The anti-financial crime or anti-money laundering program. To protect the economy’s and financial system’s integrity, entities across all industries must be aware of financial crime risks when engaging with new or existing customers who may pose a higher risk. Over the last few years, technological innovation and the evolution of digital assets and currencies have grown exponentially, catalyzed by the need for access to financial systems during pandemic lockdowns.
Anti-Financial Crime or Anti-Money Laundering Program
Financial crimes have become an increasingly borderless phenomenon in the globalized world. Digitalization is a double-edged sword, providing opportunities for fraud and money laundering in creating, altering, or stealing information.
Money laundering techniques have become more sophisticated over the years alongside technological innovation. Front companies are being used by criminals who can better conceal their identities when entering transactions or opening accounts. Identity theft is an example where fraud risk converges with money laundering, allowing bad actors to disguise illicit activities through victims’ accounts. These crimes often arise and piggyback off one another.
An effective Financial Crime Compliance program consists of:
Robust Enterprise-Wide Risk Management and Internal Control Framework
Financial crime risk is an important component of the enterprise-wide risk management framework. In any organization, the design of a risk management framework starts with articulating the organization’s risk appetite, which then drives the risk management policy and tolerance. There are no one size fits, particularly with Fintech. Therefore, this exercise requires extensive risk assessment based on both external and internal environments. It is an ongoing process by which a firm determines the risks and how they can be mitigated.
The implementation of the policy entails setting up the risk governance and control environment, which includes the formation of the board of directors, audit committee, executive committee, and the three lines of defense:
- This first line of defense is business operations which perform the day-to-day risk management activities;
- This second line of defense is risk and compliance, which provides oversight, sets directions, defines policy, and provides assurance. The Compliance Officer who is responsible for the review and implementation of the AML program for the firm must be well trained and qualified and given access to necessary resources to fulfill the needs for the role; and
- The third line of defense is internal audit, which offers an independent challenge to the levels of assurance provided by business operations and oversight functions and ensures that the systems and controls function effectively. Outcomes from the audit are inputs for continuous improvement of the compliance risk management process.
Effective Customer Lifecycle Governance Framework
The customer lifecycle is the process that encompasses customer selection, acceptance, and exit. This lifecycle can be broken down into five parts:
- First is understanding the risk by setting up a risk rating methodology that considers factors such as customer types, geography, for example, where customers are from, where they operate, business segment, products or services, and delivery channels. With technology and big data, risk algorithms, other information to be included in the risk rating, and how to access this information are increased.
- Second is customer due diligence, which is the application of processes and controls that use risk assessment, influencing the decision to accept or decline a business relationship with a particular customer. Depending on the business model, non-face-to-face customer due diligence is often employed in Fintechs. It uses identification/verification technology to prevent fraudulent risks at onboarding by using technology to match data points. The technology includes liveness test, name screening for sanctions and PEPs through automated online searching, and private and public third-party data providers.
- Third is where existing businesses or clients are subject to ongoing review and monitoring, including periodic due diligence, transaction monitoring, and red alerts. The increased use of digital solutions for AML/CFT based on Artificial Intelligence or AI with machine learning and natural language processing capabilities can help better identify ML/TF risks and respond to and monitor suspicious activity. Improved real-time monitoring and information exchange capability enable more informed oversight of risk assessments, onboarding practices, accountability, and overall good governance while saving cost.
- Fourth is the reporting and escalation procedures, which involve monitoring trends, establishing KPIs, and other statistics for internal stakeholders for information and decision-making. External reporting entails reporting to external stakeholders such as investors, external auditors, regulators, and authorities, including suspicious activity/transactions reporting. Escalation refers to breaches that need to be escalated upon their identification.
- The fifth and the last is mitigating risk or exit relationship. Prospective customers may be rejected during the initial risk assessment if they are determined to be beyond a company’s risk profile and appetite. Conditions may change after business relationships have been established, which may be related to changes in the business, regulatory environment, customer activities, or alerts generated from transaction monitoring, which may call for decisions to be made to terminate the business relationships. One cannot downplay the importance of governance in this process as there can be a significant reputational or regulatory impact on the firm. The policies and procedures on customer exits must be established.
The web of laws, regulations, and procedures aimed at uncovering attempts to disguise illicit funds as legitimate income is referred to as anti-money laundering (AML). Money laundering aims to conceal crimes ranging from minor tax evasion and drug trafficking to public corruption and the funding of terrorist organizations.