Daisuke Mamba, Director and Head of AML/CFT Policy Office, and Hiroshi Ozaki, Chief Financial Inspector of AML/CFT, discuss the FSA’s (Japan Financial Services Agency) approach to its AML/CFT inspections, its expectations on the adoption of technology, and the need for solid risk awareness and good quality data for the risk-based approach to work.
This interview was conducted for the “AML Tech Barometer 2023” report, published by NICE Actimize and Regulation Asia to explore AML and fraud trends based on survey and interview data collected from 289 practitioners in Asia Pacific.
What have been some key observations from suspicious transaction reports (STRs) submitted by Japanese FIs?
FSA: Japan’s STRs submitted by all obliged entities was more than 530,000 in 2021. It’s a vast number, and around 80% come from banks. We have also noticed an increase in STRs coming from Crypto-asset Exchange Service Providers (CESPs) each year since they became obliged entities in 2017. Also, money lending businesses and credit card issuers respectively submitted 6-7% of total STRs.
Another observation is that many STRs are also coming due to increased credit card transactions and cybercrimes. Credit card issuers submitted around 6% of total STRs. In 2021, the damage caused by fraudulent use of credit cards reached JPY 33 billion (USD 242 million) for the year, the largest full-year amount ever. The damage in the first half of 2022 reached over JPY 20 billion, the most ever.
One of the main reasons is the increasing popularity of e-commerce transactions following the COVID-19 pandemic. Cyber-enabled financial crime has increased precipitously in recent years, notably throughout the pandemic. Phishing is prevalent among bad actors, and credit card information is often the target.
What is the FSA’s approach to inspections of FIs? What are you looking for when conducting an inspection?
FSA: Since last year, FSA started targeted AML/CFT inspections with the Local Finance Bureaus, using a hybrid of on-site and off-site due to the COVID-19 pandemic. We are mainly conducting on-site inspections these days because the Government loosened movement restrictions. These targeted AML/CFT inspections are the focus from 2021 to 2023 because we’ve set a deadline that requires FIs to satisfy all the requirements of our AML/CFT guidelines by the end of March 2024.
In the inspections, we are checking on the progress achieved by FIs and to what extent they have filled in remaining gaps between the AML/CFT guidelines and their current practices. So, these are more ‘guidance-style’ inspections, which are intensive but also friendly and involving a lot of dialogue. We work closely with our Local Finance Bureaus on these targeted inspections at regional financial institutions, other midsize and smaller banks, money remittance businesses, and some CESPs.
The inspections ensure FIs take a risk-based approach in their AML/CFT controls and cover risk identification and assessment, transaction monitoring, and ongoing customer due diligence (CDD). We are also checking on internal control issues, AML/CFT programme governance, PDCA reviews, staffing, and documents against our AML/CFT Guidelines and FAQs. It’s very comprehensive.
What are your expectations when it comes to technology adoption for AML/CFT purposes?
FSA: Technology is the key to detecting suspicious transactions from flows of data and transactions. Just an eyeball check cannot make this happen. So the technology system is essential, but the investment is also required. Simply implementing a set of scenarios and rules with a solutions vendor doesn’t work and produces many false positives. Many FIs face high false-positive rates of over 90 percent from legacy transaction monitoring systems, not just in Japan but across the Asia Pacific. This false-positive issue is a common pain point with legacy transaction monitoring systems.
In 2020, the Japanese Bankers Association (JBA) conducted a proof of concept (POC) project hosted by the New Energy and Industrial Technology Development Organization (NEDO). JBA aims to develop shared AML systems, including transaction monitoring and screening, using machine learning technology to increase efficiency and effectiveness. Currently, JBA is undertaking a full-scale study for practical application and intends to start a shared AML system around the spring of 2024.
Also, FIs have to combine transaction monitoring and better ongoing CDD of the entire customer list. The freshness and accuracy of that data are vital to check for suspicious transaction patterns. Opening cases for investigation with good data also makes the body of STRs better.
So, ongoing CDD with accurate information and transaction monitoring are the two sides of the coin. So that’s why we’re asking FIs for ongoing CDD, to have better risk assessments of the client and more effective transaction monitoring.
How will the shared AML transaction monitoring system work for participating FIs?
FSA: There might be two options. One option is for a bank to submit the output of its legacy transaction monitoring system, which includes the transaction data, to the shared platform. The other option is for a bank to submit the transaction data in raw form. In either case, the shared platform will output a score based on the likelihood of the transaction requiring an STR submission with narrative explanations. These options are still under consideration, but the system takes care of detection and triage, and the bank will have to decide whether to submit the STR.
Altogether this will help streamline triage and judgment processes, reducing manual work. When many FIs use the shared platform, it ultimately helps improve transaction monitoring across the industry, and that’s what we aim for as a goal.
Given your participation in the work of the Financial Action Task Force (FATF), what key messages would you like to convey to the industry?
FSA: The FATF has been putting more weight on law enforcement and its role in asset forfeiture, seizure, and asset recovery. Strengthening asset recovery will be one of the highest priorities for the FATF in the coming two years under the Singapore Presidency, as well as countering illicit finance of cyber-enabled crime. STRs are a vital part of investigations, so we must seek more STRs and more information with better quality.
We’d also like to ask FIs to improve their risk awareness and understanding, whatever the risk. And the point is that FIs are in a dynamic world, not static, and the risk is constantly changing. There are always new typologies, as bad actors constantly change their techniques. But risk awareness is the key. With risk awareness, the risk-based approach can work properly.
Another key message is on data quality. Whatever methodology, technology, or system you use, garbage data produces garbage output. We need good-quality data, and only FIs can collect this data. As enforcement agencies, supervisors, and regulators, we must collect information from FIs; they are the ones facing their customers, so they are the entities that should know the risk and keep good information and data.
This interview was conducted for the “AML Tech Barometer 2023” report, published by NICE Actimize and Regulation Asia to explore AML and fraud trends based on survey and interview data collected from 289 practitioners in Asia Pacific. Download the report here.