A shift to digital-first AML auditing and more open communications will improve efficiency and effectiveness for regulators and regulated entities alike, writes Claus Christensen.
The Covid-19 pandemic forced us to rethink many things. Yet, as the global financial sector faced the threat the virus posed, it had to continue complying with anti-money-laundering (AML) and countering terrorist financing (CTF) regulations.
Across the world, we saw a rise in the uptake of regulatory technology (RegTech), with processes like AML, CTF, Know Your Customer (KYC), Know Your Business (KYB) and client onboarding becoming increasingly digitised. In addition, as the weeks of lockdown turned into months, companies began to better understand the benefits of digitisation on compliance teams’ operational efficiency and the overall customer experience.
Countless articles and case studies have focused on the impact of RegTech innovation on regulated organisations. However, the focus has mostly been on the operational benefits that digitisation can bring. Very few discuss how a digital approach to KYC and AML compliance can benefit both internal auditing and external supervisory reviews.
How Did We Meet ML/TF Risks During the Pandemic?
In January 2022, the Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism – MONEYVAL – published a report on “AML/CFT Supervision in Times of Crisis and Challenging External Factors”. The global trendsetter asked regulators from across the world to share the measures they took to overcome the numerous difficulties brought about by the Covid-19 pandemic. For example, what are supervisors’ options when government lockdowns make on-site visits impossible and when furlough schemes drastically limit human resources?
For many supervisors and reporting entities, the solution was to digitise more core functions than ever before. Increased investment in both software and hardware made it possible to access information on ML/TF risks, while supervisors could use multiple communication channels to share video clips, e-learning materials, webinars, and whatever else it took to boost awareness and secure compliance. Digitisation also enabled many to shift to remote supervision, often carrying out “virtual on-site inspections” with video conferencing tools.
But digitisation brings risks of its own. So to overcome the threat of cybercrime, supervisors implemented new protocols, which involved extensive and ongoing staff training in cybersecurity and data protection.
These measures enabled supervisors to ensure the private sector continued to remain AML/CTF compliant throughout some very trying times. The pandemic took many by surprise. But, as a result, our way of working has changed forever. So wouldn’t it be best for the global financial system if these “emergency measures” were developed further and embraced permanently? Could a more decisive digital shift streamline AML auditing further for both the regulated entities and their supervisors? Let’s take a closer look at what this would mean in practice.
A Bigger, Clearer Picture
More and more organisations are implementing digital compliance platforms – mostly cloud-based – to provide their teams with a secure, digital workspace to centralise and streamline all operations. But the benefits extend beyond the regulated institutions and their customers: When we digitise the KYC and AML process in this way, the nature of supervisory access can improve fundamentally at the same time. Supervisors can be provided with immediate and remote access to detailed, structured information about existing customers and compliance processes, offering a much more reliable picture of a financial institution’s actual compliance procedures.
Instead of testing a sample of customers, as it’s currently the case, a digital KYC and AML strategy would allow supervisors to review, almost in real-time, precisely how a financial institution performs their investigation, verification, and approval processes. Supervisors would see exactly how compliance teams implement their risk-based approach and carry out their ongoing monitoring.
And particularly when it comes to corporate customers, supervisors would be able to examine what sources are used to verify the corporate structure and identify the Ultimate Beneficial Owners across multiple jurisdictions.
The Covid-19 pandemic put many existing structures to the test. Some crumbled. Those that survived were those that were able to adapt quickly and effectively to new circumstances.
Greater adoption of digital compliance solutions would allow supervisors to “stress test” systems, verifying the flexibility of any existing processes to ensure they’ll be able to adapt to any new regulations or requirements as they emerge. In the past, when sizeable manual compliance teams were involved, the re-training of staff alone meant months-long delays in implementing changed regulations. Today, the best digital systems offer flexibility to adapt the rules almost instantaneously.
For a more recent example of when this benefit could prove invaluable, consider the current sanctions governments imposed against Russian individuals and companies following the country’s Ukrainian invasion. These sanctions came with AML and KYC implications. Financial institutions had to act fast to address any potential gaps in their existing processes to remain compliant.
Any institution that relied on time-consuming manual checks was at serious risk of non-compliance. But institutions that had digitised their processes could quickly audit their compliance procedures to identify any potential risks and act to remedy them before they posed any problems.
Faster and More Powerful Audits
Anyone who has gone through the experience will be able to confirm it: manual audits are immensely time-consuming, and for all their thoroughness, the possibility of human error never goes away.
But audits powered by RegTech are different. Throughout the Covid-19 pandemic, supervisors and private companies started conducting their audits remotely. And many no doubt wondered why they’d never thought to do this before.
With a remote audit, supervisors can directly access a financial institution’s cloud-based internal compliance system for a set number of days or, if necessary, on an ongoing basis. In this way, auditors can access more detailed data from a much larger sample of clients than what might have been possible with an in-person audit.
But RegTech doesn’t just allow greater access to data. It also allows for much faster processing. Supervisors who use RegTech to aggregate KYC and AML data may gain additional insights into potential jurisdictional exposure at financial institutions, analysing data at a level of granularity that would have been practically impossible with a manual process.
And during audits, if a company cannot provide the required reports or the necessary details, this alone might raise a red flag. It would suggest that the company doesn’t have the processes in place to keep track of what’s going on in their compliance department – a detail that may have been overlooked during a more “traditional” audit.
Learning Lessons From Past Crises
The 2007 financial crisis became known as the “credit crunch”. To recover, we saw extensive new regulations introduced surrounding credit risk. For example, when it comes to risk management and credit checks, financial regulators now demand more detailed data than they used to.
Financial institutions can no longer simply provide aggregated data – such as the total amounts on loans to clients. Instead, they must specify precisely how many loans they’ve given – to whom, for which amounts, and under which risk classifications.
By fully-embracing RegTech, regulators can achieve a similar level of granularity. They can request that financial institutions provide more detailed data about the precise number of low, medium, and high-risk customers they have onboarded. This information can then be used to rate the financial institution’s AML risk exposure on a more granular level.
The Future is Digital – But Only If We Make It Happen
Open communication was a key to the sector’s operational continuity throughout the Covid-19 pandemic. The MONEYVAL report concluded by arguing that simplifying existing regulations to allow for easier data exchange across borders will make it much easier for supervisors to work together in overcoming any future crises we face.
And that’s also how we can go from “in theory” to “in practice” with the picture of the future of AML auditing we just painted.
To make it happen, industry participants from around the world must talk to each other to devise a new supervisory model that works better for everyone. This discussion would help supervisors understand what systems are already in place at financial institutions that could deliver a faster pivot to full digitisation. At the same time, financial institutions will be able to provide insights into the practical implications we should expect from shifting to digital-first auditing.
Finally, through open communication, RegTech providers can better understand what supervisors need and implement appropriate features in their product development.
It is new technology that is enabling supervisors and financial institutions to deliver this model. Technology helped the financial sector get through the Covid-19 pandemic, demonstrating the power of collaboration and the potential of automation and secure cloud-based systems.
Future audits will be more efficient for everyone. But more importantly, they’re going to be more effective. We’re moving away from a world where auditing is a box-ticking exercise rife with operational inefficiencies and oversights. Instead, we’re moving to a world in which we work together to focus on delivering real, meaningful change for the financial system as a whole.
Claus Christensen is CEO & Co-Founder of Know Your Customer Limited.