these crypto-businesses; what they find (or not find), and how that will impact the expectations placed on traditional FIs, especially on the topic of customer due diligence and transaction monitoring. Compliance officers at traditional FIs should not be blind to how this area is developing, even if they have no desire to ever work for a crypto-business. Soon, these two areas will converge on many fronts.