Braving the AML storm swirling on the horizon
Estimated read time: 2-3 minutes
Start rating: *****
Topics: AML/CTF and Risk Awareness training
There’s no ignoring that 23 million is a big number. As is a $700 million fine, or even the $45 million one before that. And that’s without legal and remediation costs factored in…
As we await the outcome of Westpac’s anti-money laundering and counter-terrorism financing scandal and reflect on the earlier Commonwealth Bank and Tabcorp cases, we can’t help but notice that discussion has been centred on flaws in implementation and oversight of IT systems.
While it’s admirable that the institutions self-reported to and/or fully co-operated with the regulator, AUSTRAC, these cases have raised some key questions.
The current climate is ripe for compliance with AML/CTF rules to be approached from a new perspective. Too often, implementation and accountability rests with IT departments that generally get treated merely as a cost centre. Few organisations value and engage IT as a project partner capable and worthy of strategic input into revenue-generating activities.
And yet AML/CTF risks only arise at touchpoints between external customers and internal people and systems. This means that the crucial role IT plays in facilitating customer experiences is overlooked, and it should be involved in all stages of product and service design, implementation and management much sooner than it typically is.
The power and the passion
There is a perfect storm swirling on the horizon, and the right response is to plan to build a windmill not a wall. Some institutions will need to transform their thinking to develop appropriately oriented AML/CTF mindsets:
- Managing legacy systems that will struggle to cope with changing protocols, standards, and consumer preferences – between Open Banking, the New Payments Platform, SWIFT ISO 20022 migration, consumer demand for 24/7, fast, convenient and secure transacting, and systems that are a just plain old and not in optimal condition, many institutions have some serious procurement and upgrade decision-making ahead
- Environmental, social and governance (ESG) criteria – as if regulator perception that self-regulation has failed and so they’ve had to intervene wasn’t enough, shareholder activism has been ramping up over the past decade. Investors can now earn as good returns from ESG funds as from standard funds, often at lower risk too. Research from the Global Sustainable Investment Alliance and Morgan Stanley now back up the proposition that better governance really can equal better returns. ASIC has been advocating that doing good equates to consumer and commercial good for years
- Transparency and clarity build trust – consumers and employees alike are convicted and empowered. They have strong opinions and have never been offered more avenues to express how they feel. We can rant on social media, and track and rate just about anything we order. Everyone wants to work for an organisation hailed as an employer of choice. We purchase from brands whose values align with our own – proudly displayed via the device manufacturers we swear by, the apps we install, the pop sockets we click on, and the headphones we don. Conscious consumption has made a comeback, so the businesses that survive are the ones that are transparent about their activities and communicate clearly to their customers.
What do you see and in the future where will it be?
So, what does that all mean for organisations examining their ML/TF risks? What are the operational prerequisites for an outward-facing, future-proofed AML/CTF framework?
- Where are we?
Map your products and services. You’ll likely have several categories and sub-categories. If your range is limited, give each product or service its own main branch and map out your delivery workflow instead. If you like, use graphic creation tools built into your preferred word processing software or download a product hierarchy template you can adapt
- Think outside in
Remember, touchpoints trigger exposures and risks. Firstly, identify where in your product and service delivery processes that external customers interact with internal systems. Then you can properly identify the nature and level of associated risks, and work out AML/CTF-friendly functionality, user access permissions, and protocols etc.
Whether you’re rolling out a new product or service, or implementing or enforcing a regulatory requirement, your customers will be affected. So why not put them at the forefront of your planning?
- Dare to data share
Data governance is king. Analysing and getting insights is important for multiple areas, ranging from anomaly and risk detection, to internal communication and training, to thought leadership and customer engagement.
The more structured your data, the more easily you can analyse and benchmark. You might think that applications to AML/CTF would be limited, but in fact findings like correlations between certain language being used internally (or by customers) and risky or non-compliant conduct are worth discovering and being in a position to act on. Whether you’re sharing good or bad news internally or publicly, or redrafting an operational manual, data and analysis add credibility to your messages.
Note that AML/CTF exposes both financial and non-financial risks, so sound data governance is a friend.
Completing the picture by talking and listening
Commentary on Tabcorp, Commonwealth Bank and Westpac has expressed some common themes, such as systemic failures, indifference on the part of senior managers, and inadequate oversight on the part of boards – missteps not lost on APRA and ASIC, given their recent publications on these very issues. Additionally, Tabcorp and CBA incurred fines and remediation costs that likely exceeded efficiencies they may have been aspiring to achieve.
When you consider your customers experience first, you inherently discover your AML/CTF risks and what weighting you need to give due diligence of ‘know your client’ and ‘know your transaction’ – in an insights rich, near-frictionless environment for you and your customers.
Is it a financial risk, conduct risk, operational risk, what?
However your business conceives of its AML/CTF compliance program, it requires a whole of organisation perspective and company-wide consultation. A little more time, money and effort spent getting it right will reward you with a well-informed and assured workforce, satisfied regulators and devoted customers. And that could be blissfully priceless…
Related learning
Get clear and meaningful, up-to-date coverage of applicable regulation and rules from our comprehensive AML/CTF program, which includes compliance planning, customer due diligence, reporting, and record-keeping requirements.
Incorporating some high profile cases, our Privacy and Data Protection course outlines the key issues you need to consider to ensure your organisation’s privacy and data protection activity is compliant and modelling best practice.