07/12/2020 Risk management

Anti-Financial Crime in 2021+

Increasing regulatory pressure

If 2020 was a year of restraint on the part of international regulators due to the Corona pandemic, this reticence is very likely to subside in 2021. Enforcement activities will be increased and appropriate and even harder action in case of violations will be taken. This will affect not only the Anti-Money Laundering (AML) sector, but also Anti-Bribery & Corruption (ABC) and other regulatory areas.

The developments surrounding the European Banking Authority’s (EBA) Anti-Money Laundering mission, which will have an impact in the coming years, as well as the budget increase by the US Department of Justice (DOJ) in the field of combatting financial crime and corruption will lead to an increasing investigative pressure and are only examples to support this predicition. The DOJ budget increase will affect internationally acting companies also from the non-financial sector by the US Foreign Corrupt Practices Act (FCPA). As hardly before, the current times are characterized not only by economic uncertainty but also by the fact that internationally operating companies are finding themselves in the middle of geopolitical disputes. The discussions about Huawai and Nord Stream are just a few examples of this. Given the fact that some of the mentioned legislations and enforcement actions are somehow protectionist and geopolitical measures, setting up a robust compliance system is an important factor of self-defense for companies across industries. A robust compliance system for continuous monitoring the risk situation in cooperation with business partners, whether as part of the supply chain or the sales channels, should be more important than ever.

Focus topics: Sanctions, KYC, TBML, and Virtual Assets

In the AML/CFT (Combating the Finance of Terrorism) domain, the focus will continue to be on the areas of Sanctions and KYC, as well as the specific monitoring processes in trade finance and trade-based money laundering (TBML). In addition to interface problems in the underlying software solutions, the systems and processes here are quite complex and still offer high vulnerabilities for attacks by criminals and terrorists. In addition, the use of AI to detect anomalies and new suspicious patterns will play a key role here. Traditional (purely) rules-based systems will be mandatory to be supplemented or replaced at the perspective of the next 2-5 years.

Since the FATF has sharpened the guidelines on the topic of digital identity in the context of the KYC process in this year’s summer, it can be assumed that this will be a focus of audits and enforcement actions in the years 2021 and the following. Companies must ensure that they use reliable and transparent methods of validating (digital) identities in order to counter the risks involved in money laundering and terrorist financing. The corresponding impact on the risk assessment comes without saying, as well as the consideration of data protection, which has long been an independent and serious compliance issue by itself.

Based on this year’s FATF plenary session, we will expect further guidelines on the handling of virtual assets within AML compliance. This will be welcome not only within the EU but across the world. Stay tuned. FATF also announced a new report/guideline for TBML to be published soon.

Closing the Gap: The 3rd Line of Defense

The complex processes around securing the so-called 3rd line of defense in compliance are not only to be tested for increasing efficiency advantages. Ensuring AFC governance is about nothing less than closing the gaps between effective and technical compliance of the entire AFC compliance system. It needs to be ensured that the underlying systems are working and are in use at all, the systems underneath are effectively and efficiently adjusted, the group policies and rule specifications are adhered to, they are traceable down to the smallest entities, an overview of the group’s risk situation can be obtained.

This affects all regulated companies that are heading up a consolidated unit and who are responsible for the underlying units in terms of compliance, up to the Group/Chief Compliance Officers. As part of the Compliance Factory and following international benchmarks, especially EMEA based regulatory companies need to shift investments in compliance more towards innovative technology.

Automation & Quality Assurance

Cloud-based automation and robotics will play a more obvious role in the Compliance Factory. This will be driven by increasing pressure on margins on the one hand and increasing regulatory pressure on the other. Furthermore, this trend is supported by the increasing shortage of skilled workers and – in Covid-19 or future pandemics – the increasing difficulties of teams working together in offices.

The use of AI-based detection and prediction models will increase. This is especially true in the quality assurance and harmonisation of data and watch/sanction lists, as well as in the prioritization of further investigations/mitigation processes. However, the first incidents due to failed decisions by solutions that have not been sufficiently modelled, trained and properly tested will become public. Cloud-based AI services will increasingly be used to overcome these challenges as they are more powerful and enable the implementation of the necessary test strategies, to be proven and documented as required by the regulator.

The discussion about the regulation of AI models will have an impact on the acceptance of AI as part of compliance systems. While regulators’ initial attempts to seriously open up the use of AI models have been noted since 2019, this has been accompanied by a fair amount of doubt, which essentially related to the black box character of the models. The research on the explainability and responsibility of AI will be important to observe. Research teams around the world are working to create this transparency. We can expect actionable results here in 2021/2022. In addition, positive effects in the field of “model-based reasoning” can be expected. This “white box approach” contains the explanation and transparency already in the model. The approach has not been without criticism since the 1990s and requires far more effort in modeling than conventional AI models.

In the context of cross-institutional cooperation, but also in cooperation with law enforcement authorities and regulators, new possibilities for quality assurance and benchmarking will arise, which will have a direct impact on improving the risk situation of each institution as well as on the entire potential public private partnership. Here, neither the smaller, nationally operating institutes should be passed over, nor should they withdraw and leave the benefits only to the international or global acting ones. It is the author’s conviction that only through such partnerships consistently defined digital end-to-end processes can be defined in a reliable and sustainable way, not at least in the areas of correspondent banking and trade finance and the associated CBML and TBML efforts. This is by the way one of the few really useful application areas of blockchain technology within Comp– apart from virtual assets – in the sense of decentralized, purely distributed ledger technology (in opposite to e.g. the AWS Quantum Ledger Database).

Case Management & FIU Reporting

In 2021, the first proofs of concepts will be found in the AFC compliance environment to test the use of Natural Language Generation (NLG) to realize further efficiency gains in compliance work, especially in the area of identification and regulatory reporting of suspicious cases. The first products are already on the market and more will enter in the next two years. At least these approaches are to be observed, as they can represent a considerable potential for increasing the systems efficiency and pave the way for a “Digital Compliance Assistant” over the next 3-5 years.

Operationally, the case management systems have to cover 360-degree views on the customer and to enable a combined persepctive on AML/CFT and Fraud together. Of course they need to support different views and different processes for investigations and mitigations. This increases the need for largely flexible case management solutions, which serves different channels (e.g. AML, KYC, Sanctions, Fraud, ABC, Whistleblowing, etc.) and must meet the different processes and information needs. So much for the theory.

In practice, the real benefits of such “all-encompassing” case management systems must become apparent in the coming years. As such advantage will be bought by a complex system with many dependencies, it may not be able to withstand the requirements in the individual specialist domains, as the specialized application case management solutions could.

Either way, there should be functions available that support the investigation of cases, from the preparatory provision of relevant data to the actual collaborative analysis and decision-making processes and regulatory reporting. In addition to link analyses, data assistants, advanced analytics, as well as rules-based workflow management needs to be mentioned.

AFC Compliance will remain exciting beyond year 2021.