Financial Services Regulation – What will Keep Compliance Officers Awake at Night in 2022

By Rachel Wooley, Global Director of Financial Crime, Fenergo

2020 delivered the biggest shock to the financial services industry since the financial crash. Business continuity plans and other contingency measures were put to the test like never before, putting compliance officers under pressure to adapt annual compliance programmes. Many financial institutions grappled with the operational, financial, risk and regulatory compliance implications. Indeed, the pandemic laid bare many legacy technology and process deficiencies, as well as the need to improve compliance systems at scale.

Across the EMEA region, regulators continue to refine existing regulations implemented in the wake of the financial crisis and are now doubling down on policy areas such as anti- money laundering (AML), data protection and environmental, social and governance (ESG) risk.

But what AML regulatory developments should financial institutions in EMEA expect over the coming years and how can they ensure to meet compliance obligations?

AML in Focus – Tackling Regulatory Divergence

As the scale of financial crime continues to grow, the legislative environment has evolved to create a more transparent financial system.

The EU published its six-point AML / CTF (Counter-Terrorism Financing) action plan in May 2020 with the aim of creating a single rulebook, an EU-level supervisory body and a co-ordination and support mechanism for Member States’ financial intelligence units in the upcoming year. In July of this year, the EU formally published the package of legislative proposals, which included:

• A new EU AML Authority (AMLA)
• New regulation on AML/CFT
• 6^th Directive on AML/CFT
• Revision of the 2015 Regulation on Transfers of Funds

Though the AMLA will not be operational until 2024, and the regulation will not be applicable until three years after it has been published in the Official Journal of the EU, there are a number of indicative dates that should be considered as the financial services industry prepares.

The proposed 6^th Directive (‘6MLD’), which primarily deals with rules on national supervisors, financial intelligence units and national risk assessments, will replace the existing Directive 2015/849/EU. Such rules and provisions will need to be transposed into national law by each EU Member State within two years of publication in the Official Journal of the EU.

Since leaving the EU, the UK is no longer subject to EU AML Directives and, therefore, is not obliged to transpose the 6th AML Directive (6MLD). Despite this, the UK AML regime is largely consistent with the provisions of 6MLD and as a result, the legislative environment will remain largely unchanged. However, once the EU AML Regulation is in effect, it begs the question as to how the UK’s regime will measure against the EU Member States once they are all subject to the same AML rulebook.

In terms of beneficial ownership, the UK intends to introduce a publicly available beneficial ownership register for UK properties owned by overseas companies and legal entities in 2021.

In a recent plenary, the Financial Action Taskforce (FATF) launched a project to explore the benefits, efficiencies and cost savings that technology can offer as well as the challenges that digital transformation presents for AML/CFT. 

The FATF outlined how new technologies can improve the speed, quality and efficiency of measures to combat money laundering and terrorist financing and can help financial institutions assess these risks in ways that are more accurate, timely and comprehensive. The strategic initiative is designed to ensure that governments continue to implement effective risk-based FATF standards and ensure that criminals and terrorists do not exploit new and emerging loopholes.

With a continued reliance on manual processes, spiralling overhead costs and increasing regulatory complexity UK financial institutions are now investing heavily on AML compliance. Industry-wide investment in AML equates to approximately half of the UK’s national defence budget illustrating the scale and seriousness of the challenge. Technology is not only able to improve the way compliance is managed and protect the financial institution from risk, but can also significantly reduce these costs.

Remaining Vigilant in Troubled Times

The UK’s principal regulator, the Financial Conduct Authority (FCA) recently highlighted how the geopolitical situation in Afghanistan has demonstrated the continuing need for robust systems and controls that respond to evolving money laundering and terrorism financing risks.  

They said that: “Legislation, as well as technology solutions, have evolved to address the growing risk of terrorism financing since the commencement of the Afghanistan war, but there is still more work to be done. As bad actors seek to exploit vulnerabilities, financial institutions must ensure that strong policies and procedures are in place, as well as technology solutions that advance capabilities to detect activity relating to terrorism.

“Implementing a robust risk assessment policy is critical, and financial institutions must be ready to adapt policies and procedures to reflect emerging threats, including those related to terrorism. Implementing a technology solution that allows for real-time updates to risk assessments can ensure that financial institutions are pro-actively managing evolving terrorism threats in Afghanistan and beyond.”

Indeed, as we reflect on the 20^th anniversary of the terror attacks that sparked the war in Afghanistan, it is increasingly clear that the past two decades’ worth of AML reforms still pose more questions than answers. Have the regulations which followed those attacks really made for a safer world, particularly when it comes to the complex issue of anti-money laundering (AML) and counter terrorist financing (CTF)?

The direct response to the attacks was the USA Patriot Act, a regulation that has delivered mixed results in terms of effectiveness. The Act itself is a substantial piece of legislation that made considerable strides from an AML perspective: from strengthening banking rules against money laundering, to providing a greater emphasis on the necessity for financial institutions and law enforcement to communicate with each other. The issue is that the USA Patriot Act, and subsequent AML legislation, has failed to address the overall need for improved effectiveness in how financial institutions address money laundering and terrorism financing risks, including everything from information sharing to technology. 

The publication of the Anti-Money Laundering Act of 2020 (AMLA) is considered the most  sweeping change in twenty years, since the enactment of the USA Patriot Act. The AMLA has taken numerous steps in modernizing AML regulations with a key emphasis on effectiveness.

All government agencies were obliged to publish their AML/CTF priorities within 180 days following the publication of the AMLA. FinCEN now has a further 180 days to promulgate regulations that financial institutions will be obliged to incorporate into their AML/CTF programmes. Thus, the effectiveness of the AMLA will not be seen until financial institutions are examined against the new obligations that are expected to be included in the regulations.

Compliance is More Than a Tick Box Exercise

Often the trouble is less the regulation and more that compliance itself has become a tick-box exercise. The current regime fails to provide an oversight on client behaviour and the risk associated without asking: “does this aid law enforcement in the prevention of criminal activity?”.

In addition to the Beneficial Ownership registry – a significant portion of the AMLA – the Panama Papers and FinCEN Files have unquestionably moved the needle in the right direction with regards to AML reform. Looking back at all the rules that have come into force in recent years, one has to question whether they fully reflect the modern data challenges banks face around AML.

As criminal sophistication evolves, financial services providers must also adopt a technology-first approach.

Moving forward, and perhaps the only way forward, is a greater emphasis on the overall effectiveness of AML programmes and leveraging technology while adopting a risk-based approach. By preventing the cause as opposed to treating the infection, and by focusing on sharing information and actionable intelligence to law enforcement, this should enable a more proactive approach to combat the global and constant flow of illegal money.

The next year looks set to be a busy one for regulators and financial institutions across the UK and EMEA with several key AML regulatory developments on the horizon, as well as closer attention paid to data privacy and ESG. As such, compliance officers will need to balance meeting existing requirements but also be prepared for new requirements as they come into force.

With additional layers of complexity being added to an already burdensome regulatory regime, there’s an ever-stronger case for using technology to do the heavy lifting. By accelerating digital transformation and automating risk assessments and compliance processes, financial institutions will be better equipped to identify and mitigate risk.