AML Predictions – Looking forward to 2022
January 20th, 2022
As we start off another year, let’s revisit my 2021 AML predictions to see how they held up, and explore what 2022 may hold.
AML Predictions – Looking forward to 2022
2021 was continuously overshadowed by the pandemic and the challenges and threats it presented. When we entered 2021, I made six predictions about what would happen over the year. Four out of my six predictions have come to fruition or at least had significant movement.
Faster Adoption of Advanced Technology
Over 2021, I saw substantial increases in organisations around the globe either implementing or proactively purchasing advanced technologies. Effectiveness drove this technology push, with the need for organisations to identify suspicious activity faster and more accurately, especially in a digitally-accelerated world where most interactions and payments are digital. The regulated sector were not the only ones demanding innovative technologies – organisations, such as FATF, also actively encouraged the adoption of advanced technology, with FATF releasing a technology report on July 20.
Convergence of Compliance Functions
Faster technology adoption resulted in significant progress towards converging compliance verticals, notably in the convergence of fraud and AML monitoring, detection and investigation. There was a notable increase in financial services organisations exploring the benefits of centralising compliance functions to drive greater efficacy. I know several organisations that converged elements across either fraud and AML or capital markets and AML. The rationale for this was to help better manage risk in a cost-effective way by eliminating duplicate efforts. The convergence of compliance functions did not stop in 2021 and will continue for years to come.
The Move From Quantity to Quality
The shift from quantity to quality has been a driver across financial crime compliance operations. In 2021, FATF stated that organisations need to focus on quality and be more effective. Most of the conversations I have had throughout the year touched on quality and better risk management as topics. Organisations cannot afford to continue throwing resources at problems and instead should be more tactical, focusing on what matters. Furthermore, some Financial Intelligence Units (FIUs), including the UK FIU, also encouraged the reformation of SAR programs to emphasise quality over quantity in submitted SARs. Similarly, Austrac released guidance on good and bad SARs (referred to as Suspicious Matter Reports in Australia) in a bid to increase SAR quality. In September 2021, the UK FIU also released guidance on submitting better quality SARs.
2021 was the perfect storm for cryptocurrency compliance with skyrocketing values, greater acceptance by mainstream financial institutions, and progress, albeit slow, in regulations and controls around crypto. Of note, the Anti-Money Laundering Act of 2020 brought virtual currency transactions into the scope of AML regulation. There was also an extensive focus on AML technologies that can support organisations in managing the risk of crypto exposure as well as monitoring crypto transactions.
Now for 2022, what can we expect for AML compliance in the new year?
2022 AML Compliance Predictions
Prediction 1: A shifting paradigm from event-driven to entity-centric detection
For too long, compliance teams have been thinking about how we detect and investigate suspicious activity. Operations teams often focus on alerted events and not the entity responsible for causing the alerted event. On the other hand, law enforcement investigators focus on the individuals they investigate. Ultimately, it is the individual who will be prosecuted, have their assets seized, and/or go to prison. So why does the regulated sector focus so much on individual events to identify suspicion?
There is already change in the air, but I believe that in 2022 we will see a seismic shift in the regulated sector’s focus from events to entities. This shift will not be easy due to legacy processes and systems and the need to ensure continued compliance, which has focused on events and suspicious event SAR filings in the past. However, with advances in technology and the desire of many compliance professionals to do the right thing, this move will gain traction this year.
Shifting to entity-centric AML allows the industry to assess and monitor entities contextually. If we can assess and monitor the entity contextually, it will result in better detection, investigations and outcomes. Contextual understanding all comes down to having the right data and intelligence:
- What is the entity’s credit score?
- Who are they related to, and with whom do they interact?
- What are their demographics?
- What is their social media presence and activity?
- Where do they live and travel?
- What do they do for work?
- What are their spending habits?
- How do they interact with the financial institution, and what are their behavioural traits?
These answers come from the data at our fingertips that is available for analysis not just by humans but also by machines. By contextually understanding this information, we can form a rich picture of our customers, allowing us to better understand when a change is suspicious or not, taking into account more than just transactional activity.
Some might say that aiming for contextual understanding is too intrusive. Still, I believe this change will come and, having a better understanding of our customers will benefit our customers. The good customers will have a better banking experience with less friction, and the criminals will likely be intercepted earlier, preventing significant harm to the financial institution and society.
Prediction 2: Increased scrutiny of corporate entities
You may be thinking that corporate entities are already scrutinised, and this is nothing new. I do not disagree; however, there is so much more that organisations can and should do to increase monitoring of corporate entities to understand and identify financial crime risks.
