Financial Crime Compliance:
Where does the UK go next?
You can’t fight what you can’t see
Money laundering and fraud are dynamic. Criminals are constantly seeking new ways to launder the proceeds of crime by exploiting inherent weaknesses in the system.
Compliance teams are fighting this threat every day, using a combination of data, technology and human experience to detect and prevent financial crime. The recently published True Cost of Compliance, 2023 report calculated the cost of compliance activities to UK financial services firms at an eye-watering £34.2bn1, yet anecdotally, the value for money being realised from these activities is negligible.
So, how can UK PLC be more effective at preventing financial crime? Part of the challenge is ensuring that they’re focussing on the right activities, which means properly understanding the emerging threat. We invited five leading practitioners, to give us their views on the risks to watch out for across the changing financial services landscape in the months to come.
Here’s what they said...
Is more regulation on the horizon?
Implementing the new Consumer Duty Regulations comes out as a top priority across all sectors at this time – although each sector we spoke to highlighted regulatory pressures unique to their sectors.
Meeting widening regulatory requirements is a constant pressure on all financial services organisations and all sectors, driving increasing cost and investment in both compliance people and technology. How do our industry experts see the regulatory landscape unfolding?
Brian Swainston, Head of Financial Crime and deputy MLRO at Fidelity International, sees the new Economic Crime and Corporate Transparency Bill as a promising mechanism to help stem the fraudulent use of new company registrations by criminals. He anticipates that the increased regulatory spotlight on firms to ensure their AML controls are robust and fit for purpose will lead to a good deal more emphasis on firms fully implementing the existing regulations – which, he says, “will be a step forwards.”
The biggest impact facing wealth and asset managers he sees coming, however is the new HMRC Trust Registration Service, which will require firms to carry out discrepancy checks. Whilst broadly welcomed, he explains that the change may yet prove to be a learning curve for non-professional trustees and lead to higher volumes of remediation work for the foreseeable future.
Christine Drabble, Chief of Risk, Underwriting and MLRO at Straal, believes that firms will need a strong focus on keeping up with regulatory expectations as more demands are put on them, noting the upcoming Consumer Duty regulations and Operational Resilience targets, as set out in the FCA rules and EU’s Digital Operational Resilience Act (DORA), on top of pressure to conform to existing regulations.
As the digital transformation and customer experience keeps on evolving, regulated firms will have to drive compliance to the forefront of the business to ensure they can keep up with regulatory requirements and maintain market competition, especially with products and services. Christine sees digital transformation of compliance obligations and onboarding as a critical success factor in the coming months that will allow those providers that are adopters to thrive, despite the continued challenging operating environment.
Tushar Chahal, Global Head of Financial Crimes Technology at Standard Chartered, looks at regulation with the much wider lens of a global bank. He acknowledges the trend to achieve harmonisation of AML across the EU as a positive move, but notes that global operators such as his company ‘face similar challenges across other parts of the world, including India and China, where data storage and access are highly restricted.’ Tushar also expects there be to be a much greater focus on crypto currency regulation in the year ahead.
What about regulation of the crypto sector?
In an industry where tech innovation can take priority over financial crime compliance, it’s no surprise that so few Crypto asset firms have yet to willingly embrace AML compliance. Combined with the FCA’s tougher stance, it’s no wonder that by January 2023 only 15% of applicants have been granted a license (41 out of 300 applications). Yet leading voices in the sector recognise that compliance with AML regulations is vital, particularly with the increasing prevalence of consumer duty.
Mark Taylor, Head of Financial Crime at crypto exchange CEX.IO is certain regulatory focus will increase; “there is no doubt that regulatory attention on the crypto sector is on a steep incline, with regulators globally applying this scrutiny more aggressively than ever, attempting to manage the fallout from the recent activity of some of the bad actors in the space and also to implement their new regulatory regimes.”
As more in the crypto industry reluctantly get on the compliance bandwagon, Mark thinks realisation of its importance will grow; “although this no doubt brings a greater workload, as an industry we have to understand, this is necessary,” He says. He speaks for the industry in recognising that the protection of consumers and the global fight against financial crimes, including money laundering, organised crime and terrorism is vital for the crypto-asset sector. Why? “It’s vital if crypto providers in the future wish to be accepted without concern by payment partners, banks, regulators and perhaps most important of all, the consumer.” Few would disagree with Mark’s impassioned plea for the crypto-asset sector to welcome AML regulation.
We may be a long way from uniformity of approach in financial crime regulation, yet it’s clear more regulation is on the way across all sectors, threatening an ever-increasing burden on compliance teams. Dealing with this will require smarter solutions, including new technology, better data management and retraining compliance teams to effectively and efficiently implement regulation.
