We’ve summarized the key developments:

• Changes to the grey list.
• Revised International Cooperation Review Group (ICRG) criteria.
• Assessment methodology revisions.
• Mutual evaluation preparations.
• Strategic initiatives.
• Priorities of the incoming Mexican presidency.

Changes to the grey list

Monaco and Venezuela added to the grey list

Monaco

Monaco, which has the highest concentration of millionaires and billionaires in the world, was added to the grey list due to insufficient progress in combating illicit financial flows. This decision comes after a review by MONEYVAL in December 2022, which revealed the following insufficiencies:

• A misalignment in Monaco’s investigative and prosecutorial practices concerning ML, especially a shortfall in tackling complex cases commensurate with its risk exposure.
• A need to amplify the country’s measures in prioritizing ML cases and enhance the effectiveness of seizing, confiscating, and recuperating proceeds derived from financial crimes.
• A lack of efficiency regarding beneficial ownership checks, specifically in ensuring the fitness of entities.
• An inadequate sanctions regime that lacks sufficient severity, deterrent impact, and is often enforced after unjustifiable delays.

While Monaco had made some progress since 2022 in identifying ML/TF threats – adopting nine laws to toughen its rules and boost its anti-money laundering (AML) body, the Autorité Monégasque de Sécurité Financière (AMSF) – there were still significant gaps flagged in the country’s AML regime. 

Monaco’s government has stated its commitment to being removed from the grey list, saying, “The principality confirms its determination to implement the latest FATF recommendations outlined in the declaration, in accordance with the planned deadlines.”

Venezuela

In early 2022, an assessment team visited Venezuela to prepare the country’s mutual evaluation report (MER). The team raised concerns about the ML risks associated with the nation’s large informal economy, which includes illegal mining. They also highlighted terrorist financing threats linked to the close economic alliance between Caracas and Tehran. Consequently, Venezuela has been added to the grey list and has agreed to implement its FATF action plan, which includes: 

• Strengthening its understanding of ML/TF risks, including in relation to terrorist financing and legal persons and arrangements.
• Ensuring the full range of financial institutions (FIs) and designated non-financial businesses and professions (DNFBPs) are subject to AML/CFT measures and risk-based supervision.
• Ensuring that adequate, accurate, and up-to-date beneficial ownership information is accessible promptly.
• Enhancing the resources of the financial intelligence unit (FIU) and improving competent authorities’ use of financial intelligence.
• Enhancing the investigation and prosecution of ML/TF.
• Ensuring that measures to prevent the abuse of non-profit organizations (NPOs) for terrorist financing are targeted, proportionate, and risk-based and do not disrupt or discourage legitimate activities within the NPO sector.
• Implementing targeted financial sanctions related to terrorism financing and proliferation financing without delay.

Jamaica and Türkiye removed from the grey list

Jamaica

In February 2020, Jamaica was placed on the grey list due to various deficiencies. These included the need to prevent legal persons and arrangements from being misused for criminal purposes, as well as the prompt implementation of targeted financial sanctions for terrorist financing. Since then, Jamaica has worked to implement its 13-point action plan by:

• Developing a more comprehensive understanding of its ML/TF risk, including all FIs and DNFBPs in its AML/CFT regime.
• Taking measures to prevent misuse of legal entities.
• Increasing the use of financial information.
• Implementing targeted financial sanctions for terrorist financing without delay. 

As a result of their progress, Jamaica has been removed from the grey list. Looking forward, Jamaica’s Minister of Finance and the Public Service, Dr. the Hon. Nigel Clarke, has said that before the end of 2025, Jamaica will be focusing on amending or introducing new laws to:

• Regulate virtual assets and virtual asset providers.
• Make the registration of non-profit organizations mandatory.
• Promulgate regulations that address certain targeted financial sanctions related to proliferation.

Türkiye

In October 2021, Turkey was added to the grey list for failing to adequately supervise banking, real estate, and other sectors vulnerable to ML, including cryptocurrency. Since then, the country has committed to implementing its FATF action plan by enhancing AML/CFT supervision, imposing strong penalties for violations, and improving financial intelligence use. 

As part of its efforts to enhance the country’s AML regime, the Turkish parliament passed a new cryptocurrency law on June 26, 2024. The law mandates that crypto asset service providers must obtain permission from the Capital Markets Board (SPK) before they can begin operating. Existing service providers will need to apply for a license within one month of the law being enacted, or they must declare their decision to liquidate within three months. The bill also includes definitions relating to crypto assets and providing crypto asset-related services.

After being removed from the grey list, Turkish Vice President Cevdet Yilmaz highlighted the significant positive effects on the country’s financial and real estate sector. In particular, he hopes the development will substantially bolster international investors’ confidence in Türkiye’s economic infrastructure. Moreover, Yilmaz pointed out that the heightened interest in Turkish lira assets, spurred by increased national capital inflows, would further hasten the disinflation process.

Revised International Cooperation Review Group (ICRG) criteria

New criteria have been approved for selecting countries for examination by the International Cooperation Review Group (ICRG). This process aims to identify countries with deficiencies in their AML/CFT frameworks that pose risks to the global financial system. The FATF may list these countries as either “grey” or “black”, indicating different levels of concern. The revised criteria are set to be implemented in the forthcoming assessment cycle.

This update to the prioritization criteria is part of a series of measures intended to refine the FATF’s listing procedure and make it more equitable and transparent. The watchdog also recognized the unique challenges the least developed countries faced in meeting its standards. By considering these challenges, the FATF aims to provide a fairer assessment framework that acknowledges the varying capacities of countries to address AML/CFT deficiencies.

Methodology revisions

The global watchdog also agreed on how countries will be assessed for their adherence to the updated FATF Standards regarding asset recovery and international cooperation. These standards were revised and adopted in October 2023 to enhance the global fight against financial crimes. Moving forward, each country must demonstrate a commitment to several key practices to ensure compliance with these revised standards:

• First and foremost, countries are required to show they are making asset recovery a priority. This involves the competent authorities actively identifying and tracing properties involved in criminal activities. Moreover, these authorities must be successful in obtaining and enforcing confiscation orders. By doing so, they can effectively deprive criminals of their ill-gotten gains.
• Additionally, countries are expected to facilitate constructive and timely international cooperation. Given the often cross-border nature of financial crimes, this aspect is crucial for the efficient recovery of assets and the broader effort to combat such crimes.

