AML: seize the upper hand

Businesses are under pressure to demonstrate they comply with all applicable rules, but using technology to implement the best possible risk management and AML processes can help, say LaNishka Farrington-McSweeney and David McGibbon of EY.

As financial crimes grow in volume and complexity, businesses and executives around the world must continue to strengthen their anti-money laundering (AML) efforts.

While companies confront a growing risk from increasingly sophisticated bad actors looking to perpetrate crimes, they also find themselves under heightened regulatory scrutiny. To navigate these challenges, enterprises must review the effectiveness of their AML programmes. This includes matching technology enablers with protocols to enhance the efficiency of their AML capabilities so they can detect unusual behaviour.

The estimated annual cost of money laundering and associated crimes ranges from $1.4 trillion to $3.5 trillion. The amount is difficult to pinpoint because, besides penalties such as fines for non-compliance, there are hard-to-quantify costs such as reputational damage.

To compound difficulties, companies often lack a structured risk and control environment to help mitigate the risk of complex issues. Operational structures often aren’t in sync with the fast-moving financial crime environment.

New rules
In addition, regulators are expanding their reach, requiring greater oversight, transparency and reporting from companies.

The amended Anti-Money Laundering Regulations (AMLRs) of the Cayman Islands, for instance, broadened the scope of regulations to all investment funds, including private equity and other closed-end funds (such as venture capital and real estate funds) not registered with the Cayman Islands Monetary Authority (CIMA). Regular risk-based independent assessments are also required for financial service providers (FSPs).

CIMA can impose administrative fines of up to KY$1 million for breaches of AML requirements. Bermuda updated its investment funds regime to allow additional oversight by the Bermuda Monetary Authority (BMA) and to bring closed-end investment funds and overseas funds within scope through the Investment Funds Amendment Act 2019, which took effect on January 1, 2020.

Greater collaboration between national agencies and the extraterritorial reach of some laws have had consequences for multinational companies that fail to comply. More than $320 billion in fines have been issued to the world’s largest banks for regulatory misconduct since 2008.

In Cayman, CIMA has increased its AML monitoring and enforcement activities in recent years. This has played out in the market in the form of more stringent on-site inspections and continuous improvements in regulations.

In Bermuda, the BMA issued three regulatory actions and imposed civil penalties in three cases from 2017 to 2019, totaling more than $2 million. Transgressions included the operation of a business in contravention of the licensee’s license and, in two cases, contravention of AML/combating the financing of terrorism (CFT) regulations. Other regulators across the region have increased their monitoring, as evidenced by numerous updates in AML laws and regulations.

Fortunately, companies can be proactive and work to establish that adequate processes, programmes and policies are in place to support AML. Organisations should review their AML programmes to verify that they meet and continue to meet the minimum AML/CFT requirements.

Assessment
An independent party AML specialist team can conduct an AML programme assessment that includes:

• Assessing compliance with AML/CFT laws and regulations;
• Testing the overall control/systems effectiveness;
• Evaluating AML/CFT policies and procedures;
• Conducting transaction-based testing focused on monitoring of products, services and systems;
• Determining the adequacy of training programmes and employee knowledge of AML/CFT laws; and
• Evaluating the adequacy of screening lists and the process for identifying and reporting suspicious activity.

These assessments should be performed regularly and are required annually in some jurisdictions. Companies should respond and adjust their programmes as required, based on the outcome of their assessments. Hiring experienced compliance professionals is increasingly important for multinationals that are subject to varying laws and regulations in highly regulated jurisdictions.

Technology has a central role to play in helping companies manage risks across the AML cycle. At initial onboarding, companies can automate manual investigation preparation, recommend alert dispositions and pre-populate investigation narratives.

However, after onboarding, companies have continuing obligations to monitor for unusual activity. New technology such as machine learning can be leveraged to monitor transactions to more accurately and efficiently identify suspicious activity. Throughout the process, quality assurance through automated validation checks, approvals and alerts can reduce risks.

Companies also can employ a managed service platform that provides people, processes and technology to simplify the AML process. These can cover the full process or individual parts such as the know your customer (KYC) process, AML monitoring and investigations, and ongoing screening.

By screening managed service solutions, firms can achieve better-controlled outcomes at a lower cost, while improving overall risk management. With both digital and mobile screening capabilities, front-office staff can focus on improving customer experience. Other technological and innovative solutions exist for reporting and data analytics, cost optimisation, process and workflow automation, screening, risk and control self-assessment, and data management.

Use the tech
Technology will not only help professionals in their day-to-day responsibilities, but also help them keep up with regulations and constantly evolving compliance requirements. Organisations that are experiencing large client growth can leverage data analytics to identify unusual behaviour and red flags for clients based on the client profile and transaction history.

This could then free up compliance staff to perform more decision-based intelligence gathering and alert disposition.

The risks posed by money laundering are not going away; in fact, they are changing form and constantly evolving to avoid detection. Companies must adopt leading practices and use currently available technology to mitigate those risks. The continuous improvement of technology and monitoring of clients are key imperatives.

Companies should consider—in their holistic enterprise risk management and risk and control self-assessment (RCSA) processes—how to reduce the risk of money laundering and leverage internal audit to understand how processes can be improved from a business and
IT perspective.

As money laundering risks evolve, so must a company’s system of internal controls and risk-based approach. The challenges are numerous, but the companies that prove most resilient will be the ones that adapt to change, move toward a more centralised process and approach, leverage external resources and obtain the right resources for their organisations.

The views reflected in this article are the views of the authors and do not necessarily reflect the views of the global EY organisation or its member firms.

LaNishka Farrington-McSweeney is an EY Assurance Partner, Regional* FinCrime & Anti-money Laundering Solutions Leader and a Certified Anti-Money Laundering Specialist (CAMS®). She can be contacted at: lanishka.mcsweeney@ky.ey.com

David McGibbon is an EY Advisory Partner* and a Certified Anti-Money Laundering Specialist (CAMS®). He can be contacted
at: david.mcgibbon@ky.ey.com

*EY Region of the Bahamas, Bermuda, British Virgin Islands and Cayman Islands