The Need for a Cross-Sector & Cross-Jurisdictional AML Regime

It’s time to have a conversation about implementing real AML information sharing across organisations, sectors and jurisdictions, writes Claus Christensen at Know Your Customer Ltd.

“Effective information-sharing is one of the cornerstones of a well-functioning AML/CFT framework.” This is the incipit of the FATF (Financial Action Task Force) Guidance on “Private Sector Information Sharing”. A year and a half after the release of the international guidelines, the principle that underpins them rings true more than ever before.

A useful image to visualise the concept of “information sharing” is one of a horizontal flow extending across multiple silos. In this form, it can be applied to both essential types of information sharing: across different organisations and sectors; and across different countries and jurisdictions.

Information sharing across organisations at a domestic level is the one that now appears to be slightly more within reach. Although different markets are at different stages of cooperation, banks are becoming increasingly aware of the potential benefits of better information sharing, not only as required by regulators and watchdogs in their fight against money laundering, but also among firms and businesses operating in the same space.

One of the reasons for such a – however slow – change in approach might have to do with the strength of the penalties that have hit banks since the Global Financial Crisis. In the ten years from 2008 to 2018, it is estimated that USD 27 billion in fines were levied against financial institutions for AML/KYC and sanctions violations. Had a better system of information sharing been in place, it could have possibly mitigated the impact and extent of such fines.

As Tom Keatinge, Director of the Centre for Financial Crime and Security Studies at RUSI (the Royal United Services Institute), wrote in the Financial Times last September, “partnerships such as the UK’s JMLIT (Joint Money Laundering Intelligence Taskforce) or Australia’s FinTel Alliance have brought together banks and watchdogs to pool data and create a more complete picture of the way criminals are exploiting the financial system”.

In Asia, similar initiatives include the FMLIT (Fraud and Money Laundering Intelligence Taskforce) in Hong Kong, first launched by the Hong Kong Police Force and the HKMA (Hong Kong Monetary Authority) as a 12-month pilot project and then extended for an additional six months. As stated on the FMLIT’s website, “a central pillar of FMLIT is the Alerts Function which disseminates typologies and sanitised intelligence (Alerts) to the wider banking sector”.

In Singapore, a similar initiative is represented by the ACIP (AML/CFT Industry Partnership), a private public partnership established in April 2017 which brings together the financial sector, regulators, law enforcement agencies and other government entities “to collaboratively identify, assess and mitigate key and emerging money laundering and terrorism financing risks facing Singapore”.

But the potential extent of effective information sharing is even broader. As AML/CFT regulations are applied to a growing number of sectors and industries – including insurance, accountancies, law firms, real estate, auctioneers, just to name a few – more and more companies are required to run extensive AML and KYC checks on their existing and prospective customers. Were the sharing of customer information to be extended to include organisations in different – although connected – verticals, the efficacy of AML efforts would improve further.

If the benefits of sharing information across organisations and sectors are clear, so too are the benefits of adopting a similar approach to the sharing of information across jurisdictions. This can only be achieved if and when regulatory regimes are somehow aligned, or at least compatible enough to ensure that the flow of information from one country to another is underpinned by the same principles.

From this point of view, jurisdictions across the European Union and APAC – with Singapore, Hong Kong and Australia at the forefront – are the most likely to foster closer cooperation, thanks to the similarities in their regulatory regimes, especially regarding UBO (Ultimate Beneficial Ownership) information and KYC requirements.

However, in the long run, the goal should be even more ambitious. The fight against money laundering and terrorism financing is without a doubt a challenge on a global scale, and as such it requires a global response. An important step in this direction is represented by the recently announced cross-border testing pilot under the GFIN (Global Financial Innovation Network). Eight RegTech and FinTech organisations were selected for a sandbox programme aimed at ensuring cross-jurisdictional compliance for their products.

The GFIN was launched in 2018 and now counts 35 organisations among its members, including HKMA, SFC (Hong Kong’s Securities and Futures Commission), MAS (Monetary Authority of Singapore) and ASIC (Australian Securities and Investments Commission). It represents one of the most interesting initiatives aimed at fostering collaboration and harmonisation among regulators in different parts of the world.

The initiative has the declared objective of building a network where innovative technology providers can effectively interact with regulators from different parts of the world and scale their business across jurisdictions. The first step in this process was the introduction of a “Global Sandbox”, a cross-border testing pilot that opened applications in February 2019. At the same time, the GFIN aims to create “a new framework for co-operation between financial services regulators on innovation related topics”, encouraging them to share their different experiences and approaches.

Admittedly, there are still some very basic hurdles to overcome for effective cooperation between jurisdictions. One example is that societies across the globe don’t feel the same about information regarding ownership of corporations. In Europe and APAC, societies now generally treat corporate ownership information as public, while in the US and Japan, for example, they are thought of as private. These societal attitudes toward information have consequences in both regulations and the availability of information for compliance purposes.

From a practical point of view, one of the key changes that is needed to achieve better information sharing across organisations, sectors and jurisdictions is the introduction of a shared KYC utility for client identification. Among other things, this would help streamline and improve the client onboarding experience, strengthening the accuracy of KYC & AML checks for all parties involved.

There is no doubt that implementing a KYC utility infrastructure across organisations and jurisdictions would represent a monumental change in the way compliance teams operate and customers provide information to financial institutions. It is not something that can happen overnight, and the magnitude of its potential impact on our societies should be considered and analysed in all its aspects.

> ALSO READ: Lessons from Singapore’s KYC Utility Project (22 Nov 2018)

More specifically, such a change would certainly help organisations protect themselves from the risk of money laundering and terrorism financing. However, without having proper controls in place, there would be a risk of its mechanisms being misused, resulting in financial exclusion practices.

This is a danger that even the FATF Guidance flags, in that an “overreliance on a system of sharing of suspicious information or a common platform could potentially lead to moral hazard”, in which proper due diligence is pre-emptively avoided and customers are prevented from accessing the entire financial system.

In conclusion, to propel the fight against dirty money, it might be time for us to have an honest and in-depth conversation about the opportunities, risks and complexities of implementing a real AML information sharing system across organisations, sectors and jurisdictions.

This would represent a radical change in the infrastructure and social fibre of our societies, and as such it should be pondered by regulators, public companies, private organisations, and end users alike to ensure that it is executed in the most effective and fairest way.

Claus Christensen is CEO at Know Your Customer Ltd.

To Top