To protect the integrity of our economy and financial system, anti-financial crime compliance has concepts. Businesses across all industries need to be aware of financial crime risks when engaging with new or existing customers who may pose a higher risk.
Over the last few years, technological innovation has grown exponentially, catalyzed by the need for access to financial systems during pandemic lockdowns. Financial crimes have become an increasingly borderless phenomenon in the globalized world. Digitalization is a double-edged sword, providing opportunities for fraud and money laundering in creating, altering, or stealing information.
Money laundering techniques have become more sophisticated over the years alongside technological innovation. Front companies are being used by criminals who can better conceal their identities when entering transactions or opening accounts. Identity theft is an example where fraud risk converges with money laundering, allowing bad actors to disguise illicit activities through victims’ accounts. These crimes often arise or piggyback off one another.
Anti-Financial Crime Compliance Program
An effective anti-financial crime compliance program consists of the following:
Robust Enterprise-Wide Risk Management and Internal Control Framework
Financial crime risk is an important component of the enterprise-wide risk management framework. In any organization, the design of a risk management framework starts with articulating the organization’s risk appetite, which then drives the risk management policy and tolerance.
There are no one-size fits, particularly with Financial Technology or FinTech. Therefore, this exercise requires extensive risk assessment based on external and internal environments, an ongoing process by which a firm determines the risks and how they can be mitigated.
The implementation of the policy entails setting up the risk governance and control environment, which includes the formation of the board of directors, audit committee, executive committee, and the three lines of defense:
- First line – Business operations which perform the day-to-day risk management activities;
- Second line – Finance, risk, and compliance which provide oversight, set directions, define policy, and provide assurance. The compliance officer who is responsible for the review and implementation of the AML program for the firm must be well trained and qualified and given access to necessary resources to fulfill the needs of the role; and
- Third line – Internal audit offers an independent challenge to the levels of assurance provided by business operations and oversight functions and ensures that the systems and controls function effectively. Outcomes from the audit are inputs for continuous improvement of the compliance risk management process.
Regardless of which of the three lines of defense, everyone has a role to play. Ultimately all must work as a team to be successful.
Effective Customer Lifecycle Governance Framework
The customer lifecycle is the process that encompasses customer selection, acceptance, and exit. This lifecycle can be broken down into five parts:
- Understanding risk setting up a risk rating methodology that considers factors such as customer types, geographies, where customers are from, where they operate, business segments, products or services, and delivery channels. With technology and big data, the use of risk algorithms, other information to be included in the risk rating, and how to access this information are increased.
- Customer due diligence is the application of processes and controls that use risk assessment, the results of which influence the decision to accept or decline a business relationship with a particular customer. Depending on the business model, non-face-to-face customer due diligence is often employed in FinTechs, using identification or verification technology to prevent fraudulent risks at onboarding by using technology to match data points. The technology includes a liveness test, name screening for sanctions and PEPs through automated online searching, and private and public third-party data providers.
- Existing businesses or clients are subject to ongoing review and monitoring, which includes periodic due diligence, transaction monitoring, and red alerts. The increased use of digital solutions for AML/CTF based on Artificial Intelligence or AI with machine learning and natural language processing capabilities can help better identify ML/TF risks and respond to and monitor suspicious activity. Improved real-time monitoring and information exchange capability enable more informed oversight of risk assessments, onboarding practices, accountability, and overall good governance while saving cost.
- Reporting and escalation procedures involve monitoring trends, including establishing KPIs and other statistics for internal stakeholders for information and/or decision-making. External reporting entails reporting to external stakeholders such as investors, external auditors, regulators, and authorities, including suspicious activity or transaction reporting. Escalation refers to breaches that need to be escalated upon their identification.
- The mitigating risk or exit relationship may cause prospective customers to be rejected during the initial risk assessment if they are determined to be beyond a company’s risk profile and appetite. Conditions may change after business relationships have been established, which may be related to changes in the business, regulatory environment, customer activities, or alerts generated from transaction monitoring. This may call for decisions to be made to terminate the business relationships. One cannot downplay the importance of governance in this process, as there can be a significant reputational or regulatory impact on the firm. The policies and procedures on customer exits must be established.
Effective Communication and Training Program
Needless to say, «tone at the top» is critical to the success of any compliance effort, but only if the words of the board of directors and senior management are supported by their actions, genuinely engaged, and motivated to do the right thing. Clear, strategic communication is key to conveying the senior management’s strong commitment to compliance. Targeted and effective communication aligned with the firm’s values significantly impacts teaching a compliance culture.
Employees need to be provided with the tools and knowledge to implement the policies and procedures effectively. A comprehensive training program is essential to improve employee awareness of money laundering and related financial crimes and how they can contribute to battling financial crime in their roles.
The current approach to financial crime compliance is based on rule-based algorithms, which are still relevant in today’s world. Nonetheless, regulators are raising their compliance expectations of financial institutions, specifically to prevent, identify, and predict the movement of laundered money.