These measures aim to fortify global financial security by ensuring countries are equipped and willing to tackle the challenges associated with asset recovery and international legal cooperation. Compliance with these revised standards will be assessed regularly to guarantee countries remain committed to these objectives.

Mutual evaluation preparations: India and Kuwait

Two MERs were discussed in detail at the plenary. Regarding India’s report, the watchdog praised its high technical compliance with FATF standards and acknowledged the effectiveness of its regime in areas like understanding ML/TF risks, international cooperation, and the use of financial intelligence. However, it was pointed out that India could enhance its efforts by:

• Supervising and implementing preventive measures in certain non-financial sectors.
• Improving the timeliness of ML/TF prosecutions.
• Tailoring CTF measures for the non-profit sector to better match a risk-based approach. 

On the other hand, Kuwait’s evaluation concluded that the country has a robust legal and supervisory framework to combat ML/TF/PF. Yet, there are significant weaknesses in achieving effective outcomes. Kuwait is advised to: 

• Deepen its understanding of ML/TF risks.
• Strengthen TF investigations and prosecutions.
• Ensure the quick legal freezing of terrorism or weapons of mass destruction-related assets.
• Enhance preventive measures against legal person misuse while protecting the non-profit sector from TF risks. 

Both countries’ reports are pending publication following the FATF’s final quality and consistency review.

The State of Compliance 2024

From developing a more strategic AML roadmap to a layered approach to sanctions compliance, this four-part webinar series provides compliance professionals with access to our Regulatory Affairs team and an array of industry experts ready to share the latest trends and best practices.

Register now

Strategic priorities

Existing initiatives

Being the final plenary under the FATF’s Singapore presidency, an update was given relating to each strategic priority that T. Raja Kumar initially set out in July 2022. 

• DNFBP compliance review: The FATF has completed its review of the measures that its members have in place to prevent gatekeepers (such as accountants, lawyers, real estate agents, and trust and company service providers) from being used to facilitate ML/TF. The FATF will publish the findings of this review in July 2024.
• Virtual assets standards update: The FATF will publish its fifth annual update on jurisdictions’ progress in implementing the FATF Standards on virtual assets and virtual asset service providers (VA/VASPs). While some progress has been made since the last update, most jurisdictions are only partially or not compliant with the standards, leaving VAs and VASPs vulnerable to misuse. The FATF is calling on all jurisdictions to swiftly and completely implement the requirements and will continue to monitor the situation. The fifth annual update will also be published in July 2024.
• Payment transparency revision: The FATF is updating its standards to reflect changes in cross-border payment systems, industry standards (especially ISO 20022), and ensure AML/CFT compliance. The plenary also discussed the results of a public consultation on draft amendments, aiming to make cross-border payments faster, cheaper, and more transparent. As a result, it was determined that further discussions with relevant experts are needed before finalizing the amendments.
• Global network cooperation: During the FATF-FSRB Annual High-Level Meeting, the representatives discussed progress in implementing the 2022 Strategic vision for the Global Network. As a result, they agreed on three priorities for the coming year:
  • Increasing FATF-Style Regional Bodies’ (FSRB) participation in FATF work.
  • Preparing for new mutual evaluations.
  • Strengthening regional AML/CFT expertise. 
• Women in FATF and the Global Network Initiative: As part of the Women in FATF and the Global Network (WFGN) initiative, Ms. Indranee Rajah, Minister in the Singapore Prime Minister’s Office and Second Minister for Finance and National Development, launched the e-book “Breaking Barriers: Inspiring the Next Generation of Women Leaders.” The e-book is part of the Singapore Presidency’s efforts to support women leaders and complements the multicultural mentoring program and other initiatives to strengthen the FATF and Global Network community.

Priorities of the incoming Mexican presidency

In February 2024, Ms Elisa de Anda Madrazo of Mexico was announced as the successor to T. Raja Kumar as president of the FATF. Ms de Anda will assume the FATF Presidency from July 1, 2024, to June 30, 2026. In addition to the three priorities mentioned above, Ms de Anda emphasized the following areas of focus for the Mexican presidency:

• Promoting financial inclusion by implementing risk-based standards with a proportional approach.
• Assisting in effectively implementing revised FATF standards, particularly focusing on asset recovery, beneficial ownership, and virtual assets.

Next steps

Compliance staff should ensure they are familiar with the outcomes of the June plenary – particularly relating to any upcoming MERs in countries they operate in. Regarding the changes to the grey list, firms must update the risk scores of relevant countries, with appropriate levels of due diligence being administered as required going forward. 

Dates related to forthcoming guidance issued by the FATF should also be noted. Such guidance will help shape and inform the future regulatory approach of national bodies.

The next FATF plenary is due to take place in October 2024.

Previous plenary coverage from ComplyAdvantage can be found here:

• FATF plenary February 2024
• FATF plenary October 2023
• FATF plenary June 2023
• FATF plenary February 2023
• FATF plenary October 2022
• FATF plenary June 2022

The post FATF plenary June 2024: Changes to the grey list and new priorities appeared first on ComplyAdvantage.

This article will cover:

• What it takes to implement an effective AML customer screening process.
• The most common issues businesses face when devising screening procedures.
• How technology can help businesses screen customers more effectively and efficiently.

What is customer screening in AML?

Customer screening in AML is the process of identifying and assessing the risk profiles of new and existing customers so that financial institutions (FIs) know exactly who they are dealing with. This involves checking customers against various databases, such as sanctions lists, politically exposed persons (PEP) lists, and adverse media sources, to detect any potential involvement in illegal activities. 

The goal is to ensure compliance with regulatory requirements and prevent the institution from being exploited for money laundering, terrorism financing, or other financial crimes.

Why is client screening important?

