The impact of the current pandemic has resulted in organizations and regulators across the globe operating in an entirely new environment. Whilst we adjust to the new normal, unfortunately there will be those who will look to exploit gaps and weaknesses within current anti-money laundering (AML) systems. As new money laundering risks start to emerge, organizations need to remain vigilant to ensure they continue to effectively mitigate such risks, exploring ways in which technology can enhance the way they operate. With an estimate of 2 – 5% of global GDP, or $800 billion – $2 trillion being laundered each year[1], technology can help play a huge role in staying on top of preventive, detective and enforcement measures. Though the margin between these figures is huge, even the lower estimate underlines the seriousness of the problem governments, banks and financial institutions need to address.
Newer ways of laundering money from criminals and correspondingly changing regulatory expectations have made it challenging for banks to keep their AML compliance programs effective. With regulators across the globe adopting the approach “If you could have known, you should have known”, there is increased pressure on compliance teams to meet heightened regulatory expectations. Today, AML compliance for banks is no longer a standalone function but one that is increasingly complex with its scope across functions such as legal, risk, operations and tax. With ignorance no longer being accepted as an excuse, minimum compliance to regulatory obligations is no longer enough.
Countless regulations related to AML and sanctions are creating complexity, especially for those institutions that operate on a global scale. These regulations require them to verify and validate each customer and their transactions to ensure compliance. One recent example is the focus on sanctions as a result of the Ukraine conflict. The biggest challenge for institutions tends to be legacy issues. This includes disjointed systems and data sets, inconsistent application of regulations and inefficient systems. This results in significant increase in manual interventions in terms of alert clearance (thereby increasing headcount requirement) raising an institution’s cost of compliance.
A significant number of financial institutions have their Global Capability centers in India. While they may have started taking into consideration cost arbitrage and the scalability advantage, it no longer remains the primary reason. Over the years they have significantly evolved to now being the center of excellence (COE) for AML services for their global operations. However, there are a few issues that continue to plague the AML compliance function, some of which are:
Governance
o Challenges in managing shared services remotely through service-level agreements
o Lack of accountability from shared services to FCC/ governance over the shared service
o Keeping up with new requirements
o Uneven visibility and mitigation of AML risks, periodic self-assessment and formalization of quality assurance
Process
o Manual process siloed by geography/ businesses
o Quality of documentation/ audit trail for regulatory inspection
o Lack of MI on risks across processes/ model
o Challenges in referring to possible suspicious activities to address emerging risks
People
o Shortage of qualified staff (with existing operations being geographically focused)
o Lack of a well-defined career path and available training
o Integration of sanctions compliance with global culture
Technology
o Disconnected, slow and inefficient workflow
o Impact of the transaction screening services (TSS) initiative
o Single-source repository of customer data unavailable to business/ compliance users
o Multiple, antiquated systems
o Limited system functionality
The focus of Global in-house centers (GICs) should be to create a new target operating model that can address these concerns. The following are some Technology Operating Model (TOM) dimensions that can be considered, as organizations evolve their GCC capabilities.
Strategy and Governance – Creating a unified vision to manage AML compliance holistically
o A clearly articulated strategic approach that considers various operations such as compliance, legal etc. and obtains business buy-in
o Full coverage of group-wide in-depth AML landscape to enable effective risk management and oversight of group-wide AML operations and activities
o A consistent, streamlined governance framework with clear escalation protocols
o An effective assurance process to monitor compliance and consistency
o An effective assurance function to provide an independent assessment of the effectiveness of the AML framework
Organization and People – A talent pool that evolves with the needs of the organization and regulatory obligations
o Clearly defined organisational design with roles and responsibilities
o Clear ownership of sanctions governance, execution and accountability
o Suitably skilled resources in the right location
o Clear growth path for employees
o Focus on GIC as a COE rather than a back-office operation of the organisation
Process and technology – Connecting various data feeds, systems and processes to create a unified command
o Well defined AML policies and procedures to create a standardized and consistent approach to AML risk management across geographies/ operations
o Efficient processes with sufficient levels of consistency, centralization and automation
o Integrated case management system to support audit trails relating to alert investigation and reporting requirements
o Third-party data sources to support investigation activity
o A collaborative group functions with an information-sharing mechanism to enable timely, consumable information when and where it is needed
For AML compliance to be effective, they must account for new money laundering risks and changing regulatory guidelines and expectations. Given the current dynamic environment, regulatory pressure to create a more mature AML compliance program is expected to continue to increase. Ensuring compliance requires institutions to re-look at their GCC which has become a core of their business operations and compliance functions. Optimizing AML compliance can be a complex task, but with the evolving maturity of GCCs in India, and the availability of a large talent pool (both technical and subject matter experts) in the country, it is time for organizations to relook at their TOM to be more effective and efficient.
Written by
KV Karthik, Partner – Forensic, Financial Advisory, Deloitte India.
