There has been a continuous flow of publicity about huge fines levied by the FCA. These have mostly been against banks, for breaches of their anti-money laundering (AML) responsibilities. Some are for data breaches, whilst others relate to anti-money laundering processes. In most cases, this is for failing to stop fraudsters from going about their business, e.g. setting up illegitimate accounts, using fraudulent data.
These fines aren’t small either. In 2020, according to the FCA, they levied fines totalling £192 million against Financial Services (FinServ) companies. Whilst in 2021, this figure rose to £567 million. Although, £264 million of this was levied by the Court against NatWest Bank, following a criminal prosecution brought by the FCA.
So, what exactly is money laundering?
Probably the clearest definition is that it’s “the process of making illegally obtained funds appear legal or legitimate.” Which is a very simple way of putting the activities of fraudsters, also known as ‘bad actors’.
Financial services companies mediate millions of transactions every day, so they are a definite target of financial crime. Organised crime, whether that be drug or human trafficking, as well as those financing terrorist activities, is worth £billions every year, so the stakes are high.
Financial institutions are an obvious target for these criminals. To help control these criminal activities, the FCA lays down clear obligations to banks, and other organisations dealing in financial matters (collectively known as ‘tegulated entities’). These obligations are referred to as AML regulations. They define the procedures and checks that regulated entities need to follow when carrying out their due diligence through KYC or KYB processes.
How easy is it to satisfy these regulatory requirements?
Sadly, the larger and more complex the financial institution is, the more difficult it is to apply these processes accurately across their data. Those saddled with historic ‘legacy’ systems, that were set up years before the tighter regulations were brought in, are most at risk. Many of these systems – often brought together through mergers and acquisitions – are problematic because they don’t ‘talk’ to each other. This makes it very difficult to police with ‘in-house’ systems, as the knowledge isn’t there to build the software solutions needed to bridge those gaps.
Smaller, less complex, or more recently set up entities, have a better chance of meeting the FCA regulations. But the truth is that, however much they invest in countermeasures, the bad actors will still pour in funds to stay ahead of the game. The rewards for doing so are huge, so why wouldn’t they?
What challenges face regulated entities?
- Customer Satisfaction
Since the first Covid lockdown, companies have had to find new and more efficient ways of doing business to attract customers. In today’s ‘always on’ society, customers won’t tolerate slow processes that delay onboarding.
Satisfying an ever more demanding customer and prospect base, has become a focus for companies. Ignoring these new demands means reduced business and market share. Particularly when competitors are providing a swift service that customers demand.
- Meeting Regulation
As we’ve seen, financial penalties can be severe when companies ignore or are unable to meet their AML due diligence obligations. Fines of this magnitude may be mere stings to huge banks but can be fatal to smaller companies. With new regulations now putting the emphasis on senior officers of regulated entities, with the threat of personal fines and prison sentences, it’s not just the company that can be damaged. So, putting in place systems and processes that can avoid such calamitous mistakes is essential.
With bad actors constantly refining their playbooks, regulated entities must do all they can to keep up with the latest techniques. Manual, or semi-manual in-house, systems just don’t cut it in today’s fast-moving environment. Up-to-date and bespoke software platforms, ideally using single-APIs, are the current go-to solutions for companies who wish to cement their future.
- Brand Reputation
There is also the stigma that a regulatory wrist slap can bring. In any market, a company’s reputation is a key asset in its positioning within that market. When choosing which company to purchase from, customers may well view the reputations of companies offering similar offers, as a deciding factor.
Regulatory reputation may not be as ‘on point’ as a company’s ecological or humanitarian credentials, but it has increasing weight amongst consumers and corporate customers. Getting fined for having a sloppy or inept KYC or KYB process, that doesn’t deliver on AML Due Diligence, gives potential customers a bad impression. It can ultimately colour their judgement when it comes to making a choice of company to do business with.
What are the key areas of AML in financial services?
The FCA currently advocates a risk-based approach to AML screening. As a company’s compliance representative, you must decide what level of risk is acceptable for your business, given the products or services you provide. This enables you to set up screening processes to flag anything that goes beyond your risk threshold. Simplifying your processes will reduce the number of records you have to investigate through enhanced due diligence on a manual basis.
KYC/KYB: Know Your Customer or Know Your Business refer to the onboarding processes needed if you are a regulated entity dealing with individuals or companies. They are designed to ensure that the person, or entity, you are dealing with is who they profess to be. This is done through a few checks that will verify their identification:
- Document checking – which can be done remotely, using the latest software techniques, running the documents against national and international databases
- Biometrics – for facial or voice recognition and liveness detection, as well as other anti-spoofing techniques, to ensure that the face you see hasn’t been tampered with
By using the latest software platforms, these tests can be carried out within a few minutes, rather than the days or weeks that it used to take. And they can be carried out at the customer’s convenience, anywhere, if they have a smart device with an in-built camera.
CDD: Customer Due Diligence refers to the level of detail you apply to ensure that the customer is bona fide. It’s what level of detail you go into to check against PEPs, sanctions and other watch lists. If people appear on these lists, it doesn’t necessarily exclude them as a client, but they do carry a greater level of risk and will probably require further verification.
Transaction Screening/Ongoing Monitoring: Most customers will behave in a predictable way. Transaction screening is a way of identifying when a customer diverges from the norm. This may be for completely innocent reasons, but it could also turn out to be suspicious and in need of investigation. Ongoing monitoring ensures that your data is kept up-to-date. By its very nature, personal data can go out of date in a moment, so viewing it every 12-24 months isn’t ideal. Ongoing monitoring is unobtrusive and often automated, so that you only get a flag when a record relevant to you and your risk profile is identified.
SARs: Suspicious Activity Reporting refers to your obligations to refer to the relevant regulatory or criminal authorities, anyone who your investigations turn up as being suspicious for any reason. It’s not good enough to take the decision not to do business with them, rather a SAR needs to be filled out and sent to the relevant authority.
What’s the solution?
Companies often avoid bespoke software solutions as they believe their introduction will be a) expensive, b) time-consuming, and c) intrusive and disruptive. In reality, modern software solutions are none of the above. A clear brief and aims will ensure that the solution is cost-effective. Solutions are tailored to your specific needs, at very short timescales. Linking with disparate systems that don’t talk to each other is rarely an issue and implementation is seamless and pain free, as the solution is remote and managed through the cloud. Downtime is a thing of the past.
So, the future of managing crime in the financial services sector is here and now, in the guise of single-API software platforms, that remotely manage all of your AML due diligence obligations. They bring all your data together, verify your customer records, report on suspicious activity and potential fraud, and provide an audit trail for the regulator.
NorthRow provides such a single-API system, which can be tailored to your specific needs, and is delivered through an intuitive front end that we call WorkStation.