Financial businesses worldwide are required by regulations to implement effective customer screening policies and procedures. These are crucial because they ensure criminals cannot exploit legitimate financial services for nefarious purposes.

However, customer screening processes also have a significant impact on businesses themselves.

If the screening and monitoring procedures aren’t effective at identifying criminals, businesses are exposed to severe reputational damage and regulatory penalties. At the same time, if these processes aren’t conducted efficiently enough, they cost the business time and money every time a new customer is onboarded.

These costs add up quickly. Every additional minute it takes a business to screen a legitimate customer is an extra minute the customer has to wait to get the service they would like to use. So, in practice, customer screening processes directly impact the customer experience, the business’ reputation, and its bottom line.

AML regulations governing customer screening

Customer screening practices are mandated by know your customer (KYC) protocols, AML laws, and global anti-terrorism measures enforced by governments.

In the US, customer screening is mandated by the Unifying and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA Patriot Act), which was implemented in the wake of the September 11 attacks. The US Financial Crimes Enforcement Network (FinCEN) enforces this regulation in accordance with the Financial Industry Regulatory Authority’s (FINRA) Rules 2090 and 2111.

In the EU, all member states are required to implement the ‘new’ 6th Anti-Money Laundering Directive, which sets out ‘mechanisms…for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.’

In the UK, the Money Laundering Regulations of 2017 set out the rules for KYC and customer screening based additionally on guidance provided by the European Joint Money Laundering Steering Group and the Financial Conduct Authority (FCA).

This guidance is laid out clearly in the recommendations put forward by the Financial Action Task Force (FATF) and implemented globally by organizations such as The Middle East and North Africa Financial Action Task Force (MENAFATF) and the Financial Action Task Force of Latin America (GAFILAT). Specifically, the recommendations state:

Financial institutions should develop programmes against money laundering and terrorist financing. These programmes should include:

1. The development of internal policies, procedures and controls, including appropriate compliance management arrangements, and adequate screening procedures to ensure high standards when hiring employees.
2. An ongoing employee training programme.
3. An audit function to test the system.

Source: The FATF Recommendations, updated November 2023

The key components of an effective AML client screening process

Businesses implementing customer screening processes typically involve at least six distinct procedural components.

1. Customer due diligence (CDD): Before a commercial relationship is established, businesses are required to conduct due diligence processes to verify the information customers provide, including their names, dates of birth, addresses, and account information. All customers are subject to this scrutiny, so businesses need to be able to take these steps promptly and efficiently.
2. Enhanced due diligence (EDD): If the information provided is discrepant or the business uncovers any reason to subject the customer to additional scrutiny, the customer must undergo EDD. This involves a more thorough investigation into the customer’s details, businesses, and transactions and typically takes longer.
3. Sanctions screening: An integral part of any customer screening program is cross-referencing the customer name against the publicly available lists of individuals, businesses, and countries that are subject to sanctions globally. Should a customer be implicated directly or by association on such a list, the business will need to subject them to the additional scrutiny of EDD procedures.
4. PEP screening: Businesses also need to determine if the customer in question is listed as a PEP. This might be due to their direct involvement in political activity, such as their job or title, but may also be due to their association with someone holding political office. Notably, businesses need to keep checking such lists as changes in political circumstances around the world may change a customer’s status at any time.  
5. Adverse media screening: Besides checking publicly available sanctions and PEP lists, businesses also need to routinely screen customers against negative or adverse news stories published worldwide as they may implicate customers in criminal activity. This kind of screening needs to be conducted routinely to keep up with world events. It’s also crucial for businesses to track news events in different languages.
6. Ongoing monitoring: It is not enough for businesses to screen customers and their names before they begin transacting with them. An integral part of appropriate customer screening is the ongoing monitoring of all customers over the course of the commercial relationship to ensure that businesses are prepared for changes in the customers’ circumstances, emerging news, and updates to global lists.

Common challenges when implementing customer screening

Customer screening is a critical layer of defense in ensuring criminals aren’t able to use their resources to exploit legitimate businesses. At the same time, businesses must use their own resources to implement these processes, raising several key challenges for them. Chief amongst them are:

• Data quality issues: To effectively screen customer information against multiple lists from around the world, businesses need to ensure they have access to reliable data sources. If the data doesn’t update frequently enough or is incorrect in any way, it could lead to false positives and negatives. False positives make screening processes take longer, wasting time and frustrating customers. False negatives expose businesses to reputational damage and regulatory fines.
• Employee productivity issues: At an operational level, compliance and customer onboarding teams must be able to screen customers thoroughly and efficiently. If employees need to access multiple systems and screens to do this, it slows them down and keeps customers waiting. Crucially, it makes it more expensive for businesses to then scale these processes as they grow.
• Customer experience issues: While customer screening processes are necessary to help businesses manage risk, they also mean it takes customers longer to get what they’re paying for. The longer it takes a business to verify a legitimate customer, the more frustrated that customer is likely to become. In an intensely competitive landscape, this can often affect how likely a customer is to work with a given business in the future.

Best practices for effective customer screening

Given the complexity and inter-connectedness of the challenges businesses face when implementing customer screening, it’s worth considering the following best practices:

• Implement a risk-based approach: Businesses should implement customer screening processes based on a deliberate risk-based approach that accounts for the degrees of risks they are willing to take. That might mean lighter screening procedures for some customers and enhanced processes for others. The important thing is to detail these specifics in terms of policies and implement procedures based on this thorough analysis.
• Use automation to gain leverage: To ensure employees can screen customers quickly and confidently, businesses can use software and automation to traverse the vast data of global lists and dynamically update client risk scores based on new information. This ensures processes move at a faster pace, and new employees can be added to compliance teams with less friction.
• Prioritize staff training: Technology can help businesses screen customers more efficiently, but ultimately, these processes rely on the judgment and intuition of employees. By investing time and effort in improving documentation and employee education, businesses can ensure their screening procedures are implemented with the appropriate care and discretion each customer requires.
• Conduct routine audits: Once implemented, every customer screening program needs to be rigorously tested and scrutinized objectively. Under the pressure of meeting quarterly benchmarks, it’s easy to overlook the issues that might emerge when processes are actually applied. So, it’s vital to routinely audit the program, looking for weaknesses, inefficiencies, and opportunities for improvement.

