Global anti-money laundering – are you ready for a perfect regulatory storm?

February 2022 | SPECIAL REPORT: CORPORATE FRAUD

Financier Worldwide Magazine

February 2022 Issue

Like death and taxes, money laundering will always be with us. Over the years financial institutions (FIs) have worked very hard at trying to keep one step ahead of criminal organisations that have targeted them to launder the proceeds of their activities. Some FIs have developed quite sophisticated programmes to counter money laundering while others still lag behind.

In 2019, we commissioned a survey that sought to gather intelligence regarding the key themes and trends that global FIs were experiencing with their anti-money laundering (AML) compliance programmes. The survey results identify many common issues and challenges that may resonate today. These issues and challenges can be broadly grouped into three distinct areas: financial crime governance, risk management and operationalisation.

Financial crime governance

Both before and after our survey there have been a number of enforcement actions taken by global regulators that have been a reminder for FIs that board involvement in, and appropriate oversight of, AML compliance programmes is critical.

For example, the UK Financial Conduct Authority expects senior management to take responsibility for a firm’s AML measures which includes knowing about money laundering risks to which the firm is exposed and ensuring steps are taken to mitigate those risks effectively.

Areas such as board training, understanding and appreciation, reporting and management information and escalation frameworks and protocols remain of high importance. However, in many cases this might not be borne out in practice. Before the coronavirus (COVID-19) pandemic our survey found that just over a third of respondents either did not provide regular training or briefings to members of the board or were not aware of such training. With the onset of the pandemic and remote working this figure may be much higher. This is a significant enforcement risk to firms where board training is a legal requirement.

Another area which may have increased pressure following the pandemic is budgets. Our survey revealed that 41 percent considered their AML budget inadequate or severely inadequate while 74 percent correspondingly expected an increase in their AML compliance-related spending.

The pandemic may have led to a significant increase to these figures. More widely, the United Nations recently estimated some $1.6 trillion is laundered every year, and authorities say lockdown measures have presented criminals with even greater opportunities to commit offences.

Risk management

Financial crime risk assessments and risk appetites remain key areas of challenge for firms. According to our survey more than half of all respondents identified adequate AML risk assessments as one of their top three challenges and also over a half of businesses did not complete a benchmarking or independent validation exercise of their AML programme.

While it is difficult to say whether these figures increased during the pandemic, the significant move to virtual as opposed to in-person transactions, particularly in jurisdictions that imposed lockdown measures, suggests that this might be the case. Some FIs have also found it challenging to adapt to the risks the new operating environment has created.

It is also worth noting that the new operating environment is not only being shaped by criminals developing more sophisticated methods, but also by regulatory change. Arguably, the UK’s AML regime is facing one of the biggest shakeups. Earlier this year HM Treasury launched a review of the “systemic effectiveness” of the UK’s AML and counter-terrorist financing regime and has called for evidence on such fundamental questions as whether the current legal regime is effective and meets its objectives. In the European Union, the European Commission also issued earlier this year its own AML reform package.

Operationalisation

The day-to-day operation of an AML compliance programme through policies and procedures including know your customer processes and ongoing monitoring in the three lines of defence has been under strain.

Our survey found that transaction monitoring systems and customer due diligence were areas posing significant challenges for FIs and we have seen this remain the case throughout the pandemic, with many firms seeking RegTech solutions.

While a discussion on RegTech solutions is outside the scope of this article, it is worth mentioning that there are multiple considerations that a firm needs to take into account when deciding on a suitable technological solution, such as commercial, operational, regulatory and risk management factors.

Firms also need to appreciate that they may require a diverse range of technology solutions to address specific and unique AML challenges within their operating environment. They must also consider that any proposed technology solution will need to coexist and integrate with existing IT and data infrastructure, and be able to explain how the solution implemented contributes to the material reduction in residual risk exposure for the firm.

Regulatory scrutiny

When taking into account all the issues relating to financial crime governance, risk management and operationalisation, it seems fairly certain that AML is becoming a perfect regulatory storm that FIs need to pay close attention to.

Before our survey, significant enforcement action was seen in various jurisdictions and in some of these it included those individuals responsible for AML compliance.

Our survey found that 71 percent of respondents received increased regulatory scrutiny in 2020 and 81 percent expected increased regulatory scrutiny in 2021. Furthermore, one of the biggest challenges for FIs operating across different borders was the differing regulatory expectations.

Arguably, given recent developments in some jurisdictions, notably in the US with the Biden administration’s National Security Study Memorandum, regulatory scrutiny is set to increase and the complications of differing regulatory expectations in cross-border money laundering investigations is also set to rise.

Next steps to consider

Businesses should consider reviewing their end-to-end AML frameworks and governance for the purposes of assessing how well current risk assessments reflect the ‘new normal’ of the post COVID-19 environment and how control processes should be updated accordingly. This may include the following.

First, conducting an independent review to not only assess levels of compliance with AML rules, but also the efficiency and effectiveness of current internal processes. This will help identify strengths and weaknesses and refocus resources on problems that need immediate attention before they come to the attention of the regulator. In many jurisdictions there is a legal requirement to conduct such independent reviews periodically.

Second, conducting a comprehensive assessment including testing of control operations to measure the operational effectiveness of transaction monitoring.

Third, reviewing the quality of management information, ensuring that it contains sufficient quantitative and qualitative information so that trends or emerging issues can be spotted.

Finally, conducting and providing continuous professional training in order to keep up with the increasing plethora of regulatory initiatives. In addition, considering enhanced training for senior management and staff in key AML roles.

John Coley is head of risk consulting, Europe, Middle East and Asia, Tom Lord is project manager, regulatory compliance and Simon Lovegrove is global director of financial services knowledge, innovation and product at Norton Rose Fulbright. Mr Coley can be contacted on +44 (0)20 7444 3024 or by email: john.coley@nortonrosefulbright.com. Mr Lovegrove can be contacted on +44 (0)20 7444 3110 or by email: simon.lovegrove@nortonrosefulbright.com.