This article aims to explain the fifth European anti money laundering directive, AML V, as well as discuss the general direction AML processes are heading and the investments that banks should do to stay ahead.
Key perspective takaways
• AML V is knocking on the door with several new challenges.
• The directive is mostly addressing smaller issues and decreasing the risk of cryptocurrencies by making cryptocurrency exchanges designated institutions.
• However, it points to an automated future and banks need to reassess their processes to stay ahead of the game.
• Some of the potential improvements are:
o More efficient regulatory reporting and automated information exchanges with the FIUs.
o Leveraging interbank KYC registries to improve risk models.
o Improve and automate internal processes such as the customer risk assessment and transaction monitoring.
• 421 is a trusted consulting partner within the financial services sector with extensive experience in Regulatory Compliance, Business Development and IT Transformation. Contact us at firstname.lastname@example.org.
Just as AML (Anti Money Laundering) IV was implemented, and with many seeking respite from structural changes in the AML department, AML V has been announced. What does it mean and how much will really change because of it? In this post we break down AML V and speculate what that future holds within the AML space.
First and foremost, what is AML V? In short, it’s an amendment to AML IV. The most substantial changes apply to cryptocurrencies and the exchanges that facilitate transactions from crypto to fiat (or national) currencies. Following that, there are a number of detailed amendments regarding transaction limitations which won’t directly affect the AML and KYC processes at banks. However, an interesting take on the amendment (and a hint to where we think future amendments or directives might be heading) are that the changes point to a more automated and interconnected process between the banks and the Financial Intelligence Units (FIUs). Today, processes are often handled via manual routines which slow down processing times. This could be a request through email or through a portal that needs to be processed by a human at the bank before being completed. The regulators want to improve and speed up this process by establishing automated and interconnected links between the banks and FIUs. This is indicative of larger changes to come, both for the benefit of FIUs as well as the banks themselves.
AML is heading in a digitized direction
For now, the digitization could be limited to external connections with the FIU for compliance purposes. However, stopping there would be to forego the competitive advantage of creating a more efficient AML process. So here are a few general ways we see AML processes changing.
Digitized connections with the FIUs
As previously eluded to, this is probably the lowest hanging fruit for banks to grapple with due to AML V. An example of a real initiative to speed up regulatory reporting and communication between the bank and the FIUs, is goAML, a software. The software, which is created by the United Nations Office on Drugs and Crime, aims to be the global, or at least European, language for AML reporting. Right now, the software is mostly used as a communications portal between the FIU and the banks, where banks can submit their suspicious activities and the FIUs can request additional or unrelated information.
In the future, for AML V compliance, some of the requests sent by the FIUs will need to be completed in an automated fashion by the banks to decrease the waiting time for the FIU. In doing so, this would clearly also generate time and cost savings.
Interbank KYC registry
A slightly higher hanging fruit is the standardization and risk-minimizing initiatives to make an interbank registry for KYC (Know Your Customer) information. That is, to speed up onboarding processes of new customers as well as minimize the risk of incorrect KYC data affecting the internal risk models. One example is the registry joint venture explored by the major Nordic banks, which would use blockchain technology and serve small and medium-sized corporates.
However promising the registry solution is from a cost and risk perspective, it might only apply to corporates as data regarding individual customers covered by GDPR might stifle the innovation in that aspect. Though, if the customer explicitly allows his or her data to be used in an interbank KYC registry, it might still work. Either way, challenges remain on the individual customer front.
Automated internal processes and utilization of big data
The fruit hanging at the top of the tree are all the manual processes used by banks for customer risk assessments and transaction monitoring. Looking to the future, it is hard to imagine many of the manual tasks we spend a lot of time and money on today surviving in the long term. At the heart of the problem is a mindset of regulatory compliance as a burden and cost of doing business. However, to thrive in a highly regulated landscape, regulatory compliance should be seen as a way to get a competitive advantage.
To improve the customer risk assessment for example, there are many forms of data not utilized today that could be utilized for better assessments tomorrow. An example is running adverse media screenings on all current and potential customers. Such a screening could reveal information not previously known about an individual or firm, which could greatly improve the risk assessment. Another example is tapping other databases on customer information. However, the impacts of GDPR are of course always overhanging, so a dialogue with the regulator would be necessary prior to such a move.
Transaction monitoring is another large area where improvements can be made. To identify target individuals and predict future purchases / behavior based on transaction history, sophisticated data analysis methods need to be tapped. By conducting more accurate transaction monitoring analysis, target individuals could be caught and reported at a very early stage, thus minimizing regulatory repercussions of missing something important as well as minimizing manual monitoring. Of course, purchase trends can change, which makes it necessary to revise and update the current risk models. An advantage would be to automate this process through AI to identify trend shifts as they occur and change the risk model accordingly.
Beyond implementing new tools and rewriting the underlying risk models, there is always the need to automate. However, automation cannot predate the necessary effort to identify and implement the correct routines. Otherwise the risk of wasted time and investment by automating the wrong processes is ultimately greater.
Below you will find a bullet point summary of what AML V covers if you are interested in
further reading around the topic:
• To designate virtual currency exchange platforms as obliged entities, with a view to improve
the detection of suspicious virtual currency transactions
• To set lower maximum transaction limits for certain pre-paid cards
• To enable financial intelligence units (FIUs) to request information on money laundering
and terrorist financing from any obliged entity
• To enable FIUs and competent authorities to identify holders of bank and payment accounts,
through automated centralized mechanisms at the member state level
• To improve access to registers of beneficial ownership, and to ensure the direct interconnection
of these registers to facilitate cooperation between member states
• Increase of the exchange of information between member states in order for them to build
their AML policy and draw their measures, notably in the case of banks that are part of a
group located in another member state
• Make customer identification mandatory for remote payment transactions exceeding €50
• Give member states the option to give access to the beneficial owner register for a fee and
through online registration
• Bring additional security to individuals that are adversely exposed for reporting money
laundering or terrorist financing suspicions, internally within their organization or to an FIU