Market-leading AML customer screening software

Financial businesses of all sizes use ComplyAdvantage to balance the efficiency and effectiveness of their customer screening programs at scale. Here’s how it makes a difference:

• By streamlining the onboarding process, businesses utilize advanced AI technology to screen new customers against a variety of risk factors, including sanctions, PEPs, watchlists, adverse media, and enforcement data. 
• ComplyAdvantage enables access to complete customer profiles conveniently on a single screen. This simplifies the automation of risk assessments, allowing businesses to focus on prioritizing customers who pose the highest risk.
• The platform also offers capabilities to analyze the team’s screening workload easily and maintains a comprehensive record of all case decisions in one centralized location. This functionality is critical to ensuring compliance teams are always prepared for an external audit.

BigPay improves analyst efficiency with integrated customer screening

Award-winning FinTech BigPay experienced these benefits first-hand when it decided to partner with ComplyAdvantage for customer screening to replace its manual, ad hoc processes. The firm needed a flexible, unified platform that could scale across multiple markets and handle volume spikes during periods of peak demand. Furthermore, BigPay needed a solution to automate workflow processes for name screening and adverse media searches, freeing up analyst time for more in-depth investigations. With ComplyAdvantage, BigPay was able to custom-build a single proprietary interface connecting multiple tools, trackers, and databases via a single API. The financial services firm also set up unique screening profiles for its individual markets, providing proportional controls for different products and transaction types – such as remittance and e-money. Accessible search profile configuration and fuzziness fine-tuning streamlined the process of aligning with new regulations.

“We now have the benefit of researching sanctions, PEPs, and adverse media all at the same time from a large number of sources rather than using multiple tools and databases. The time saved comes from only having to research the alerts, rather than wasting time looking for them.”

Ashwin Nazareth, FinCrime Operations & Disputes Principal, BigPay

The post What is customer screening & why is it important for AML? appeared first on ComplyAdvantage.

It’s certainly an essential component in know your customer (KYC) and anti-money laundering (AML) regulations.

But without an efficient, scalable, and reliable way to continuously detect hidden risks in customer activity, it would be almost impossible to prevent financial crime from taking advantage of legitimate financial services.

This article will look at:

• Why ongoing monitoring is so important.
• What it takes to successfully monitor customers.
•  How automation and software can help.

What is ongoing monitoring in AML?

Ongoing monitoring is the process of routinely assessing customers and their transactions for risks for criminal activity such as money laundering or terrorist financing.

Unlike the screening processes at the start of a new customer relationship, an ongoing monitoring program is a continuous effort to verify that customers are who they say they are and that their transactions are legal and compliant.

Why is ongoing monitoring important in AML

Ongoing monitoring is a critical layer in a company’s overall AML efforts because it tracks and verifies both customers and their activities over a long period of time. This is crucial for three reasons:

1. Customers may not be participating in criminal activity when they first start transacting with a financial business. But they might start doing so later on. Without an ongoing approach to detecting risk, the business would be none the wiser and yet completely exposed.
2. Financial criminals go through great efforts to present as legitimate actors, often posing as legal businesses or even manipulating legal businesses to transact on their behalf. But while these efforts might be enough to bypass initial screening procedures, the more they transact the harder it becomes for them to continue fooling a robust AML operation.
3. Even if a customer isn’t participating in illicit activities, their risk levels may change over time. For instance, the outcomes of elections in foreign countries may mean certain customers are now considered politically exposed persons (PEPs), new stories may emerge about their involvement in other criminal activities, and the ultimate beneficial ownership of their businesses may change hands. All these changes merit further investigation as they emerge.

This is why the ongoing monitoring program is so important to ensuring FIs can protect themselves from the regulatory penalties and reputational damage that can result from failing to detect criminal activity.

The AML regulations and requirements for ongoing monitoring

Given its critical role in detecting criminal activity, ongoing monitoring is now a central requirement of every major KYC and AML regulation around the world.

• The UK’s Money Laundering Regulations of 2017 require firms to “conduct ongoing monitoring of a business relationship, including—(a)scrutiny of transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds) to ensure that the transactions are consistent with the relevant person’s knowledge of the customer, the customer’s business and risk profile; (b)undertaking reviews of existing records and keeping the documents or information obtained for the purpose of applying customer due diligence measures up-to-date.”
• Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) require all reporting entities to comply with ongoing monitoring requirements as of 2021.
• The Australian Transaction Reports and Analytic Center (AUSTRAC) mandates ongoing customer due diligence with a view to identify, mitigate, and manage the risk of reporting entities being involved in or facilitating money laundering or terrorist financing.
• The Reserve Bank of India (RBI) recently updated its AML and CTF requirements to mandate closer ongoing monitoring of transactions in customer accounts.
• The US’ Financial Crimes Enforcement Network (FinCEN) enforces ongoing monitoring to identify and report suspicious transactions as part of its customer due diligence (CDD) rule.
• The Financial Action Task Force includes ongoing due diligence as part of its International standards for combating money laundering and terrorist financing.

Penalties for non-compliance

Financial institutions have been fined severely and repeatedly for AML-related infractions, amounting to more than $50 billion since the global financial crisis of 2008.

Violations that receive the biggest penalties typically involve a failure to effectively calibrate AML measures with a firm’s risk profile, including deficient customer due diligence processes and a failure to monitor PEPs and high-risk entities.

For instance, in 2022, a European bank received one of the largest fines of the year for insufficient transaction monitoring of high-risk customers and inadequate measures for enhanced due diligence, even though it had claimed its AML systems were effective.

The main components of the ongoing monitoring process

Ongoing monitoring is an essential aspect of a company’s overall efforts to conduct due diligence on its clients and identify any risks of money laundering or terrorist financing activity.

Based on the business’ risk-based assessment, ongoing monitoring will be conducted as part of both standard customer due diligence (CDD) and enhanced due diligence (EDD).

