The following Deep Dive examines how the 2008 financial meltdown paved the way for existing AML/KYC practices, and how FIs can work toward remaining compliant.
Banks, credit unions and other financial institutions have a significant responsibility, one that goes far beyond managing customers’ financial assets: They’re tasked with safeguarding the financial services ecosystem against bad actors, money launderers and other criminals.
A series of regulations was established to encourage a safer, more transparent financial services environment following the 2008 financial crisis. FIs have made strides in establishing know your customer (KYC) and anti money laundering (AML) policies, but these changes are routinely challenged by emerging technology and cross-border transaction costs.
Failure to meet AML/KYC requirement challenges can be costly for FIs, too, with regulators issuing heavy fines for lax security practices or failure to devote sufficient resources to oversight. Money laundering remains a significant problem in the financial services sector, though, despite the urgency brought about by 2008. Some of the highest activity has been reported in Europe, with a recent report finding that 90 percent of the region’s banks have been sanctioned for money laundering in the past decade. The United Nations Office on Drugs and Crime (UNODC) estimates the market for global money laundering is worth approximately $2 trillion per year.
It’s clear that money laundering is not going away on its own, and understanding potential solutions first requires grasping the current state of AML/KYC efforts. The following Deep Dive examines both the financial penalties FIs can face as well as the best practices to remain AML/KYC regulation compliant.
A DIY Approach To AML/KYC
One of the problems that AML/KYC procedures face is lack of standardization. The issue dates to 2014, when the procedures were first rolled out by FinCEN, which intentionally left out specific authentication standards that FIs must follow. It did this in hopes that such groups would implement their own high standards and raise the bar for stricter compliance requirements.
Allowing banks and FIs to pursue do-it-yourself standardization has unfortunately resulted in a chaotic and confusing system. Different institutions use varying forms of customer identification for verification, for example. One bank might require a birth certificate or passport, but another might need to see a Social Security card or government-backed identification in addition to a driver’s license.
A confusing verification process further contributes to onboarding frictions, often causing customers to re-evaluate their FI relationships. This puts FIs in the delicate position of trying to balance meeting AML/KYC obligations with delivering smooth onboarding and verification. To strike the right balance, they must embrace automated identity verification technology during the onboarding process. This, in turn, can offer a more thorough customer identification review.
Ushering In An AML/KYC Culture Change
Technology isn’t the only way FIs can address AML/KYC issues. Another is adopting a more aggressive approach to rooting out bad actors, a top goal in places like Europe where money laundering continues to be a significant problem.
The region has faced 83 separate AML-related fines imposed by 17 regulators in the past decade, with total penalties valued at approximately $1.7 billion. London-based AI firm Fortytwo Data recently reported that 18 of the 20 banks in the region had been sanctioned for AML-related offenses in the past 10 years, including Barclays, Lloyds, BNP Paribas and, most recently, Danske Bank.
The Dutch market faced the highest AML violation penalties in a decade in 2018. Following a joint investigation with U.S. authorities, ING admitted that criminals had laundered money through its accounts between 2010 and 2016 because of “serious shortcomings” in enforcing due diligence policies. The bank was fined $900 million to settle the investigation.
Certain European markets are flexing more regulatory muscle than others, though. The U.K.’s Financial Conduct Authority (FCA) is a current leader in enforcement, accounting for more than 30 percent of issued AML/KYC fines in Europe in the past 10 years. It appears ready to make AML/KYC even more of a priority with its Senior Managers and Certification Regime (SM&CR), a program which took effect last year to make financial services more accountable. Under the new rules, the FCA will need to approve senior managers at financial services firms and ensure that they clearly understand their responsibilities.
European-wide rules could also further AML/KYC cultural shifts. The implementation of new legislations like the GDPR and the updated Markets in Financial Instruments Directive (MiFID II) in 2018 could lead to even greater enforcement efforts. FIs will face a higher AML/KYC compliance bar as regulators become more aggressive. They must adopt their own cultures of due diligence to meet rising expectations, avoid running afoul of regulators and reduce the risk of hefty fines.
There are several steps banks can take to remain compliant while delivering smooth onboarding processes. They can onboard high-value customers when physically in a branch location, for example, and ask for a wide range of ID types for KYC and AML checks. Potential customers flagged as politically exposed persons can be assigned higher risk scores, and FIs can perform random ID checks throughout patrons’ customer life cycles.
It appears banks have a clear path forward as regulators prepare to turn up the AML/KYC heat: Get aggressive about compliance or risk getting burned by fines.