Transparency of corporate registers is a huge issue. Even after the EU introduced the 5th Money Laundering Directive, which should have been transposed into each jurisdiction in January 2020, a number of EU countries have not yet fully implemented the requirement to introduce public beneficial ownership registers of legal entities. At the end of 2021,
- Four EU member states still have private corporate ownership registers (Finland, Romania, Greece and Spain)
- A number of EU member states still charge a fee to access all or some of the corporate information
- Three countries still have no accessible register (Lithuania, Hungry and Italy)
In the U.S., the AML Act 2020 introduces a uniformed federal beneficial ownership reporting requirement for corporations, limited liability companies and other similar entities. Albeit slow, the transparency of corporate registers is moving in the right direction.
The management of corporate entities from a compliance perspective for the regulated sector is enormous. KYC, CDD and ongoing monitoring all take time, especially for those organisations whose corporate structures are complex and opaque. Incorrectly assessing a corporation’s risk can result in significant failings or compliance breaches from incorrectly managing and mitigating exposure to risk.
Unlike retail accounts, corporate accounts have the potential to move vast amounts of illicit wealth under the guise of being a legitimate national or international business. In 2022, there will be greater emphasis on understanding corporate entities and their risk, including ensuring the data available about them is accurate, their risks are accurately monitored, and risk assessments are conducted continuously, not just periodically. This greater emphasis can only be possible with technology that provides the ability to monitor real time changes in internal and external data (including corporate structures, addresses, and contact information), adverse media, transactional activity and other information impacting risk.
Prediction 3: Properly addressing the risk of Designated Non-Financial Businesses and Professions (DNFBPs)
Designated Non-Financial Businesses and Professions (DNFBPs), such as art dealers, estate agents, notaries, lawyers, company service providers, accountants and casinos, are businesses considered to pose a money laundering risk but not classified as a financial institution. These businesses pose a risk because they are gatekeepers to the financial sector. Through DNFBPs, individuals and corporations can place vast sums of money and assets into the financial system. As a result, there should be global regulatory consistency in how DNFBPs must ensure the funds and assets originating from their customers are legitimate and obtain a clear understanding of the source of funds and source of wealth.
A large number of countries have introduced regulations to regulate DNFBPs, such as the Money Laundering Regulations in the UK. However, in countries with DNFBP-related requirements, each industry is often supervised by its own regulatory body, such as the Solicitors Regulation Authority or the Chartered Institute of Management Accountants. This fragmented supervision creates risk through the inconsistent application, enforcement and oversight of these regulations. Some countries, such as Australia, have not yet regulated DNFBPs. How can we ensure regulatory compliance and fight money laundering in this sector if different bodies regulate different businesses, or if they are even required to report suspicious activity in the first place?
In countries where DNFBPs are regulated, the effectiveness of the regulations has to be questioned. Under UK legislation, the authorities can obtain an Unexplained Wealth Order to seize a subject’s assets if a subject is unable to explain how they obtained the funds to purchase their real estate. In 2020, authorities used this law to obtain an unexplained wealth order against Mansoor Mahmood Hussain and seized his GBP 10 million property empire. This then raises the question – why did it take an unexplained wealth order to seize property purchased using criminal funds? Under UK money laundering regulations, estate agents, lawyers and accountants are all regulated entities. All of these professions would have been involved in purchasing his properties. Did they file SARs? Did they raise their suspicions? Did they conduct due diligence on Mansoor Mahmood Hussain and the source of his funds and wealth, or did they turn a blind eye? Similarly, only a few years ago, the Panama Papers leak uncovered that a seemingly reputable law firm, Mossack Fonseca, was in fact a criminal organisation that is dedicated to hiding money assets from suspicious origins.
In September 2021, the Basel Institute on Governance released a report on money laundering risks with DNFBPs. The Basel AML Index highlighted that DNFBPs are significantly less protected against money laundering risks than financial institutions. They also highlighted that DNFBPs do less to contribute to AML efforts and should be considered a serious AML vulnerability in most jurisdictions. The FATF 40 also explicitly calls out DNFBPs with recommendation 28 stating that DNFBPs should be regulated. Additionally, the EU commission’s AML action plan recommends not only a dedicated EU AML supervisor but also increased supervision of the non-financial sector. I have a feeling 2022 will be the year that DNFBPs face greater scrutiny and are forced to enhance their controls to be more effective at assessing risk and detecting suspicious activity.