It’s made up of several component processes that typically include:

• Transaction monitoring: To routinely observe and report on the nature of client transactions and whether they’re in line with the client’s stated objectives, historical patterns and within the scope of legitimate transactions of that nature.
• Ultimate Beneficial Ownership (UBO): To maintain an ongoing understanding of the client’s source of funds as well as keeping tabs on the individuals or entities who ultimately gain from the client’s activities.
• Sanctions checks: To regularly consult sanctions lists from all around the globe in the event that anyone representing the client or their business should be subject to additional layers of scrutiny as identified by governments and authorities.
• Adverse media: To continuously monitor media and publications around the world for any indication that anyone representing the client or their business is implicated in nefarious activity that might warrant additional due diligence and controls.
• PEP checks: To regularly determine whether or not the status of anyone representing the client or their business should be updated to highlight their political exposure and therefore require an increase in scrutiny or change in policy.

Ongoing monitoring best practices

Globally, AML regulations expect reporting businesses to continuously monitor their clients’ activity with general requirements around reporting suspicious behavior and maintaining documentation on policies and controls.

But the onus is still on businesses to implement a system of ongoing monitoring that is both effective at detecting risks and efficient enough to run sustainably. Some best practices that can help businesses on this path include:

• Prioritize an ongoing approach to risk scoring: Some businesses only implement risk scoring for their clients as part of a single spreadsheet-based exercise. While it might seem to reduce the effort required from compliance teams, this leaves businesses exposed to inevitable changes in the client’s circumstances and patterns. For ongoing monitoring to effectively detect risk, businesses need risk scoring to be constantly updated.
• Leverage automation to scale efficiently: Machine learning can have a sizable impact on a business’ ability to monitor all of its clients on an ongoing basis successfully. With the right integrations and interfaces, it can dynamically update risk scoring and proactively collect new information on clients from sanctions lists and adverse media to ensure compliance teams can reliably detect risk at scale.
• Documentation cannot be an afterthought: A constant audit trail of every decision, policy and control is absolutely essential to ensuring that regulators have the information they need while also ensuring internal audit teams have everything they need to assess processes. This documentation needs to be an innate, ideally automatic part of the AML process rather than an additional step to be manually implemented after decisions are made.

Automated ongoing monitoring solutions

Financial institutions around the world rely on ComplyAdvantage’s ongoing monitoring solution to run more efficient, effective AML processes. They’re able to combine:

• An easy-to-use, highly configurable platform that intuitively presents data from multiple sources so analysts can get the full picture faster.
• Market-leading proprietary data that leverages machine learning to dynamically update profiles based on adverse media, PEP lists, and sanction lists globally.
• A process that includes fewer false positives, a faster way to manage alerts, and a constant auditable trail of every decision and action taken.

Investment company Freetrade experienced this firsthand when the company determined it needed to implement more rigorous ongoing monitoring. Freetrade selected ComplyAdvantage as a partner that could deliver ongoing screening and monitoring alongside the flexibility to configure the lists it screened against. 

“The quality of data we get through ComplyAdvantage is really important to us. Through ComplyAdvantage, we have comfort that we’re screening and identifying high-level PEPs and all the way down to local councilors.” 

Rob O’Sullivan, Director, Financial Crime Compliance and MLRO, Freetrade

The post What is the point of ongoing monitoring in AML? appeared first on ComplyAdvantage.

But how do firms discern reality from exaggeration? And when the AI models get increasingly complex, will they do what they are told?

Data tests have become an industry standard to verify the performance of complex AML screening products.

What is a data test?

A data test is a systematic evaluation of data sets and algorithms to assess their quality, accuracy, and reliability. They are a practice run for a screening provider in their most basic form, with many examples being tested. They typically involve applying predefined criteria or algorithms to identify anomalies, errors, or inconsistencies within the data.

While data tests serve as the bedrock of sound analysis, common pitfalls often emerge. This article scrutinizes three of the most common missteps in the data testing process and provides insights into effective remediation strategies. 

The 3 most common data test mistakes and how to fix them

Mistake 1: Testing true positive matches in isolation from noise levels 

For compliance screening providers, two objectives reign supreme:

1. Matching true positive entities: When a risky entity undergoes screening, firms expect the system to flag that risk, even amidst corrupted input data. This corruption could manifest in various forms: The alternative transliteration of names, missing middle names, transposed dates of birth, or relocated entities. 
2. Managing false positive levels: False positives constantly challenge compliance teams. As regulatory requirements increase, so do compliance costs, leading to prolonged onboarding processes and increased expenses. These costs can spiral out of control if unchecked, making products uncompetitive.

Surprisingly, many data tests overlook the interconnectedness of true and false positives, failing to acknowledge the tradeoff between them.

When this crucial link is missed, an inefficient loop is created where a data test result recommends the loosest engine settings, causing compliance processes to crumble under an unrealistic workload a few weeks later.

The fix: When designing a data test, include both true positive searches and false positive searches. Whenever possible, make false positives plentiful and representative of real-life searches.

Pro-tip: Don’t tell potential screening vendors which searches are supposed to generate hits.

Mistake 2: Failing to consider data pipeline and target demographics

Data tests can assess a plethora of use cases. However, not all tests apply to every use case. An ideal data test would be designed with a firm’s data pipeline and customer demographics in mind.

When considering a plausible case of corruption, for example, firms should consider the following:

1. Additional information: Tested examples should be equipped with the typical information a pipeline collects. For example, if the year of birth information is always collected, it should be included. This way, firms can partner with a screening vendor whose engine works for their data.
2. Identity verification checks: Similarly, if a pipeline collects middle names, whenever present, the data test should mimic this.
3. Demographics: Varying jurisdictions and demographics will present nuances that should be accounted for. For example, if a large proportion of customers are located in the Middle East, it may be worth doubling down on testing the sensitivity of alternative Arabic transliterations.
4. Counterparty screening: In some cases, firms may lack data to differentiate between personal and corporate accounts when screening counterparty risk. This information should not be included in the firm’s data test.
5. Joined accounts: One of the most common real-world corruption cases relates to joint account screening, e.g., “Mary Sue-Smith and Vladimir Putin,” where the screening engine needs to detect both account holders before screening them individually. If a firm’s data includes joined accounts, this must be a feature in the data test.
6. Unrealistic corruption for modern pipelines: If engineering teams perform their jobs exceptionally well, certain errors should not be feasible. For instance, it is only reasonable to test scenarios such as “GARAF Afatsom” if it could realistically occur, where the search is for a mirror image of the authorized individual “Mostafa FARAG.”

