While a key theme in AML is building the agility to handle a faster-moving environment, there is more to the world of money laundering than that. Ron V. Giammarco from EY discusses AML in detail
Almost lost in the early-year tumult of the presidential transition, Congress in January 2021 authorised a series of significant changes that will require financial institutions (FIs) to modernise their anti-money-laundering (AML) frameworks for the digital world.
Tucked inside the National Defense Authorization Act of 2021, the AML Act of 2020 (AMLA) resets national AML supervisory priorities, expands the Financial Crimes Enforcement Network’s (FinCEN) regulatory power and establishes a ‘beneficial ownership registry’ to facilitate better information sharing between FIs and legal authorities.
The goal is to modernise enforcement and monitoring of criminal and terrorist financing for the digital age. It requires AML programs to be ‘reasonably designed’, ‘effective’ and avoid blanket risk-avoidance via de-risking. It also demands that FIs better identify beneficial owners of reporting entities and expands Bank Secrecy Act (BSA) definitions to include ‘value that substitutes for currency’, including cyber currencies.
The AMLA presents FIs with a series of operational and risk-management challenges. While many of FinCEN’s specific rules and guidelines remain to be written, institutions should begin preparing their people, processes, and technology infrastructures now for the changes to come.
Building AML agility
The accelerating digital transformation is at the heart of the AMLA. Financial crime is moving too quickly on multiple fronts for traditional AML practices to effectively manage.
A key theme is building the agility to handle a faster-moving environment. Most FIs today update their AML risk management controls, including AML surveillance and monitoring, infrequently; many FIs only update their AML monitoring rules when they replace or upgrade their monitoring systems. FinCEN intends to publish its concerns around emerging criminal topologies and trends more frequently and will expect FIs to respond quickly.
If, for example, the agency tomorrow advised FIs to consider specific AML risks associated with Paycheck Protection Program loans — not an entirely implausible scenario — many FIs would struggle to develop effective monitoring because of data aggregation and quality issues and limitations in surveillance agility.
Advances in digital technology allow FIs to improve the speed and efficiency of AML risk management practices and responses.
Some institutions are upgrading to distributed frameworks that can leverage advance data-driven analytics, artificial intelligence, machine learning and other emerging technologies to build responsiveness. Others are considering cloud-enabled API solutions that use ecosystem partnerships on open platforms.
Using capabilities developed by others can be less costly than going it alone and can result in a faster time to implementation.
Some FIs will move more slowly due to heavy investments in legacy systems. Replacing that infrastructure is often costly and may have to be done incrementally. For now, FIs can layer innovative components on top of existing legacy systems where needed.
The AMLA also seeks to build better information sharing between FIs and law enforcement. As noted previously, it creates a ‘beneficial ownership registry’ for sharing information on entity ownership to attack the use of shell companies.
In the short term, this could create additional burdens for FIs; as the registry rolls out, FIs will need to determine how useful this information may be and how to utilise it in their day-to-day compliance processes.
With time, the registry also could create strategic opportunities. For example, serving as a foundation for a data-sharing utility that allows banks to share onboarding data through a cooperation model could reduce operating costs and improve customer experience.
What to do now
Aspects of AMLA will be phased in over time. Key considerations and questions for FIs to explore now include:
Your current AML risk framework
FIs should evaluate current risk appetites and approaches to determine whether current AML programs are ‘reasonably designed’, effective and able to adapt to change. Do they accurately identify suspicious activities, and can they move quickly when new risks arise? Do you know your customers well enough, and can you dynamically identify changing customer risks? Understanding the existing strengths and weaknesses will aid the transition.
FIs should determine whether their current technology infrastructure can address the AMLA’s evolving requirements. How scalable and agile are existing people, processes and technologies, and what areas require improvement? Do you need to add capabilities or new technologies to meet new, more nimble and data-driven AML risk demands? Many FIs will likely need to enhance technology and expand analytics and data science capabilities to meet the AMLA’s demands.
FIs should consider proactively investing in solutions and platforms that can streamline anticipated policy and procedure revisions. FIs that operate in numerous jurisdictions will continue to need to manage multiple country requirements. Will they need to consider how to quickly revise program documentation and processes to ingest new requirements and expectations? Are existing program governance and change management structures adequate and effective? Preparing now can make the transition more efficient and effective.
FIs should revisit their business strategies to align with new requirements. What changes to the operating model will be needed to agilely incorporate requirement and process changes? Do you have people with the necessary skills to manage risks in digital assets and cryptocurrencies? Most FIs will need to modify strategies, skill sets and models to create needed agility.
The AMLA is the most significant piece of anti-money-laundering legislation since the 2001 Patriot Act and will require FIs to embrace new BSA/AML frameworks and technologies. Institutions should prepare now for the transformation ahead.
The views expressed by the author are not necessarily those of Ernst & Young LLP or other members of the global EY organisation.
This editorial was first published in our Financial Crime and Fraud Report 2021 – How to Fight Fraud and Master KYC, Onboarding & Digital ID, which provides a comprehensive overview of the major trends driving growth in fraud prevention, identity management, digital onboarding and KYC, transaction monitoring, financial crime compliance, regtech, and more.
About Ron V. Giammarco
Ron is EY Americas Financial Services Information Technology Consulting Partner and EY Americas Financial Crime Operations, Technology, and Managed Services Leader. He brings innovative approaches to help EY clients manage their financial crime risks and regulatory requirements. He holds an MBA from Columbia Business School and a BBA in Accounting from Baruch College.
EY exists to build a better working world, helping create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. Working across assurance, consulting, law, strategy, tax, and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.