Few regulations are more vital to the financial services sector than those which tackle anti-money laundering (AML). A significant challenge for businesses, however, is that the laws are ever-changing.
“The regulations are frequently updated to address developments in the financial services industry, the new methods criminals employ and the recommendations of international bodies. Although the fundamental aim of the regulations remains consistent, the AML regime is becoming more complex and we can expect the regulations to continue to evolve,” says Shaul Brazil, a partner at BCL Solicitors.
Recent amendments to the regulations include the addition of further kinds of activity, such as cryptoasset businesses, the insertion of new high-risk factors to be taken into account when assessing the need for enhanced due diligence and the introduction of a requirement for firms to report discrepancies in beneficial ownership information.
The reach of AML regulations extends from global financial organisations to small startups. All of them, though, must satisfy a wide range of requirements. These include conducting risk assessments and implementing AML procedures such as due diligence on new customers, record-keeping, training, appointing compliance officers and making reports.
Constant vigilance is required to satisfy some in particular, such as evaluation of customers (especially those who are high risk), monitoring transactions (including bank deposits), and detecting suspicious activities that might need to be reported to the relevant authorities.
Exactly how effective an organisation’s AML controls are will depend on its risk profile, says Brazil. “There’s no one-size-fits-all and the policies and procedures that firms adopt must be appropriate to the nature, size and risk profile of their business.”
How companies can stay compliant
Whatever their size, firms should take a holistic view of the purpose of the AML regime to avoid compliance problems, he says. “The FCA has demonstrated in its recent enforcement actions that it is less concerned with the finer details of the AML procedures and more with their fundamental purpose.
“Firms should avoid a tick-box approach. They can fall foul of the regulations, not because they haven’t implemented them on paper, but because they haven’t focused on their purpose and whether their procedures are operationally effective.”
Clear documentation and processes that all staff can access and understand can certainly help, says James Alleyne, who is legal counsel at Kingsley Napley and formerly of the FCA. As a matter of good practice, he advises, firms should be proactive and not reactive. “Firms should constantly review and update their AML systems, so they’re tailored to the changing regulatory standards and political and market developments.”
The policies and procedures that firms adopt must be appropriate to the nature, size and risk profile of their business
The risks for firms falling foul of AML regulations are, he warns, daunting. Investigations by the FCA, which supervises AML law compliance in the financial services sector, can be costly, time-consuming and may cause business disruption. While the FCA can provide feedback to firms with inadequate crime systems and controls, it can also impose penalties for past breaches. In the past few months alone, it has imposed some £15.7m in fines on several firms found guilty of regulatory failings.
For many organisations, technology is easing the compliance challenge. Customer due-diligence software is well used by newly established fintech consumer lender Tembo, recently named UK’s best mortgage broker and best newcomer at the British Banking Awards.
“We’re a young, digital-only platform which operates in a relatively high-risk area and with multiple customers. We were warned at the outset that we could be a target for criminal activity,” say co-founder and CEO Richard Dana and compliance lead Ellie Riordan. “A key element of aiding compliance for us has been using technology to automatically cross-check customer data and verify customer identity and recognise potentially fraudulent behaviours.”
Staying up to date with anti-money laundering regulation
Crucially, commitment from senior management is not only expected by the FCA but is essential to create awareness of financial crime throughout an organisation. “It’s important to have a strong team culture and that starts with strong leadership, which sets the tone for compliance,” say Dana and Riordan.
“You must ensure that your different teams work together effectively and that compliance is included right at the beginning of any change to operations or product. We have honest, open discussions about compliance and people are free to disclose mistakes or issues they’ve seen.”
Training is a required part of compliance and its content and delivery are both important, says Alleyne. “It’s good to have a practical dimension for training to be effective, like case studies, so that it isn’t overly academic.” He recommends organisations ensure that staff have properly understood their training by using tools like computerised tests and that they maintain training logs.
While the FCA Handbook includes a guide on financial crime, many organisations seek external support to help them handle the compliance burden. Some professional firms and compliance consultancies can advise on effective AML regulation compliance and help with investigations and prosecutions. They may also offer support like compliance technology and regulatory updates.
Heather O’Gorman is head of payment services and financial crime at compliance specialist Thistle Initiatives. She says: “Many of our clients are startups. They can struggle to find the right level of operational staff. We help them establish their AML frameworks and controls, including due diligence procedures and training programmes.”
Tembo used FSCompliance to help it draft policies that complied with FCA guidance on AML regulations and to advise on how to establish and implement its compliance systems. “They’ve helped us compare our setup with those of their other clients, so that we can be best in class,” say Dana and Riordan. It now uses FSCompliance on a retainer basis, which provides the organisation with a check-the-checker service. “It has been invaluable to have an adviser who has a detailed understanding of the application process and the ongoing regulatory system,” they report.
For their organisation and others, such alertness and energy are what is required to meet the ongoing compliance challenge.