The fix: Carefully consider the data pipeline when designing tests. If there are any known historic true hits, test them too.

Mistake 3: Underplaying “the unfindables” problem

Despite various tests to detect the deliberate use of homoglyphs (aka search engine gaming) and mirror image tests (where names are spelled back-to-front), some major compliance pain points remain unaddressed.

Imagine a new valuable customer named “Mohamad Ahmad” needs to be onboarded. 

There are ~150 million people in the world named Mohamad. And about one in 25 of them has the surname Ahmad. A back-of-the-envelope estimation says there should be about six million people with this name, and a few dozen of those six million people will be sanctioned, while others will have other AML risks attached.

With a basic search engine, investigating all potential risks associated with “Mohamad Ahmad” could take days. Even then, the investigation is likely to be flawed due to the sheer volume of manual work involved. Without additional supporting information, risks associated with individuals like Mohamad Ahmad remain virtually unfindable.

While a relatively small proportion of names (up to 10 percent) are extremely common, they are responsible for many remediation efforts. Hence, most data tests underplay the importance of this compliance pain point.

The fix: Add supporting information that helps narrow down the search. Mohamad Ahmad, born in 1990 and living in the UK, should be a much easier case to screen when all data is used effectively. For data tests, add common names and supporting information to test these cases.

As more AI-powered screening solutions enter the market, rigorous testing will be the cornerstone of informed decision-making. By scrutinizing screening providers through comprehensive data tests and addressing common pitfalls, businesses can harness the full potential of AI while mitigating compliance risks and maximizing operational efficiency.

The post 3 common data test mistakes when evaluating an AML vendor appeared first on ComplyAdvantage.

• Anti-money laundering (AML) software that’s designed for banks.
• A way to quickly tell what differentiates leading solutions.
• How respected third parties assess top adverse media and AML vendors’ capabilities.

This article summarizes the ten top AML software vendors for banks, listing their key strengths and explaining the use cases they respond best to.

AML software for banks: 4 features to look for

When compliance leaders in banks are assessing their AML software options, key considerations should include:

1. Data quality: The breadth, depth, and timeliness of vendors’ AML data is critical to a successful program. Compliance teams should ask where vendors source their data, how they manage updates, and what quality controls they have.
2. Use of AI: While many vendors will discuss AI in marketing materials, compliance leaders should dig into specific use cases and the benefits existing customers have experienced. Effective examples are improving efficiency, prioritizing highest-risk alerts, and building a network view of risk.
3. An integrated approach to fraud and AML: Deploying fraud and AML in an integrated way – as opposed to in siloed teams/operations – will improve efficiency and efficacy, helping to identify potentially connected activities and behaviors that may otherwise be missed.
4. Keeping pace with regulatory change: From real-time payment rails to emerging fraud typologies, the expectations of customers – and the challenges to protecting them – change frequently. Legacy providers may be slower to adapt to these developments. At best, this could leave banks slower to implement new products – at worst, customers may be exposed to financial crime risks due to a lack of agility.

Top AML software vendors for banks

1. ComplyAdvantage

ComplyAdvantage’s AI-driven fraud and AML risk detection solution improves the efficiency of banks’ compliance workloads by reducing false positives by up to 70 percent and shortening onboarding cycle times by up to 50 percent. Its automation scans unique data using graph network detection, identity clustering, and dynamic thresholds to give banks three central capabilities:

• Customer screening: With a real-time risk database using flexible screening parameters for automated monitoring, integrating data feeds, case management, and CRM.
• Adverse media screening: Using an AML and combatting the financing of terrorism (CFT)-focused taxonomy aligned to regulatory guidance to trigger the most relevant alerts against comprehensive, structured profiles.
• Transaction monitoring: Through a unified cloud-based platform that monitors risks in real-time and maximizes straight-through processing with configurable risk-based rules.

Top ComplyAdvantage Features

ComplyAdvantage’s AML solution is ideally suited to digital and regional/mid-market banks and larger banks looking to leverage AI at scale. To help these banks balance business goals with compliance obligations, the solution offers the following features:

• AI-powered risk detection – Capture novel AML risks using machine learning (ML) models, identity clustering, and graph analytics instead of pre-defined rules.
• Anomaly detection – Spot hidden red flags with peer group data, unsupervised ML algorithms, and dynamic tuning based on analyst feedback.
• Real-time risk approach – Get system-wide updates based on global watchlists, sanctions lists, and politically exposed person (PEP) lists every hour, and keep configuring rules as you go.
• Alert prioritization and flexible workflows – Identify and prioritize alert risk factors and set specific rules for different customer tiers according to your risk-based approach.
• Coverage for all payment rails – Cover every payment type, including ACH, Swift MT, SEPA, Direct Debit, FedNow, Faster Payments, and SEPA ICT.
• Coverage for non-transaction events – Take advantage of holistic insights on customer behavior events like logins and profile changes.
• Integrated case management – Open an investigative case directly from an alert with easy integrations across the workflow and automation to reduce human error.
• Behavioral analytics – Use identity clustering based on customer behavior to identify accounts controlled by a single hidden entity.
• Built-in archiving – For continuous transparency and easy access to all transaction records, making it easier to collaborate with regulators.

Get a closer look at our AI-driven AML solution for banks

Find out how banks of all sizes use ComplyAdvantage to scale intelligently.

Request a demo

2. LexisNexis Risk Solutions

According to Aspiring Solicitors, LexisNexis is “a leading global provider of legal, regulator, and business information and analytics that help customers increase productivity, improve decision-making and outcomes, and advance the rule of law around the world.”

