"Paradigm-shifting changes, I think. One of the identified objectives of the new Act is modernizing the AML/CFT systems of financial institutions to better prevent and detect potential violations. It’s right there in black letters: banks need to enhance and evolve their internal systems along the entire client life cycle. This means looking at artificial intelligence and other enhanced data analytics to better meet the regulatory expectations of the new Act.
What this means is a shift in perspective. No longer will customer data be static data—rather it will become dynamic as it is tied to transactional data, providing the ‘fuel’ for ever-advancing styles of AML monitoring systems. The ultimate aim is having systems that leverage things like predictive analytics to flag client and transaction better, with less false-positives, really allowing analysts to focus in on the problematic clients and cases.
As exciting as some of this change may be, it presents a host of challenges for institutions of any size.
Some key questions to consider include:
"Cash is moving to the margin, whereas online money transfers, digital wallets, and simple mobile online payments are moving to the mainstream. Statistics that I have seen show over 2/3 of consumers are moving away from cash to cards and, strikingly, digital wallets. Currency is becoming digital— banks most definitely need to be!
This trend means more businesses will want to accept online payments and test out alternative payment methods. Well, fraudsters’ attempt to steal that money will increase proportionally. Currently, card-not-present fraud has risen, representing billions of dollars in losses that will eventually fall on the shoulders of payment service providers and card issuers. Clearly, they have every incentive to start modernizing systems and technology to counteract this concomitant rise in fraud.
So, digital banking and payment services will require enhanced security and counter-fraud measures. Predictive analytics and machine learning continue to dominate the list of top options for financial institutions to consider. What they can provide (potentially) is a steady move to real-time transaction monitoring, with a strong eye towards predictive analytics. If implemented correctly, these systems can scan billions of transactions and catch isolated cases of fraud before they become larger and larger series of activity. These systems will also promise greater speed and efficiency than the traditional, rules-based surveillance systems most institutions have. However, as discussed above, implementing these systems will be the real challenge."
"There’s no question that the days of traditional paper-based customer due diligence are numbered. This has been accelerated through the pandemic but it was always a trend whose time would come. We see it in payments and, given customer expectation, we will have to see it in account opening and monitoring too.
For banks, this means doubling down on your digital KYC processes. Clients will expect it. It also means that you need to think very carefully about the customer security apparatus that surrounds your processes. Blockchain technology is a strong technological contender for enabling an efficient, secure, and immutable system for storing and exchanging sensitive customer data and other credentials. In addition, digitizing the KYC process can result in significant operational savings.
Another interesting development will be the regulatory appetite for using social media as part of the due diligence process. When you think about the digital footprints created on social media platforms, it could be a vital adjunct in the entire due diligence process. Using photos, posts and the like could be instrumental in confirming (or disapproving) a potential customer, based on defined risk matrices.
The 2020 Act provides some clues here. Consider, for example, that there’s a radically shorter customer due diligence rule for the Secretary of the Treasury to draft. The Act directs the Secretary to “rescind the entire CDD Rule, except for the first paragraph, which requires covered financial institutions to develop written and ‘reasonably designed’ procedures to identify and verify the beneficial owners of their legal entity customers.” That’s huge, and potentially a subtle signal of the ways in which Congress has started to think about digitalization in financial services."
"The very nature of cryptocurrency creates financial crime risks. Transactions are irreversible, often involve anonymous (purely digital) parties, move very quickly across networks with impenetrable native security (strong cryptography). Although useful for legitimate transaction too, cryptocurrency is the ideal medium for nefarious activity.
It’s also becoming commonplace in a classic criminal practice: money laundering. To layer the illicit cryptocurrency, actors are able to leverage dedicated infrastructure like mixers, foggers, and tumblers or turn to newly created gambling sites and other mechanisms. Once it is layered into transactions, then actors can integrate that digital currency into financial institutions, perhaps using “micro laundering” where actors exchange small parts of a digital currency for fiat currency that’s later deposited into accounts. The goal of course to have small transaction to hide the laundering.
It is not a new process, just a new spin on the classic money-laundering cycle. The challenge is having the people, processes and technology in place to catch this sort of activity. And that’s where the risk lies for most institutions. It’s not the high-level activity but its digital characteristics that present a challenge.
Regulators have recognized this, but there is no global standard for AML in digital currency and assets. Fragmentation is fraud’s best friend. For example, digital currency has changed the nature of ransomware attacks because attackers have an ideal source of anonymous funds."
"New ways of working and accelerated change in customers’ habits have necessarily created new and evolving risks.
For one thing, the risk is disbursed across various systems. When everyone was working inside a bank, using the bank’s systems and network, it was much easier to monitor and control activity to mitigate financial crime risks. With staff now using private machines and private networks to access bank systems, it becomes more difficult to control and monitor the various access points. This creates a clear operational risk. In fact, regulators are warning institutions to monitor their IT networks and non-public data; third-party risk; and cyber security incident response plans; and to invest in staff training and awareness.
Risks also appear in customer due diligence and AML monitoring. For example, financial institutions started to use remote onboarding and identity verification due to social distancing and office closures. While a good stopgap, it has created potential loopholes for money launderers, especially in cases where financial institutions aren’t fully equipped to verify customer identities remotely. Global regulators have thus encouraged their institutions to look closely at this and improve their processes.
And, finally, I see a key risk emerging in finding and retaining talent. Working from home allows individuals to live where they want, opening opportunities for professional mobility. For many KYC/AML functions in banks this has meant high churn in their operational teams and difficulties in locating the right talent with the right skills. Recent industry polls have shown this risk moving steadily to the forefront of banking executives’ calculus as they consider future risk in KYC/AML."
"Every organization will need to increase the firepower in their banking services divisions. Nobody wants to leave fate to chance when the stakes are so high.
This means hiring more people with the skills you need, or training up your current employees, or relying on external service providers and targeted consulting, or a combination. Each has pros and cons.
Our view at mthree is that it pays to build out your in-house capabilities for the long term. That’s why – as the emerging talent and reskill training partner for public and private organizations across the globe – we offer two solutions. Through mthree Alumni, we help organizations bring in graduates we've trained in targeted skills in banking services and set on a path to become your permanent employees. Through mthree Reskill, we train your existing employees for the purpose of role development and role transition. Our industry-aligned pathways in banking services cover Business Analysis, PMO, Data Operations functions, Regulatory, Risk and others."
Could we help you too? To find out more, please get in touch with one of our Directors of Banking Services. You can reach them by email on the details below.