By Salvatore LaScala
Money laundering and terrorist financing have been thrust further into the spotlight over the last 12 months. One notable legislative change is the implementation of the UK’s Economic Crime Act. In the US, the Biden administration has continued to focus on strengthening laws and regulations to tackle illicit financial flows and modernizing, building and enhancing regulatory and enforcement frameworks, particularly in the crypto space. Companies are directing more attention toward compliance, including anti-money laundering efforts. Having the right processes, programs and policies in place is key. Regular internal training programs should be carried out to ensure staff members understand the risks and their own responsibilities. Guidehouse's Salvatore LaScala shares his insights in the 2023 Financier Worldwide Anti-Money Laundering In Depth Feature.
The threat and complexity of financial crime continues to grow as transformation of global payment infrastructure continues. The worldwide adoption of instant and contactless digital payment methods has provided bad actors the opportunity to take advantage of weaknesses in the newer digital systems. Financial crimes involving cyber security have become increasingly sophisticated and harder to detect as cyber criminals are getting more creative in their methods by using a combination of technology and social engineering.
The Financial Crimes Enforcement Network (FinCEN) issued a final rule implementing the beneficial ownership information reporting requirements of the Corporate Transparency Act (CTA). The CTA authorizes FinCEN to collect and disclose beneficial ownership information for certain types of corporations, limited liability companies, and other similar entities created or registered to do business in the US. The ruling seeks to enhance corporate transparency to deter money laundering, tax evasion and other illicit activity conducted through ‘shell companies’. The ruling will impact tens of millions of companies, as they will need to report information about the individuals who own or control the companies. The rule will go into effect on 1, January 2024. Violators of the rule will be subject to civil and criminal penalties.
We have seen heightened scrutiny of digital asset services and how they have been utilized to violate Bank Secrecy Act (BSA) and anti-money laundering (AML) regulations. The White House’s Executive Order on Ensuring Responsible Development of Digital Assets included countering illicit finance as one of the six key priorities. Regulators such as the US Department of the Treasury (DOT), FinCEN and the New York State Department of Financial Services have fined several exchanges tens of millions of dollars for BSA and AML violations. The US Office of Foreign Assets Control (OFAC) issued its first-ever sanctions of virtual currency mixers, Blender.io and Tornado Cash. The DOT stated that it will continue to aggressively pursue actions against mixers that launder virtual currency for criminals. The move to sanction Tornado Cash was unprecedented, as it is essentially a smart contract. Imposing sanctions against an open-source smart contract, rather than against entities or individuals using it for illicit purposes, is extremely difficult to enforce because anyone at any time can send funds from Tornado Cash to any Ethereum address, implicating the account that received the funds in prohibited activity. Most recently, the collapse of FTX has sparked a massive regulatory response. Lawmakers, regulators and criminal investigators are looking into FTX’s collapse. The event has also renewed requests for oversight and legislation from Congress or regulatory changes by the federal agencies. The situation has created shock value that has highlighted the need for regulatory clarity within the US.
An effective AML program should start with an assessment and understanding of the risks presented by the products offered and the clients being served. Policies and procedures to mitigate risks must be clear and concise. Companies should have internal training programs in place to ensure employees understand the policies and procedures, and provide employees with examples of common red flags to watch out for. Accompanying the risk assessment, policies, procedures and training, should be a comprehensive coverage assessment to ensure that either transaction monitoring, investigative protocol or some other mitigating controls are in place to cover each red flag relevant to the financial activity. Here, and throughout the entire program, it is important to maintain a risk-based AML compliance program, thereby ensuring that critical compliance efforts are allocated where needed most, allowing the firm to tailor its AML program to its own level of risk exposure. The risk-based approach also helps the organization be proactive in determining the level of risk each customer presents and apply appropriate measures to manage that risk exposure.
Companies can utilize technology such as artificial intelligence (AI) and application programming interfaces (APIs) to automate much of the compliance process. These tools can be used to streamline steps in the client onboarding process, and ongoing customer due diligence, which includes transaction monitoring. AI can be used to detect risks and criminal connections that manual processes commonly miss. APIs allow institutions to automate various customer-screening requirements such as sanctions screening, negative news screening and identity checks. Historically, financial institutions (FIs) were required to set up contracts and technology integrations with each vendor they utilize for various customer due diligence screenings. This approach is quite cumbersome and inefficient. We are beginning to see some compliance vendors consolidate all these different tools under one platform to increase overall efficiency and improve the user experience.
When implementing various technologies, it is critical that the technology can be customized to the firm’s needs. Many companies tend to use technology that is like trying to fit a square peg into a round hole, which has a negative impact on the user experience, efficiency and final output. Organizations must understand the problems they are trying to solve and implement solutions that are responsive to that problem in a user-friendly and efficient manner. A common mistake we see is organizations that implement technology without spending enough time assessing their business requirements and ensuring that the implementation plan is coordinated with compliance teams and the ultimate end users of the program. If these stakeholders do not believe the new technology is compelling and configured appropriately, success is unlikely. Also, test as much as you can before flipping the switch and going live with any new technical solution. Do this testing not only to understand the new alert production numbers, but to obtain an understanding of whether you are being effective at capturing the activity you are looking for.
We believe money laundering will continue to be a growing problem. However, countries worldwide have recognized the need to address these risks and are implementing regulations, such as requirements for beneficial ownership transparency. These laws will make it harder for criminals to hide behind shell companies. FIs and technology firms are also making huge investments to improve and implement technology to address money-laundering risks. These tools will make it easier for FIs and law enforcement to detect and report suspicious activity. As always, the space is a game of ‘cat and mouse’. As systems change, bad actors try to find ways to exploit the system. Until we find a foolproof method of fighting money laundering worldwide, there will likely always be a need for continuous enhancements in the technology being used.
Reprinted with permission from Financier Worldwide Magazine. Click here to download the full report available on the Financier Worldwide Magazine.
This article is co-authored by Max Weber.