3. Dow Jones Risk and Compliance

According to G2, Dow Jones Risk and Compliance is “a global provider of third-party risk management and regulatory compliance solutions.” The firm has operated since 1882, evolving from a news agency to offer a wider range of services.

4. LSEG Data and Analytics (formerly Refinitiv)

According to Crunchbase, the London Stock Exchange Group (LSEG) is a “provider of financial markets data and infrastructure.” LSEG acquired Refinitiv in 2021, expanding its service offering.

5. Oracle 

According to Crunchbase, Oracle is an integrated cloud application and platform service that sells a range of enterprise information technology solutions. The firm was founded in 1977 in California.

6. Accuity

According to Crunchbase, Accuity offers a suite of innovative solutions for payments and compliance professionals. The first has been in operation for two decades, evolving its service offering through expansion and an acquisition.

7. NICE Actimize

According to Crunchbase, NICE Actimize provides real-time fraud prevention, anti-money laundering, enterprise investigations, and risk management solutions. The firm operates in more than 30 countries worldwide.

8. Smart Search

According to Crunchbase, SmartSearch is an online provider of AML verification services.

9. FinScan

Crunchbase describes FinScan as providing “the most advanced sanctions list and PEP compliance solutions available to help financial services organizations.” The company was founded in 2008 and is headquartered in Australia.

10. Napier

According to Crunchbase, Napier is “a new breed of financial crime compliance technology specialist.” Founded in 2018 and based in London, the firm has secured investment from Crestline Investors.

How to measure success

While every bank will have different objectives and challenges, success metrics should include:

• Protect the firm and its customers’ reputation. Effective AML software ensures firms stay on top of the latest typologies and risks. 
• Deliver an outstanding customer experience. A well-deployed AML stack aligned with a bank’s risk appetite and risk-based approach should not hinder delivering new products and services to customers. 
• Effective internal processes. Intuitive workflows should allow compliance leaders to delegate resources, prioritize the greatest risks, and resolve alerts faster. 
• Continuous improvement and optimization: What success looks like will change as the bank and its financial environment evolve. Compliance leaders should work with their vendors to understand what other financial institutions are focused on and if there are more effective ways to achieve their financial compliance objectives. 

Next steps: Explore AML software for banks at ComplyAdvantage

Discover why banks worldwide choose ComplyAdvantage’s AI-powered AML software and book a demo to see it in action. 

All information is sourced from publicly available websites and is correct as of March 2024. If you’d like to request a correction, please e-mail content@complyadvantage.com, and we’d be happy to review this with you.

The post Top 10 AML software for banks appeared first on ComplyAdvantage.

AML fines in 2023

While fines are typically issued several years after AML failings occur, the top AML fines incurred in 2023 occurred across the following sectors:

1. Cryptocurrency – $5.8 billion+ in fines
2. Banking – $835 million+ in fines
3. Gambling – $475 million+ in fines
4. Trading and brokerage – $194 million+ in fines

Cryptocurrency – $5.8 billion+ in fines

In 2022, the cryptocurrency industry was ranked fourth in our review of AML fines, with $30 million in financial penalties. However, in 2023, the industry jumped to the top spot, with crypto companies fined over $5.8 billion for inadequate AML programs. According to a Financial Times analysis, this total results from 11 fines, compared to an average of less than two per year over the last five years.

AML compliance failures that led to these fines included:

• Violating the Bank Secrecy Act (BSA).
• Security shortcomings.
• Not registering as a money-transmitting business.
• Not conducting customer checks.
• Failing to uphold sanctions.
• Violating the International Emergency Economic Powers Act (IEEPA).

Banking – $835 million+ in fines

Although there was a significant decrease in AML penalties in the banking sector in 2023 compared to the previous year, some institutions faced substantial fines. Many of these fines resulted from years-long investigations that revealed institutions failing to make considerable progress in areas they had pledged to address multiple years prior. For example, one multinational bank was fined $186 million by the US Federal Reserve for persistent weaknesses in its controls on sanctions compliance and transaction monitoring. This is despite being fined $99 million a few years prior for the same issues. 

Similarly, the Financial Conduct Authority (FCA) discovered that a bank continued using inadequate AML systems, even though the regulator had raised concerns about them previously. The bank failed to make effective changes, allowing money to pass through the firm without appropriate checks. The bank also neglected to properly check its customers’ source of wealth (SoW) and source of funds (SoF), allowing the money to be used within the UK without proper scrutiny. 

Gambling – $475 million+ in fines

For the second year in a row, the Australian Transaction Reports and Analysis Centre (AUSTRAC) issued a substantial fine to an entertainment group for repeatedly violating the country’s Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CFT Act). Specifically, the company did not have a transaction monitoring program in place that was appropriate for the size and complexity of the organization. Additionally, its enhanced due diligence (EDD) program was found to lack appropriate procedures to ensure higher-risk customers were subjected to extra scrutiny.

Insufficient EDD programs were also key to many of the fines issued by the UK Gambling Commission. In one case, a customer was able to spend over £36,000 before any EDD checks were conducted. Inadequate SoF and SoW checks were also repeatedly noted, leading to another customer depositing £71,000 and losing over £70,000 without the operator having knowledge of the customer’s SoF or SoW. 

Additional failings by gambling companies identified by regulators in 2023 included:

• Accepting bets before being licensed.
• Violating advertising regulations or engaging in inducement practices.
• Accepting wagers that are prohibited by law.
• Offering bonuses that violate local gaming laws.
• Failing to prevent excessive spending and imposing account limits.

Trading and brokerage – $194 million+ in fines

In 2023, the Financial Industry Regulatory Authority (FINRA) issued three times the amount of fines compared to the previous year as the regulator upped its focus on non-compliance with Regulation Best Interest (Reg BI), which requires companies to prioritize customer interests ahead of their own. In one case, a former securities broker was fined by FINRA for engaging in unsuitable trading where they had de facto control. The trading resulted in high turnover rates and cost-to-equity ratios that were well above the traditional guideposts of six percent and 20 percent. As a result, multiple customers incurred significant losses, including one account losing $80,072.

