T he breadth of global regulatory change after the financial crisis is unlike anything the financial services industry has seen before.
The heightened regulatory landscape creates extra work – at excessive costs – for compliance teams worldwide. In a bid to reduce risk, regulators increased demands to satisfy their reporting frameworks.
Only last year, the UK’s anti-money laundering (AML) regime was amended to implement the fourth money laundering directive.
This, on top of all the other global rules and regulations that were introduced since 2008 – such as the markets in financial instruments directive II, the alternative investment fund managers’ directive, the bank recovery and resolution directive, Basel II and, in the US, the Dodd-Frank Act – added an extra burden to compliance departments.
Know your client (KYC) checks already addressed the responsibilities to comply with sanction regulations as well as to combat the likes of corruption, fraud, money laundering and terrorist financing. The new and amended UK AML rules do not deviate from these checks but add to them.
The regulations require firms to have a complete AML/ KYC programme implemented; have adequate resources in place to monitor and enforce compliance with the relevant requirements; implement adequate controls and oversight of the AML programme; respond to changes quickly and produce comprehensive reports; comply with latest data security rules; and provide full audit trails.
Key Points
- New anti-money laundering regulations require firms to have a complete AML programme implemented
- Archaic technology and processes are a real issue for financial services firms
- Jurisdictions are constantly updating their mandates and obligations
Although this might appear simple enough, we notice an increase in the number of firms failing to adequately meet these obligations. Reasons for this include: issues with decision-making, out-of-date technology, and an increasingly global landscape in which firms operate.
Crime advisory team
In-house compliance departments, or AML financial crime advisory teams, are usually at the forefront of establishing KYC policies, which in many cases leads to the lack of consultation with those who implement the day-to-day activity.
This can mean that although there is a strong policy that meets all regulatory obligations, it is simply impossible to implement. Firms often also adhere to the common misconception that policy-setting only needs to be updated sporadically, or worse still, that policy setting is a one-off exercise.
The regulatory landscape is a constantly evolving environment that cannot be ignored, and it is most likely those executing the day-to-day implementation of the policies who will be more acutely aware of any changes in real time. If organisations want to avoid both the disconnect between policy drafting and execution, and the disconnect between policy and regulation, they would be wise to involve a wider group when drafting policy. Archaic technology and processes also appear to be a real issue for financial services firms. There is no denying that KYC tasks are repetitive in nature and therefore can lead to data inconsistencies, inaccuracies, and a duplication of processes.
These tasks are also often performed on different systems that inevitably lead to implementation of manual solutions with the purpose of trying to bridge end-to-end operational procedures.
Compliance also requires extensive documentation requests and verification, as well as proof of identity.
All together, these outdated processes not only frustrate the client (or client to be) but also create an environment prone to high-risk factors.
These processes can take a considerable amount of time to both fulfil and satisfy regulators’ requirements.
As a result, the cost of being compliant escalates as financial institutions try to stay ahead of terrorists and fraudsters.
Organisations with a global footprint usually have their policies drafted from headquarters; which can create further problems. Local regulatory nuances are often ignored, becoming problematic further down the line when certain KYC procedures cannot be implemented in offices in certain countries.
Regulation is a fast-moving area and jurisdictions are constantly updating their mandates and obligations;for any global firm it is imperative that a coherent and well-implemented global KYC and AML frameworks are in place.
Overcoming these challenges is no easy feat. Issues tackling technology can be solved with the introduction of shared ledger facilities although building and the time it takes could prove to be disruptive, at least in the beginning.
Automation
There is no denying that automation can help ensure that financial institutions comply with international regulations. While regulatory technology, or ‘RegTech’, now offers some solutions maximising the potential associated with these solutions within an organisation will very much depend on the skilled use of the technology and specialist knowledge.
To successfully reap these benefits, organisations must require the correct knowledge, expertise and manual skills to operate them, which is why see an increasing number of firms turning to external service providers.
As described above, the KYC and AML processes are a real challenge within organisations. The processes are arduous, time-consuming and prone to high-risk factors. In many organisations, regional teams follow a common process, but a lack of communication across each office can lead to a host of problems, including duplication of work and multiple requests are made to the same entity via different routes, which negatively affects clients. Even with an in-house shared ledger facility, the real benefits can be missed. Populating a database is all well and good, definitely the first step, but how the algorithms are used to extract data, check and update it, analyse and communicate it efficiently requires expert know-how.
A trusted service provider can not only set up the shared ledger facility but also manage it to ensure that all regions communicate with one another by sharing the same analysed information.
There will always be a need for the human touch, no matter what technology is in place.
RegTech might be able to improve efficiency, cost and speed by automating a manual process, as well as help streamline and simplify it, but the main benefit will be ongoing client monitoring. Software can monitor not only the client after the on-boarding exercise but also the regulatory scene worldwide.
Software can identify updates in regulations and sanction lists, but it takes a skilled person to highlight and analyse the data.
New and innovative technology will continually be on offer. What is important is that firms decide to use it – it should be seen as the great tool that it is.
To realise its full potential, financial institutions would be wise to ensure that they also employ people with the correct manual skills, expertise and know-how.
Instructing a trusted global service provider is another option if you want to keep costs down and the in-house team to a minimum. They can combine the implementation of the technology with manual analysis while also reviewing the captured local data, which set an organisation apart and give it the best possible tools to ensure full compliance, on budget, with regulatory KYC and AML obligations fully met.
Andrew Frost is director, investment management solutions at Lawson Conner