Prediction 4: The move to proactive AML instead of reactive AML
What good is it when we investigate activity after it has happened, especially when the activity potentially occurred months before we investigated and reported it? Yes, we are still complying with regulations by investigating and reporting the activity. Still, reporting the activity a month or two after it occurred makes it harder for law enforcement to follow the money. Furthermore, when it comes to KYC, the current approach of reviewing customer risk once a year or once every few years during a periodic review is outdated and exposes organisations to unnecessary risk. Potentially waiting years to discover that the customer is now considered high risk does not seem to be an effective way to take a risk-based approach.
Increasing regulation, advances in technology, continued regulatory scrutiny and fines, and a desire by industry professionals to turn the tide in fighting financial crime create the perfect environment for a shift towards a more proactive approach to compliance. This shift goes hand-in-hand with prediction number one because we have to adopt a proactive AML approach to take an entity-centric approach to AML.
In 2022, we will see a greater shift towards proactive AML. Organisations will increasingly implement technology that provides real-time or near real-time data assessment to ensure screening and detection of suspicious activity is always optimised and in line with the up-to-date risk posed by the monitored entities. This shift also includes a move to continuous KYC. Continually monitoring for changes in data that will impact changes in entity risk will ensure that organisations have a full understanding of entity risk and can implement measures so the risk is always fully managed.
Proactive AML will ensure organisations always have an accurate understanding of their entities and the organisation’s exposure to risk. This information can inform monitoring and detection systems to ensure that entities are always appropriately segmented, monitored for the right risks, and that detection identifies only true suspicion or material changes in risk. This approach will make compliance teams more efficient, AML operations more cost-effective, and law enforcement more informed with the right information about real criminals. It will also help reduce friction for innocent customers, who will no longer be asked unnecessary questions or potentially have transactions blocked due to false positives, thus increasing revenue potential for organisations.
Prediction 5: Greater innovation
Technology has advanced at a phenomenal scale in the financial crime space. For years we have been talking about artificial intelligence and machine learning, but we are now finally seeing tangible results from this technology and seeing it make a difference in the fight against financial crime.
Using advanced technology in the fight against financial crime has been actively encouraged, as there are clear benefits. A number of global regulators, including those in the U.S., UK and Estonia, encourage using technology in AML. The last few years have seen the UK FCA lead the way with their technology sprints where groups compete to show off advances in new technology and the benefits this can present in identifying suspicious behaviour. Several consortium projects are also ongoing or planned where regulators and private and public sectors have joined forces to share information or join up monitoring. Technology is a key enabler to these projects. The Nordic KYC project and Transaction Monitoring Netherlands (TMNL) are two such examples. The Monetary Authority of Singapore is running a project to establish a shared digital platform where financial institutions can share relevant information on customers and transactions to prevent money laundering. This project is called COSMIC. Finally, in July 2021, FATF released a whitepaper on the opportunities of technology, saying that technology can help organisations achieve more effective implementation of FATF standards.
The application of AI and machine learning will continue to be used in new and intuitive ways. Three uses of advanced technology to watch in 2022 will be identity resolution, network analytics and truly intelligent anomaly detection. If applied correctly, these technologies could be game-changing when it comes to spotting truly suspicious activity. These three solutions combined with advances in core solutions such as CDD, screening and transaction monitoring will make compliance solutions a powerful defence against criminals. The ability to consolidate internal and external data, clean and consolidate duplicate entity records, find hidden networks and connections, analyse these networks in context to other available information on the entities and spot suspicious outliers in patterns are very powerful capabilities. Not only are technologies capable of doing this, but also, when done automatically, they have the potential to make the criminals sit up and take notice.
If we look back over the last several years, criminal money laundering typologies have barely changed. Trade-based money laundering, laundering through capital markets, cash laundering and transaction laundering, and the use of shell companies and mules are familiar typologies. Has there been a significant change in this activity? No. Why not? Because of the old adage, if it ain’t broke, don’t fix it. Simply, the private and public sectors have not been good at identifying and stopping this behaviour; thus, it continues to this day.
Now I am not saying that the new technologies I have detailed will stop all financial crime on their own, nor am I saying that technology is our saviour. Instead, the advances in analytical technology will create a moving target, making it harder for criminals to hit. It will increase the accuracy of suspicious activity detection and help ensure that skilled AML investigators are presented with all the right information to make an informed decision. Furthermore, it will ensure the right information is passed to law enforcement to help them investigate, apprehend, prosecute, and seize illicit wealth from the criminals. Ultimately, that is why we are all in this industry.
With a fresh start, we have another 12 months to make a difference – to identify and report criminal behaviour, take one more criminal off the streets and take away their assets, protecting one more victim. Working together, we can take the fight to the criminals. If my predictions for 2022 are correct, then by the end of this year, our fight will be a little easier as we move into 2023 and beyond.
Read more about NICE Actimize’s AML solution here.