In another instance, an investment banking firm was fined by the FCA for AML failings related to cum-ex trading. Despite red flags during the onboarding process, the firm ignored financial crime risks when executing trades on behalf of 11 clients, which resulted in a loss of over €22 million for one client. However, in this case, and many of the other penalties issued by the FCA, the firm did not dispute the regulator’s findings, making them eligible for a 30 percent reduction under the FCA’s settlement discount scheme.

AML violations with the biggest penalties

In light of the examples listed above, the AML violations that received the biggest penalties included:

• Lack of proper CDD/EDD measures: Many of the penalties relating to inadequate due diligence checks manifested as incomplete or insufficient verification of customer identities, failure to assess the nature of business relationships, or overlooking the ongoing monitoring of customer transactions.
• Failing to uphold sanctions: A key underlying factor that led to a large majority of penalties relating to sanctions noncompliance related to outdated systems that did not reflect current sanctions lists. 
• Not submitting suspicious activity reports (SARs): In addition to overlooking unusual or suspicious transactions, this common type of non-compliance also manifested in failing to train staff adequately on recognizing and reporting potential financial crimes. 

The State of Financial Crime 2024

Unpack the results of our global survey on what senior compliance decision-makers believe will shape 2024.

Download now

Recent and upcoming regulations to be aware of

In last year’s top AML fines blogs, we shared a concerning statistic that more firms are choosing to incur AML fines and make violations “all the time.” While the reasons behind why firms are becoming increasingly desensitized to fines are complex, keeping up with recent and upcoming changes to global AML regulations remains key to the overall stability of the financial system.

Our State of Financial Crime 2024 report explores these regulatory developments and their impact at length, a summary of which can be found below.

Key changes in AML regulations in 2023

• Hong Kong: In February 2023, the Hong Kong Monetary Authority (HKMA) published revised guidance relating to transaction monitoring, screening, and suspicious transaction reporting. The guidance underscored the regulator’s aim for authorized institutions to adopt a system that generates targeted alerts to deliver more actionable insights.
• United Kingdom: The UK’s Economic Crime and Corporate Transparency Act (ECCTA) was introduced in 2023 to combat illicit finance. The act included reforms such as a new failure to prevent fraud offense, a beneficial ownership registry, improved transparency, and enhanced intelligence-gathering powers for law enforcement. De-banking also became a significant regulatory obstacle in the UK after allegations of unfair treatment.
• United States: Preparing for the requirements set out in the Corporate Transparency Act (CTA) was – and continues to be – a major focus area for financial institutions (FIs) operating within the US. A key change that was introduced via this act was the requirement for firms to submit beneficial ownership information (BOI) to the Financial Crimes Enforcement Network (FinCEN). 

AML regulations in 2024

• Markets in Crypto-asset (MiCA) regulation: New regulations for stablecoin issuers in the EU will take effect in mid-2024, under the MiCA regulation. Other countries such as Hong Kong, Singapore, and the UK are also working on similar legislation. These regulations will increase scrutiny and require issuers to hold sufficient reserves, protect holders, and safeguard assets. The improved regulatory framework will promote transparency and accountability and boost institutional investor confidence.
• The Corporate Transparency Act (CTA): In the past, businesses in the United States were not required to publicly disclose or maintain a record of their shareholders or ultimate beneficial owners (UBOs). This lack of transparency allowed anonymous shareholders to control businesses and create shell companies to disguise and move illicit funds. To prevent this kind of activity, Congress passed federal legislation to collect beneficial ownership information (BOI) for entities formed under US state laws. This legislation, known as the Corporate Transparency Act, was passed in January 2021 and took effect on January 1, 2024.
• The European Union’s New AML Package: 2023 marked a big step toward the full implementation of the EU’s new AML package, consisting of (1) a new AML regulation (AMLR), (2) the 6th Anti-Money Laundering Directive, (3) a regulation establishing a European Anti-Money Laundering Authority (AMLA) and (4) an update to the Wire Transfer Regulation (TFR). The TFR was fully agreed upon in May 2023, bringing crypto-asset service providers (CASPs) within the regulatory framework and requiring them to collect and share originator and beneficiary information (the ‘Travel Rule’). Further steps toward full implementation will be made in 2024.
• The Economic Crime and Corporate Transparency Act 2023 (ECCT Act): The ECCT Act has been introduced to combat economic crime and promote transparency in corporate entities. One of the key features of this act is the reform of the UK companies registry, Companies House. The ECCT Act also includes provisions to hold organizations accountable if they profit from fraud committed by their employees, through the creation of a new failure to prevent fraud offense. Additionally, it reforms the corporate criminal liability laws for economic crimes, making corporations liable for their own economic crimes. The implementation of the provisions in the ECCT Act will be in stages since many of them will require systems development and secondary legislation before they can be implemented. However, as of January 2024, the Companies House Registrar has confirmed that initial changes will be introduced from March 2024.
• The FCA’s review of PEPs: In July 2023, the UK government asked the FCA to review its guidance on risk management for PEPs. In September 2023, the FCA announced it would examine how firms apply the definition of PEPs, conduct risk assessments, implement EDD and ongoing monitoring procedures, decide on account closures, communicate with customers, and review PEP controls. Although not a confirmation of new or updated PEP regulations, corrective measures may be taken based on the FCA’s findings – which will be presented by June 30, 2024.

How to avoid AML fines in 2024

Iain Armstrong, a Regulatory Affairs Specialist at ComplyAdvantage, believes that compliance officers need to prioritize good outcomes by emphasizing the human cost of financial crime over the financial cost. Firms should also not ignore the long-term reputational effects of widely-publicized fines and enforcement actions.

To mitigate potential AML fines in 2024, firms should:

• Improve customer screening measures to automate onboarding processes and exceed regulatory requirements.
• Access real-time global coverage with robust watchlists and sanctions screening software.
• Implement a transaction monitoring solution that screens in real-time and can be configured based on different risk appetites for various business flows.
• Provide adequate training to compliance staff on AML requirements, including reporting obligations, conducting sufficient SoF and SoW checks, and sanctions/asset-freezing measures. 

The post The biggest AML fines in 2023 appeared first on ComplyAdvantage.