Over the last two years, perpetrators of money laundering have taken advantage of economic upheaval and technological developments to pursue increased opportunities for financial crime. Digital payments and blockchain technology, for example, have helped create avenues for criminals to launder funds at new levels. Meanwhile, the backdrop of the coronavirus (COVID-19) pandemic has played into their hands, allowing criminals to capitalize on sudden, widespread change and disruption. Our Alexandra Will and Dave Bradshaw share UK AML and sanctions trends in this latest Anti Money Laundering 2021 In Depth Feature. To read other country specific AML features, download the full Financier Worldwide report.
To what extent is financial crime growing in frequency and complexity? How would you summarise recent trends in your country of focus?
Could you outline some of the key legal and regulatory developments in your country of focus affecting AML? To what extent are companies operating under heightened scrutiny, and reacting accordingly?
Alexandra Will: The applicability of the UK’s Money Laundering Regulations (MLR) was expanded in 2020 to include, among others, crypto-asset exchange providers. These businesses are now also required to be registered with the FCA. A substantial number of existing businesses withdrew their applications due to not yet meeting required AML standards. To prevent them from having to cease trading, the FCA extended the registration deadline, and thus the deadline for enhancing their AML frameworks, to March 2022. With the ongoing reform of the UK’s Suspicious Activity Reporting regime, further enhancements to the SARs filing process are expected for 2022. Finally, the Sanctions and Anti-Money Laundering Act 2018 has not received much attention since its enactment. Its effects will only become noticeable over the coming years. After leaving the EU on 31 December 2020, the UK is no longer bound by the EU’s AML framework, in particular the Anti-Money Laundering Directives (AMLDs). Rather, the UK now independently needs to ensure it remains aligned with international AML developments. While the UK had already implemented the 5AMLD into UK law prior to Brexit, it has not opted into the 6AMLD.
How would you describe AML monitoring and enforcement activity in your country of focus? What problems may arise for multinational companies as a result of the extraterritorial reach of certain laws, and greater collaboration between national agencies?
Alexandra Will: UK AML supervisors continued to increase their monitoring and enforcement activity in 2021, with a broader scope of enforcement actions and higher fines. Notably, in December 2021, the FCA fined NatWest £264.8m for failings related to customer due diligence and transaction monitoring. This is the first time the FCA pursued criminal charges for AML failings. In January 2021, the UK HM Revenue and Customs (HMRC) issued a record £23.8m fine for AML breaches, specifically, failures in the areas of risk assessment, policies and procedures and customer due diligence, by a money services business. While UK financial crime regulations do not have the same extraterritorial effect as, for example, some US regulations, UK regulations increasingly include elements of extraterritorial applicability. Examples include Part 7 of the UK Proceeds of Crime Act (POCA), the UK Bribery Act, and the corporate criminal offence as part of the Criminal Finances Act 2017. As such, firms with UK nexus, even indirect, need to be aware and monitor UK regulations and their potential exposure.
What steps should companies take to ensure adequate processes, programmes and policies are in place to support AML?
Alexandra Will: While it may sound simple, it is about “getting the basics right.” Firms need to implement and maintain a robust AML governance and control framework, that is regularly reviewed and updated to reflect changes in AML risk exposure. Looking at the fines issued by supervisory authorities in the UK and other European jurisdictions for AML failings, there is a clear message: fines are typically issued for ‘systemic control failures’ with regard to key AML controls, such as a robust customer due diligence process, ongoing transaction monitoring, conducting regular AML risk assessments and having relevant policies and procedures in place. Firms will not be able to guarantee, and there is no expectation, that no illicit monies flow through their organisation. They are, however, expected to maintain a robust control environment and understand and effectively manage their changing ML risk exposure to ‘do their part’ in the detection and prevention of financial crime as part of a bigger ecosystem.
In what ways can companies utilise technology to help manage risks arising from AML?
Dave Bradshaw: Machine learning, artificial intelligence (AI), robotic process automation (RPA) and verification tools, support the full customer lifecycle from onboarding to ongoing transaction monitoring and sanctions screening. Technology solutions remove the challenges surrounding face-to-face contact to verify identification. Benefits include the ability to detect identify theft and online fraud, and moving away from traditional paper-based methods, which improve turnaround times and increase accuracy levels. The FCA supports the use of digital identity processes that enable UK FIs to effectively identify and verify their clients. For ongoing monitoring, the explosion of digital payments, the increased sophistication of ML methods and networks, and enhanced regulatory scrutiny has further necessitated the need for these solutions to identify illicit behaviour.
What advice would you offer to organisations on integrating technology into their processes to enhance the efficiency of their AML capabilities and allow them to detect unusual behaviour and identify red flags?
Dave Bradshaw: There should be collaboration with relevant stakeholders and the tech providers to ensure software solutions provide a level of assurance that satisfies regulatory scrutiny and complies with the FI’s risk framework. FIs should stay deeply involved in the business requirements process, performance testing and understanding output so they can fully comprehend changes in alerts or behaviour. This knowledge enables FIs to work alongside the provider and explain to their regulators, internal audit and compliance personnel why certain alerts were created and others were not. Moreover, FIs should find a true subject matter expert to conduct before, during and after implementation validation services. While there is positive news from the Financial Action Task Force (FATF) and the FCA regarding the benefits of evolving technology, the use will predictably be met with some apprehension concerning effectiveness and how it replaces personnel. From a big-picture perspective, FIs should embrace the massive upside potential that supervised models can provide by reducing false positives, reducing lost time due to system limitations and highlighting risk typologies that money launderers might have otherwise evaded. All these measures will allow the augmentation of resources to concentrate on more high-risk areas where the attention is needed most.
Do you expect the risks posed by money laundering to increase in the months and years ahead? Do companies need to continually improve their systems in order to deal with current and emerging threats?
Dave Bradshaw: It is imperative that FIs continually review the risks and systems to prepare for new developments. An example is the increased use of cryptocurrency and how FIs will need to adapt to the monitoring and screening of blockchain activity. Challenger and digital banks should fully understand the AML regulations and implement adequate systems and processes to avoid FCA investigations concerning potential breaches of AML and financial crime rules. FIs may look to existing systems and technology to help detect new risks, however, as also noted by the FATF, this often takes time and funding, and in some cases, upgrades just do not happen fast enough. Therefore, when it comes to vendor assessment on technology providers, FIs should consider the vendor’s future technology roadmap to help with potential new risks as well as how it can demonstrate its ability today.
While it may sound simple, it is about “getting the basics right.” Firms need to implement and maintain a robust AML governance and control framework, that is regularly reviewed and updated to reflect changes in AML risk exposure.