Colin Dixon 16 Sep 21 29 min read

Part 2, Compliance Challenges: Insights from the inaugural ACAMS Australasia Conference 2021

In part 1 of this series, we reviewed the current landscape and threat environment, if you missed it you can read it here. In part two we’ll dig into some of the compliance challenges that were discussed at the ACAMs Australasia conference.  

aus-conference-img-06-2021-24

Image source: acams.org

Identifying Risk 

As the basis of any AML Programme, identifying your risks and understanding your risk profile is incredibly important to enable the appropriate management and mitigation of those risks. Dr Nathan Newman, National Manager, Regulatory Operations, AUSTRAC outlines that there is still a varying degree of maturity across the industry, and that organisations need to be aware that their risk assessment needs to be customised to fit their specific risk profile. 

(the risk assessment is) not one-size fits all, it needs to be relevant and tailored to your business. Occasionally we see risk templates being used and this is not appropriate, the risks really need to be tailored to your business.” 

Dr Nathan Newman, National Manager, Regulatory Operations, AUSTRAC 


Newman outlined some cases where customers in a cohort with the same employer were grouped together and given the same risk profile/rating. In addition to risk assessments being tailored to your business, each customer needs to be assessed individually. Knowing your customer, understanding who they are and what their 
individual risk is, is paramount to achieving compliance obligations; without this it is difficult to mitigate, manage, or eliminate risk. 

In the Westpac and Commonwealth Bank cases the fundamental issue was understanding the risk and putting in place appropriate strategies to mitigate and manage the risks; “in a maturing regime these are basic concepts that should be a part of regular operations” Neil Jeans, Principal Consultant at Initialism. 

At Jade ThirdEye, our role is to assist organisations to operationalise their risks into a transaction monitoring programme, if you need help to understand your risks and build your risk profile, then speaking to an external AML/CTF advisor is always beneficial. 

Money Laundering Risk 

Jeans outlined a key distinction around the management of risk, specifically organisations should be focusing their time and effort on mitigating the risk of facilitating money laundering as opposed to focusing on AML risk. If organisations are focused on managing their money laundering risks, then the chance of meeting their AML compliance is high. 

“There is only 1 anti-money laundering risk that is the risk of non-compliance. If you focus on managing your AML risk you run a very real risk of not meeting or addressing your money laundering risks. On the flipside if you manage your money laundering risk you have a pretty good chance of managing your AML risk.”

Neil Jeans, Principal Consultant at Initialism 


Adapting your risk profile
 

Risk assessments aren’t set and forget. 
As the environment and risks change so should your risk assessment. 

In addition to identifying your risk, adapting and regularly reviewing your risks and risk profile is critical to ensuring you are staying on top of your compliance requirements. Reporting entities with systems and tools in place will often see suspicious activity long before AUSTRAC sees and identifies the risk for the industry.  

“Don’t wait for AUSTRAC to tell you about the shiny new risk, make sure if you see something, you respond to it. Develop, Respond and Mitigate it; and submit your SARs to AUSTRAC.” 

Dr Nathan Newman, National Manager, Regulatory Operations, AUSTRAC
 


In a changing environment it is 
important to understand how
 you intend to identify new suspicious activity, what rules you have in place to pick up this activity and a program to update, adjust and implement rules to pick up the changes in customer behaviour. 

In our recent webinar, we spoke with Ian Walker, Head of Financial Crime at Skipton Building Society about how to Optimise your AML Programme in times of ChangeIn the webinar Walker discussed how the pandemic influenced changes in customer behaviour, and how Skipton responded to those changes through the implementation of additional rules in their transaction monitoring programme. In the same webinar Colin Dixon, CAMS, Senior Product Manager at Jade ThirdEye provided tips and key actions you can take to address the rules within your transaction monitoring programme. 

Watchlists

Another example around risk that Newman discussed was the disparity around PEPs. Newman highlights that AUSTRAC are seeing up to a quarter of entities in certain sectors reporting that they are not undertaking PEP checks. With the appropriate tools and systems in place, automatically screening customers against the Refinitiv World-Check or Dow Jones Risk and Compliance watchlists for reliable, ongoing customer due-diligence should be easy. Transaction monitoring tools such as Jade ThirdEye have built in integrations with watchlist providers, and integration and automation is a consideration you should include when reviewing your tools and processes.

Implementation and a Culture of Compliance 

Organisations need to know what their implementation plan is and understand where they are in their implementation, operations, and controls.  

Dr Newman and Jeans both discussed the importance of building a culture of compliance within organisations. Specifically ensuring that you have governance in place – the systems, policies, processes, and procedures that ensure appropriate decision making; ensuring that there is accountability, a responsibility for decision making and accepting the consequences of that decision; and assurance, the confidence and confirmation that you have done what you need to. 

“Senior management and boards need to be fully engaged, and not just waiting for the information to be presented but be proactively engaging.” 

Dr Nathan Newman, National Manager, Regulatory Operations, AUSTRAC
 


Whilst Dr Newman
, acknowledges that engagement from the senior management and board levels may not be within your control, it is important to influence and advocate. Last year we provided some ideas for growing a compliance culture; such as working closely with supervisors and authorities to provide feedback, it’s rare for the results of SARs to be shared so understanding the impact is a great motivator, and championing compliance across the organisation is also key and can be done through lunch and learn sessions. 

Jeans is also seeing organisations who have invested significant amounts of money in AML/CTF measures but still find it difficult to comply, “…we have senior management being held to account across many, many jurisdictions for AML/CTF Compliance”. When these issues come to light, it is an optimal time to both identify and address the underlying causes. Is there complexity in the requirements, in the business, in the financial infrastructure, or perhaps in all three that is making compliance challenging? It is highly important to understand what is causing your compliance issues and whether it is isolated or a range of interconnected issues.  

Additionally, understanding the issue/s is only the first part, remediation and resolution is critically important. It is important to ask the question; do we have the ability to resolve and remediate internally, or do we need to draw on third party expertise? Engaging with the regulator clearly and accurately, ensuring you don’t assume knowledge is also important. AUSTRAC and other regulators are here to support and provide guidance around the legislation, so make sure to draw on their expertise. 

Legacy Systems and Technology 

Another point that was touched on repeatedly throughout the course of the conference was legacy systems and technology, especially for larger organisations with larger product portfolios and technology stacks. Being able to see a complete view of a customer is still problematic due to disparate systems and data not being documented in the right place, or in some cases, not being documented at all.  

In addition to legacy systems, as the industry becomes more fragmented, as we have seen within the payments sector, and as eco-systems become more commonplace, it is important to understand your place in the end-to-end ecosystem and the risk that is presented in your ecosystem as a whole. 

“…it’s not my risk that I need to be looking at in the next 12 months or 5 years, 7 or 10 years, it is going to be the risk that is presented by my ecosystem, by my partners, by my suppliers, and so forth, not just in the sense of the product offering or supply chain, but where the transaction is coming from, do I really understand the interface of the fintech and how that affects the downstream processes…” Irina Samoylova Kunces, CAMS, Founding Member and Board Director at Global GRC Alliance 


It's important to have engagement with all areas of the business to help reduce silos, enable better flows of information, and increase awareness of compliance requirements.
 

In part 3, we provide insights from the conference on driving effective AML/CTF programmes and outcomes. 


Find out how Jade ThirdEye can help you