In part 1 of the series we discussed the current landscape and threat environment, which included the maturing of the regime and the understanding across the industry about their obligations. At this point obligations should be a normal part of a businesses operating rhythm. We explored the changing threat environment and how the pandemic has led to increased stockpiling of cash, bulk cash transports, and a prevalence of cyber enabled crime such as fraud, scams and the exploitation of children. We also touched on what the industry is seeing on the regulatory side, including the trend towards public enquiries and supervisors diving deep into particular sectors and heavily scrutinising each organisation when they find issues.
In part 2 we dug deeper and reviewed the compliance challenges that were discussed at the ACAMS Australasia Conference which included identifying risk, ensuring you are managing your money-laundering risks, adapting your risk profile, watchlist screening, a culture of compliance and legacy systems and technology.
To close the series, we’ll discuss insights on driving effective AML/CTF programmes and outcomes.
Driving Effective AML/CTF Programmes and Outcomes
A panel discussion led by Aub Champman, Co-Chair at ACAMS Australasian Chapter, Christopher Faherty, Head of Compliance at TSB New Zealand, Cassandra Hewitt, Group Head of Financial Crime, Group Money Laundering Reporting Officer at ANZ, and Martin Ivanov, Global Financial Crime Officer at Westpac discussed driving effective AML/CTF programmes and outcomes.
When asked about the attributes of an effective programme, Hewitt discussed three key attributes which included providing for compliance, the importance of your risk assessment and ensuring that it isn’t “set and forget”, and lastly ensuring that you are providing timely and accurate information to law enforcement so that they can use that information to detect or disrupt financial crime. Ivanov agreed with Hewitt, adding that technical compliance needs to be in place to comply with obligations. However, in his point of view, it is key to start to think about prevention and disruption to financial crime as being the ultimate objective.
Ensuring that you have the right foundations in place will enable you to start thinking about prevention and disruption, and the keys to establishing your foundations lie in understanding what manual or routine processes you have in place and looking to automate them, and investing in suitable tools, systems, and technology.
Having experienced the regulatory enforcement in the US from 2000 – 2010, Faherty observed that the root causes of regulatory enforcement most commonly is a lack of clear decision making and accountability. Ensuring that you have clear roles and responsibilities and escalation path to ensure appropriate management of incidents, whether they be operational or compliance incidents.
Having your governance and good platforms and technology in place to help you manage, report and escalate risk is important, it is also critically important that you understand your data in terms of data lineage and data quality; “…it’s not just the quality of data, but how you use the data to run your controls.” Martin Ivanov, Global Financial Crime Officer at Westpac. As the use of emerging technology grows so too does the need to understand your data and have a strong data foundation first.
“It's going to have a huge impact on your risk management and without that understanding and foundation, it becomes risky to use such technologies because they rely completely on data, right? Artificial intelligence is using the data that you have to understand and then crunch it using an algorithm to make better decisions. And, without that strong foundation, it's the saying garbage in garbage out.” Christopher Faherty, Head of Compliance at TSB New Zealand
In addition to understanding your data and data lineage, it is vitally important to understand how your tools and systems work and for auditing purposes, be able to demonstrate this. In our Jade Thirdeye Spotlight on AML podcast Martin Dilly, CAMS-Audit, Co-Chair, ACAMS Australasian Chapter spoke on AML Programme Audits, Independent Reviews, and Assurance. In the podcast Martin discusses several areas that reporting entities with automation tools should be thinking about to demonstrate their systems are working as intended. Some of the key areas included, supporting reasoning behind the rule and parameters you have set up in your transaction monitoring programme, demonstrating system assurance through the illustration of the reasons or steps behind the confidence they have in their data, data integrity including being able to demonstrate that your data is accurate, and being able to map the flow of information.
When asked about how emerging technology might be used Hewitt discussed using artificial intelligence to help them with data governance and decision making, using big data and data analytics to connect the dots and uncover networks, machine learning to help prioritise the alerts they should be prioritising, and helping them to triage for their large investigations teams, natural language processing to look through comments and files, and robotic process automation to help automate more tasks that can be automated. Not because they want to release human capital, but to be able to give the business back insights, improve the programme, and focus resources on new threats and complex investigations.
Key Takeaways and Tips
From our point of view, the key takeaways from the conference for all reporting entities in the Australasian region includes;
- 1. Take note of the regulatory space – regulators have moved from education to enforcement and public enquiries to have a faster impact on law reforms
- 2. Understand, monitor and evolve your AML/CFT programme regularly based on new and emerging threats
- 3. Ensure you understand your organisations unique risk profile and put in place appropriate strategies to mitigate and manage the risks
- 4. Understand how to identify new suspicious activity, and ensuring you understand how your AML/CTF Programme is built is critical
- 5. Make sure you know the rules you have in place to pick up suspicious activity and then how to adjust and implement new rules to pick up the changes in customer behaviour
- 6. Watchlist Screening is essential to compliance with the regime
- 7. Implement a culture of compliance – ensure you have governance in place, take your organisation on the compliance journey with you so that everyone is onboard
- 8. Understand your organisation’s technology landscape – where are the gaps, what systems are talking to each other, which systems aren’t.
- 9. What is your place in the end-to-end ecosystem? Understanding your place in the ecosystem and the risk that is presented in your ecosystem as a whole will be an upcoming challenge, but will also be key to understanding how you can comply
- 10. Data is the foundation of technology – ensure your data foundations are solid, otherwise investments in emerging technology will not give you the desired impact
Jade ThirdEye was thrilled to be a part of the inaugural ACAMS Australasia Conference and we look forward to taking part in future industry events and forums as a key partner in the fight against financial crime.