27 August 2019 by John Cannon
Anti-money laundering measures can lead to growth creation, as well as loss prevention
It’s safe to say that those who create and ensure compliance with regulations face an image problem at times. It is not helped by a political discourse that rhapsodises about the removal of red tape – leading to undue criticism for compliance and regulatory professionals.
Amongst our day-to-day contacts there is an understanding and an appreciation of the work of audit and compliance professionals, as well as the challenges faced and triumphs that are enabled by adherence to good processes. This magazine is, itself, evidence of that.
Those who work in this area will be familiar with the value a robust, creative and technologically-driven compliance function can bring to a business. However, in businesses without a dedicated compliance professional, or one where the function is not given the prominence it deserves, this recognition can be lacking. Using anti-money laundering (AML) regulations as an illustration, I hope to show how much difference a compliance professional can make – not only saving companies from potential regulatory action, but actively contributing to a company’s bottom line.
Depending on the business sector you operate in there will be a host of specialised regulations that you need to comply with. I will discuss AML rules as these spread across most industry verticals and are certainly something that anyone falling under the AML regulations or handling high-value cash transactions will have to adhere to.
The UK currently operates under global, European and national regulations for AML. The key pieces of legislation which drive influence in this area are the European money laundering directives. There have been changes to these in recent years, with fast progression in scope and powers in response to global terror events and revelations of widescale financial crime – a lot for professionals to keep on top of, never mind their colleagues who do not have this as an area of focus. Today, we still must adhere to the fifth version of the EU Money Laundering Directive (5AMLD) as it has been enacted in UK law. However, EU member states are required to transpose the 6AMLD into national law by 3 December 2020, after which, relevant regulations must be implemented by firms within member states by 3 June 2021. Currently, the main AML regulation in the UK is the Money Laundering Regulations 2017.
These rules are enforced by a number of regulatory bodies, including statutory anti-money laundering supervisors such as the Gambling Commission and HM Revenue and Customs, as well as new watchdog The Office for Professional Body Anti-Money Laundering Supervision (OPBAS) which was established in January 2018. Based within the FCA, OPBAS works with the UK’s AML supervisors in the accountancy and legal sectors to help improve standards and strengthen cooperation.
With the weight of numerous bodies overseeing daily activity there is a risk, not unfamiliar to readers, that compliance and audit is seen to be a tiresome necessity. There have even been reports in the press of companies circumventing these absolutely crucial processes in pursuit of growth and profit – overlooking the fact that these rules have been designed not just for consumer protection and market stability, but as a protection for the companies themselves to ensure they have stable, sustainable business models. A focus on meeting requirements without pushing too far past them may have been a core component of the profession in the past, but that’s where it belongs. Modern technology means fewer checklists, more intelligent technology and creativity in how the services are used.
As we move to a more technology-based process and profession – less reliant on manual interventions and monitoring, we not only free talented and educated teams to focus on tasks beyond the quotidian requirements, but also see them moving to work that actively generates business and growth for the organisation.
Here, we are talking about everything from data monitoring systems that can spark alerts automatically when activities on a user account breach certain pre-set limits, to systems that make use of machine learning (ML) techniques to spot problematic patterns in activities which are then flagged to a human overseer who can investigate. Prior to ML regulations being adopted in this area, tasks like ID checks, staff training to spot suspicious activity, sanctions checks and so on were highly manual. Today, thanks to these technologies, staff have systems they can rely on to perform the essential checks and many have changed their way of working, and requirements to match.
So, where previously a printed utility bill and photo ID scan were needed to define ID (and it may take weeks to confirm), now a check can be done for a digital ID in moments to confirm identity (utilising the likes of email address, mobile phone, behaviour through biometrics and device ID) which is highly favourable – as we move to a digital world, these quick decisions are a deciding factor in a company’s ability to maintain customers and to grow in scale.
A key aspect to consider in terms of the danger in relegating audit and compliance to a checklist-based exercise is that, should you become the subject of an audit by a regulator, they may deem your level of sophistication insufficient given the level of risk associated with your customer base, which could be a serious issue.
Another challenge for companies embracing the digital age is the widening gap between technology and compliance caused by the pace of technology innovation. We regularly encounter the desire from forward-thinking companies to adopt the latest technology solutions to prove digital identity and detect fraud and money laundering, but this can be tempered by difficulties mapping it to their compliance teams’ interpretation of what is required to meet their regulatory obligations. For example, using device data, location information and other valuable digital identity attributes doesn’t necessarily transpose well into a compliance view of the need to simply verify name, address and date of birth. It can result in a lag between technology and compliance that can be difficult to overcome.
When technology, regulations and organisational change line up, however, the results are genuinely disruptive. In one recent project, we helped to completely reconfigure the customer onboarding journey with an international financial organisation, creating a seamless digital solution that incorporated data and security screening, as well as AML and financial crime processing, whilst simultaneously delivering an almost tenfold decrease in the average opening time for corporate accounts.
So, apart from customer account creation – how else can a reformed, technologically-driven AML process help a business? For a start, one needs to ask whether that’s the right question. Even if it doesn’t contribute directly to the bottom line, wouldn’t all businesses want to keep their systems and processes up-to-date to prevent financial crime as much as possible?
Then, thinking about the product lines, consider the operational value of low-impact, speedy checks on customer ID statuses enabled by AML technology. Keeping a constantly-updated profile of customers means they do not have to be re-verified if they come asking for further products – enabling much greater speed of service. A great example is in life assurance companies or pension providers. These are areas where, after a customer is signed up, many years can pass with little or no interaction. If these companies are proactively checking the various elements of digital ID available to them in the background, they wouldn’t need to ask a long-term customer to provide ID all over again at a later date. Plus, companies would be aware if the customer circumstances changed and could potentially market appropriate services.
The use of regular checks also helps to manage your business risk. With consent from customers to run these checks, an organisation can generate a realistic overview of all customers, ensuring the risk profile has not changed in that time (so the risk of financial misdeeds is known). When a customer signs up, they could have a pristine check, but if some of their details change so might their risk profile – this could be, for example, as a result of marrying or going into business with someone deemed high-risk.
Given the variety of potential benefits illustrated; from improving customer processes to more efficient business management, it shouldn’t be difficult to convince organisations of the value of AML processes. The UK property industry recently experienced something of a crackdown on money laundering – with one estate agent fined over £200K for its AML failings. Which sector will be next to come under the spotlight and will they be ready for it?
Ultimately, it all comes down to marrying your business’ operational needs with your ability to meet customer expectations. With consumers and corporates both demanding trust as a prerequisite to doing business, it’s important to apply the same high standards in the back office as you would to your public-facing functions. The power of corporate reputation today is well-documented, with the likes of the annual global index from the Reputation Institute examining how stakeholders perceive companies and how those perceptions affect purchasing behaviour.
Change is in the air. It’s a real mindset shift for audit and compliance professionals to become drivers of business lines, rather than simply effecting change because it’s mandated by law. But as we have seen in recent years, the adaptability within anti-fraud, anti-money laundering and other regulatory functions is nearly boundless – this is a natural shift that a modern compliance team should be able to take in its stride.