AML Back in the Spotlight

Major regulatory change initiatives grab the headlines, but there has been a flurry of AML fines in the last six to twelve months, combined with various announcements and guidelines from regulators across Europe regarding investment firms’ anti-money laundering processes and controls.

The FCA brought its first criminal charges for money laundering against a major high street bank which resulted in a fine of £264.8m, and there has also been other recent large fines for inadequate customer due diligence (CDD), transaction monitoring controls and suspicious activity identification and reporting.

Although it is often a challenge to identify specific requirements and expectations, particularly in principles-based regulations, global regulators have been quite direct and consistent in their messaging regarding AML controls and their expectations over the past few years. The FCA has spoken about ‘purposeful AML controls’ and issued a ‘Dear CEO’ letter to retail banks detailing common failings identified in AML frameworks. The Central Bank of Ireland issued AML Bulletin 7 in November last year following on from their ‘Dear CEO’ letter in December 2020 highlighting failings from recent review activity.

In each of these communications they have set out where they have identified failings in financial crimes systems and controls and where firms should be focusing. The themes outlined cover a broad area, but some key focus areas we have picked out include:

1. Governance & Oversight:

2. Risk Assessments:

3. Due Diligence:

4. Transaction Monitoring:

5. Suspicious Activity Reporting:

In our view, firms should be looking to do a thorough review of recent communications from regulators and undertake a detailed assessment against their own frameworks to identify any gaps or weaknesses. This should not just be from direct sector communications, but also taking the learnings from other sectors, as these often highlight areas where regulators are focusing across all different business model types.

In our experience of authorisation and supervisory interactions with regulators, they are continually asking whether firms have reviewed their communications, assessed their own processes and controls against the findings and whether the relevant Boards and Committees have reviewed and discussed the findings of reviews. Regulators also look to refer to identified industry good practice and assess a firm against their peers to identify outliers. We recommend taking a similar approach to reviewing internal frameworks.

Although there is always a strong compliance rationale for undertaking proactive reviews, in our experience there are also significant business advantages and efficiencies that have started through review activity. In recent years we have undertaken a number of projects with clients that have started out with a review of regulatory requirements and expectations but led to the implementation of new technology such as screening and monitoring solutions, workflow integration and digital dashboarding. This has resulted in significant efficiencies and benefits and enabled integration of the AML framework with other frameworks, such as product governance and client onboarding.