Despite the increasing sophistication of client on-boarding activity and new big data analytics such as pattern tracking, regulatory fines for Anti-Money Laundering (AML) continue to be imposed – and continue to rise. These fines are pushing banks into the red and causing reputational damage. To add further pain, a lack of confidence in AML processes is forcing banks to walk away from potentially lucrative customers – and other banking partners – because internal auditors deem the risk too high.
Traditional, siloed regulatory activity – from AML to cybersecurity onwards – is not working, despite the millions of pounds being invested. And on a global level, organisations lack confidence to move into new markets with slightly different AML expectations. Lisa Toth, Global Head of Regulation and Risk, at Hatstand, a Synechron company, insists it is time to stop, rethink and address regulation in a different, more holistic way, to drive down costs, improve compliance and enable critical global expansion.
New Regulatory Focus
Despite the raft of regulation and legislation that has hit the financial market post 2007, it is one of the most mature regulations – Anti-Money Laundering (AML) – that is arguably now having the most significant impact on a bank’s global operations. The problem is not simply the sheer scale of the fines now being imposed – although at billions of pounds, the most recent fines have actually driven banks into red. Instead the issue is the shift of regulatory focus: regulators no longer feel the need to prove bad practice; a belief that an organisation’s AML procedures are not adequately robust is now enough to incur a penalty.
This shift in regulatory approach combined with each country having a slightly different take on AML has created a tangible lack of confidence within the majority of global institutions. As a result, growing numbers of banks are actively walking away from what could be good business with potential new customers and other banks simply because of the potential risks identified by auditors. Without better AML procedures entire global expansion strategies are being jeopardised.
Banks have improved the essential Know You Customer (KYC) and Customer Due Diligence (CDD) processes significantly since AML regulation was introduced almost two decades ago. And yet, AML concerns increasingly affect a range of conversations – from other regulatory demands to new business plans.
So what has to change? Customer on-boarding processes alone are no longer enough to demonstrate strong AML procedures; banks are increasingly exploring big data analytics, specifically transaction pattern tracking, to identify inappropriate activity. The technology is compelling and without doubt will play a key role in revealing links between client activities across different entities – from asset management to foreign exchange – that will help to inform AML insight.
However, AML spans every aspect of a bank’s activity and demands a cross organisational model. Yet right now there is both overlap and inconsistency. AML should be considered together with, not separate from, cybersecurity, for example. Both are concerned with criminal activity and criminal intent and there are clear synergies regarding the way in which criminals may attack or exploit vulnerabilities within an organisation. Yet teams responsible for each rarely, if ever, share insight, ideas or concerns.
Continuing to add new siloed teams to address each new regulatory requirement or security threat is no longer tenable or working. Organisations need to step back and create a single, dedicated regulatory structure that delivers cross-organisational visibility and insight.
The challenge in realising this vision is to create the right governance structure that addresses not only AML but every issue relating to Financial Crime, including cyber fraud, rogue trader, bribery and corruption, terrorist financing, market abuse and insider dealing. The barriers between these teams and a dedicated Financial Crimes team, for example, are clearly causing problems. Organisations need to find a way in which to bring these teams together within one, coherent unit that can provide a single source of regulatory thinking and guidance, sharing resources, data and surveillance tools where applicable.
This central Financial Crime team should transform the way in which organisations address every aspect of regulation and security relating to the matter – not least by providing a single point of reference for regulators and government. At the heart of this transformation is the creation of a data model, which can deliver the essential, complete customer profile that can be shared between all the different parts of the bank – without breaching confidentiality agreements or the required Chinese walls between entities.
While supporting a raft of regulatory activity, this data model is specifically valuable to AML where the ability to track and understand customer activity across asset management, investment banking and retail banking is a fundamental requirement, especially as it relates to the ultimate beneficiary. The creation of a single source of client information, including KYC and CDD, plus the insight delivered by on-going pattern matching, is incredibly powerful in continually assessing the client’s risk profile. Critically, these insights must be securely shared to underpin better communication across the organisation, from on-boarding teams to traders and account managers, to keep all interested parties continually in the loop.
It is essential to create the right data governance model to ensure that information is held in the right place, for no longer than needed, tallies up with audit processes and provided to the right people at the right time. Once in place, the benefits that can be gained through both cost savings and delivering strong financial crime fighting processes – alongside a single source of related regulatory expertise – are considerable.
The new reality is that a holistic approach is not just an option – it is vital. Banks that carry on with the current model will be fundamentally constrained from expansion – especially into new geographies. The right AML processes – for both on-boarding and tracking a customer throughout its lifetime – are vital. Any organisation looking for regional expansion – those moving into the Middle East and APAC as well as Middle Eastern institutions looking to move into Europe and the US – need to feel totally confident about the robustness of AML procedures. Otherwise the combined concerns of both regulator and auditors will, without doubt, minimise expansion opportunities.
With a single, holistic source of advice, guidance and information to provide a financial crime overview for the entire organisation, a bank can fundamentally change the approach to AML compliance. Both regulators and internal auditors will have confidence in the visible processes now being deployed and the enhanced communication across the organisation – allaying fears, enabling new business activity and avoiding punitive fines.