T he breadth of global regulatory change after the financial crisis is unlike anything the financial services industry has seen before.
The heightened regulatory landscape creates extra work – at excessive costs – for compliance teams worldwide. In a bid to reduce risk, regulators increased demands to satisfy their reporting frameworks.
Only last year, the UK’s anti-money laundering (AML) regime was amended to implement the fourth money laundering directive.
This, on top of all the other global rules and regulations that were introduced since 2008 – such as the markets in financial instruments directive II, the alternative investment fund managers’ directive, the bank recovery and resolution directive, Basel II and, in the US, the Dodd-Frank Act – added an extra burden to compliance departments.
Know your client (KYC) checks already addressed the responsibilities to comply with sanction regulations as well as to combat the likes of corruption, fraud, money laundering and terrorist financing. The new and amended UK AML rules do not deviate from these checks but add to them.
The regulations require firms to have a complete AML/ KYC programme implemented; have adequate resources in place to monitor and enforce compliance with the relevant requirements; implement adequate controls and oversight of the AML programme; respond to changes quickly and produce comprehensive reports; comply with latest data security rules; and provide full audit trails.
- New anti-money laundering regulations require firms to have a complete AML programme implemented
- Archaic technology and processes are a real issue for financial services firms
- Jurisdictions are constantly updating their mandates and obligations
Although this might appear simple enough, we notice an increase in the number of firms failing to adequately meet these obligations. Reasons for this include: issues with decision-making, out-of-date technology, and an increasingly global landscape in which firms operate.
Crime advisory team
In-house compliance departments, or AML financial crime advisory teams, are usually at the forefront of establishing KYC policies, which in many cases leads to the lack of consultation with those who implement the day-to-day activity.
This can mean that although there is a strong policy that meets all regulatory obligations, it is simply impossible to implement. Firms often also adhere to the common misconception that policy-setting only needs to be updated sporadically, or worse still, that policy setting is a one-off exercise.
The regulatory landscape is a constantly evolving environment that cannot be ignored, and it is most likely those executing the day-to-day implementation of the policies who will be more acutely aware of any changes in real time. If organisations want to avoid both the disconnect between policy drafting and execution, and the disconnect between policy and regulation, they would be wise to involve a wider group when drafting policy. Archaic technology and processes also appear to be a real issue for financial services firms. There is no denying that KYC tasks are repetitive in nature and therefore can lead to data inconsistencies, inaccuracies, and a duplication of processes.
These tasks are also often performed on different systems that inevitably lead to implementation of manual solutions with the purpose of trying to bridge end-to-end operational procedures.
Compliance also requires extensive documentation requests and verification, as well as proof of identity.
All together, these outdated processes not only frustrate the client (or client to be) but also create an environment prone to high-risk factors.