Will technology deliver the goods?
As firms grapple with efficiency and effectiveness, more turn to technology to automate onboarding and customer due diligence. Brian Swainston sees this trend even in the traditionally highly manual Wealth and Asset Management sector. Although, in his experience, he says, tech providers need to do more to help the industry better understand how the technology works and provide data to aid selection, design and configuration, to ensure it “aligns with the business (objectives) and risk appetite.”
Digital transformation programmes, he also notes, often require expertise that is not available in-house, requiring firms to engage with third party vendors to deliver the best solutions.
Tushar Chahal is a technology in banking leader and recognises the need for greater convergence between anti-fraud, anti-money laundering and cybercrime technology solutions. The common theme across these, he suggests, must be data integration, to ensure anti-financial crime systems deliver the most efficient detection rates. Centralised entity resolution within large financial institutions and perpetual KYC, he goes on to explain, are also vital to manage evolving threats in real time, but recognises that “it will take considerable time to realise the benefits.”
As a regulator, Graham McKenzie, Head of AML at the Law Society Scotland, sees technology as a priority in the legal sector, but says; “firms must be fully aware of what technology can deliver, as well as understand its limitations.” Recognising that technology and data go hand in hand, he also adds; “firms must fully understand the scope, extent and refresh rates of data sources used for things like PEPs, Sanctions and adverse media screening.” His advice to firms is to document a ‘clear understanding of both the technology and data sources uses’ so that it can be explained to a regulator.
The final word on technology goes to Brian Swainston, who thinks that whilst deploying technology in AML operations will increase, firms need to equally invest in re-training their compliance teams to ensure the entire new eco-system works effectively and is fit for purpose.
What emerges here is a sense that, as regulated firms are turning to technology, they are doing so cautiously and thoughtfully. Technology is important, but so too is the role of the trained analyst. Tech providers need to do much more when selling their solutions and become true partners with financial institutions in this evolution.
Are emerging criminal threats linked to macro-economic events?
Both Christine and Graham are convinced of the link between criminal threat and the current state of the economy and say they see it clearly in their respective sectors. In online payments, Christine is concerned about identity fraud affecting the many sectors who use online payment systems. She notes in particular the ‘problem of transfers of ownership in the property market.’ Graham supports this view, highlighting the threat of ‘Chinese money laundering to the UK’ and noting the pressure on conveyancers in the legal sector to spot the threat.
Both experts note the risk of potential new fraud attacks arising from the impact of the cost-of-living crisis and economic downturn. Graham expects a rise in ‘underground markets for essential goods, acquisitive crime and loan sharks.’ He warns that firms must be extra vigilant in their due diligence processes, particularly from legal services that are outside of their normal scope of experience. “Firms with significant property businesses may be particularly at risk and may be more susceptible or exposed to criminal activity,” he says.
Christine warns of the dangers of cutting compliance budgets in the current climate, which could expose their customers to greater fraud risk. “We need to step up our efforts as the scammers and fraudsters use ever more sophisticated techniques and we should implement solutions that are able to adapt and keep up with the trending fraud risks. Most of all, ensure that compliance staff have continuous training to understand any new risks so they can implement solutions.” she says.
Tushar sums it up, saying “digitalisation across banking channels and services is transforming the industry. At the same time, it increases the risk from sophisticated identity fraud and cybercrime – more fraud leads to more money laundering.”
All are concerned about the rising levels of sophisticated financial crime they face in money laundering, fraud and cyber, but all are united in their view that AML compliance teams can and will rise to the challenge. As a case in point, last year the industry took the explosion of new sanctions against Russia in its stride, following the invasion of Ukraine. The industry is resilient, determined and committed to winning the war against financial crime.
What lessons can firms learn from the regulator, moving forward?
Although Graham operates within the legal sector, his viewpoint as a regulator is universal. His advice to firms is to revisit practice-wide risk assessments regularly, to make sure they are fit for purpose and reflect new AML risks properly, ensuring controls and resources are directed to priority areas.
This seems obvious, yet so many firms fail to take a dynamic approach to changing risk threats. “This will go some way to implementing a truly risk-based approach,” he adds. He also encourages firms to take a more holistic approach to customer due diligence and move beyond simple KYC identity checks for high-risk situations, particularly sources of funds and sources of wealth checks.
“Overall, I anticipate practices continuing to resource and strengthen AML controls, to meet expanding regulatory requirements, supervisory expectations and other obligations in this space,” Graham concludes.
With special thanks to:
