Nathan Newman says regulated entities are uplifting their AML capabilities but could do more to apply appropriate assurance to their upgrades.
Nathan Newman, National Manager of Regulatory Operations at AUSTRAC, sat down with Regulation Asia to discuss financial crime risks and priorities, focusing on industry efforts to uplift Australia’s AML capabilities through technology transformation and the need to advance industry collaboration.
The below interview was published as part of a research report exploring how FIs are leveraging technology to enhance financial crime risk management. The full report is available for download here.
Regulation Asia: How have you seen the financial crime landscape change over the past 12 to 18 months? What key lessons can you highlight from these changes?
Newman: The pandemic created opportunities for criminals to move into new ways of doing their business. One key example of that, which we saw in Australia and globally, was the exploitation of government stimulus programmes.
We worked with the industry very rapidly to identify this and other trends in criminal activity that were emerging during the pandemic. Through our public private partnership – Fintel Alliance – we drew from the industry and our own data and intelligence to share typologies, which reporting entities were then able to apply to their transaction monitoring and customer risk assessments.
This highlighted the importance of industry, the FIU and the regulator continuing to work collaboratively to identify trends and share knowledge, to ensure reporting entities can put controls and risk mitigation measures in place.
Regulation Asia: Have you noticed an increase in suspicious matter reports (SMRs)?
Newman: In the latest financial year 2020-2021, we received 309,772 SMRs – a 380 percent increase over the past four years. That said, we have systems to help us triage and automate analysis of the information coming in, so we are less concerned about the volume and more about the quality of information. We try to make sure reporting entities are submitting high-quality SMRs to us.
In the past 12 months, we have provided updated guidance to entities on what a good SMR looks like. SMRs should contain detail about the suspicious activity or the nature of specific activity networks and whether there are connections to individuals. Other data such as telephone numbers and IP addresses are also very helpful.
These are all bits of the puzzle that we can use to connect intelligence and find patterns. The richer the information in an SMR is, the better it is for us to interrogate that information.
Regulation Asia: What have been the key trends you have noticed in SMRs in the last 12-18 months? What are your expectations moving forward?
Newman: Tax evasion is always a common trend. But given the increasing reliance on online and digital technology, we have also seen an uptick in scams, frauds, cyber-related crime, and the use of digital currencies to facilitate criminal activity.
The pandemic forced businesses to shift their operating models online, so looking ahead we may see a continuation of that not only within industries, but also in the criminal sector. In addition, as global economies and borders reopen, we are likely to see criminals again readjust to that operating environment, and we may see more movements of illicit goods or cash like we’ve seen in the past.
From an AUSTRAC lens, when new trends emerge, reporting suspicious matters to relevant authorities becomes especially important so that we, along with our law enforcement partners, can get on top of those trends early and head them off quickly.
Regulation Asia: What are the key priorities for reporting entities in Australia when it comes to financial crime risk mitigation?
Newman: Based on the lessons from our enforcement actions and compliance work in the last few years, I would say customer risk is an important theme. This includes customer source of funds, whether they are PEPs, and so on. If you understand the customer risks, you can then mitigate and manage any flow-on risks, so this should be your first point of call.
Capacity is another area. Having capacity and the resources to be able to deliver on your AML obligations is important. You can’t uplift on an oily rag so you have to make sure that you’re investing. And we have seen a lot of uplift and transformation in the AML space – both domestically and globally.
We also emphasise governance, i.e. making sure controls are in place, and there is adequate senior management and board oversight and involvement. Businesses need to understand the importance of AML, why it is necessary, have accountability, and make sure roles, responsibilities, and decision-making are properly understood.
The other area we highlight is assurance, which links together all this work and investment that’s taking place to uplift AML capabilities in Australia. We’ve seen situations where businesses have broken things or introduced coding errors as part of their uplift efforts, which they then have to remediate. We’ve then tested that remediation, and discovered in some cases that the issue hasn’t been resolved. This is usually because appropriate assurance hasn’t been applied.
Regulation Asia: When it comes to technology, what should be the key priorities for reporting entities? What are your expectations on the use of technology?
Newman: We’ve learned from some of our enforcement actions that AML investment in Australia was under done for a number of years. So part of the expenditure in uplift now is to catch up rather than to go above and beyond.
While some entities are investing in key uplifts in certain areas such as KYC systems, we’re seeing a greater focus on more holistic transformation programmes. Some complex banks for example have programmes underway for changing their entire technology stacks. Meanwhile, smaller entities are also relying more on third-party vendors to provide transaction monitoring and other capabilities.
A common theme among reporting entities is data lineage, which starts from an understanding of the data being collected at onboarding and how this information feeds into customer risk assessments and other AML functions such as transaction monitoring. We see entities trying to improve their data, particularly to enhance their understanding of customer risk.
Without being prescriptive on the use of technology, we expect that it must be fit for purpose. Businesses have to understand how a piece of technology will address their AML risks and interact with their control environment. They should also know they can adjust and tailor the technology solution as the risk environment evolves.
Regulation Asia: What are the key areas of focus to uplift AUSTRAC’s own technology capabilities?
Newman: Our ‘REST’ programme – or Reporting Entity System Transformation programme – is a big body of work to replace our existing reporting system, AUSTRAC Online, with a more modern and user-friendly technology environment for our reporting entities.
The new system design and user experience will make it easier for entities to report suspicious matters to us. We plan to provide APIs that businesses can use to integrate the reporting process within their systems, including to leverage the data contained in ISO 20022 payment messages. Guidance and support will also be available from within the platform so that entities can quickly access and draw on these resources.
We are over a year into this body of work so there’s still a ways to go, but this is the number one technology priority at AUSTRAC. Besides this, we are also continuing work to improve our data and intelligence tools, so we can continue to interrogate the important data that the industry provides us, translate it, and then share it back to the industry in the form of typologies.
This interview was published as part of a research report exploring how FIs are leveraging technology to enhance financial crime risk management. The full report is available for download here.
Special thanks to Nathan Newman for participating in the research. The interview was conducted by Regulation Asia co-founder Bradley Maclean.