As the anti-money laundering (AML) regulatory landscape continues to evolve and new regulations crop up, regulators are talking to the private sector more frequently and everyone is embracing IT as never before in the fight against financial crime.

These changes will shape the ways in which financial institutions all over the world meet their obligations to comply with AML laws over the next twelve months. Those institutions are also faced with a volatile sanctions regulation landscape that presents its own problems. In this article we look at some of the big alterations that are occurring in AML regulations all over the globe and the benefits of sanction-screening IT to banks that want to traverse these murky waters.

What’s new in money-laundering control?

In North America, the US National Defence Authorisation Act for the Fiscal Year of 2021 is now on the statute book. Attached to it are the Anti-Money Laundering Act 2020 and, within that AML Act, the Corporate Transparency Act. These are supposed to be the biggest things since the USA PATRIOT Act 2001 in the fight against financial crime. Their aims include the stopping of terrorism and corruption and the prevention of money-laundering activities.

In reality, it will take a few years of studies, reports and reviews, as well as regulatory updates, for them to take full effect. Regulators will also have to revise their exam processes and will consult financial institutions. In short, we ought to expect to see much smoke in 2021 but no fire yet. Financial institutions will have time to alter their AML programmes, although of course fortune favours the prepared, so by all means they should be planning for these changes.

In Latin America, regulatory bodies are also making efforts to combat money laundering, corruption, and organised crime. A combination of shrinking budgets, understaffed agencies and the economic impact of the Coronavirus pandemic are creating a good environment for financial crime.

In the USA, the corporate transparency laws to be found in the aforementioned AML Act are unlikely to force companies to make changes (with any pressure that is) until at least 2022. Financial institutions should expect targeted US sanctions to continue in the region to fulfil the US Treasury’s 2020 National Strategy for Combating Terrorist and Other Illicit Financing. The Treasury wants to combat terrorist financing, illegal drug-related activities and human trafficking.

Moving on to EMEA

The United Kingdom has gone "back to the future" with its exit from the European Union and its Sanctions and Anti-Money Laundering Act 2018 has gone into effect. Anyone who manages screening processes at his institution therefore has to add another list to his collection. The Office of Financial Sanctions Implementation's (OFSI's) already-busy workload will increase. British organisations are probably about to notice an uptick in alerts as they screen (and re-screen) listed parties. This means that they should look once again at their appetites for risk and make changes accordingly. Because this is a big task that will require a heavier flow of activity, automation is bound to be of vital help here.

Meanwhile, the EU’s Sixth Anti-Money Laundering Directive (6AMLD) has come into effect. EU countries have until 3rd June to enshrine the new directive in their laws. If recent history is anything to go by, most of them will not meet that date. However, predicate crimes, punishments for “aiding and abetting,” some more criminal liability and stricter punishments are certainly on the horizon, so organisations should do something to comply now or they could be in for some very uncomfortable conversations with law enforcers and regulatory agencies.

And for fans of the “if at first, you don’t succeed, bury them in more paperwork and regulatory bodies” mantra, the European Union is creating a bloc-wide “regulator of regulators” to oversee a purported “stronger,” “harmonised,” and “integrated” AML effort. It wants to build a supervisor which works with national Financial Intelligence Units (FIUs) and regulators but which can also supersede their authority if it sees fit. If this sounds too good to be true, read the Action Plan.

In the Middle East, we can expect the United Arab Emirates (UAE) to continue to revamp its AML/CFT laws to plug the gaps that the Financial Action Task Force (FATF) has identified. The UAE is in the process of opening up its markets to foreign competition and implementing new regulations to support the development of digital payments and to help regulators oversee stored value facilities. Saudi Arabia and other countries in the region are exploring digital payments and even the idea of a central-bank digital currency to facilitate the settlement of payments. Regulatory reforms and digital developments will continue to evolve in 2021.

Over in East Asia, the ink was barely dry on Singapore's Payment Services Act when the government introduced a Bill to amend it. This fresh legislation is intended to align existing payment service regulations with recent AML guidance – particularly in the case of virtual asset service providers (VASPs) and digital payment tokens (DPTs) – and regulate additional cross-border money transfer services. Remitters, VASPs and DPT service providers would do well to pay attention.

The Monetary Authority of Singapore (MAS) is likely to continue to try to establish itself as a world leader in FinTech innovation and collaboration with other regulators. Having concluded its 2020 Global FinTech Innovation Challenge, the MAS is collaborating more closely with the private sector and other nations. Its embracing of digitisation and the digital economy is likely to continue. In addition, the digital bank license distribution, coupled with a willingness to innovate and talk to the public, will invite additional applicants and a continued discussion on risk and control frameworks at these institutions. Expect a further discussion on how technology can be deployed in the 2nd and 3rd lines of defence more effectively soon.

To the southeast, Australia's Anti-Money Laundering and Counter-Terrorism Financing and Other Legislation Amendment Act 2020 received Royal Assent in mid-December. This incremental reform was a response to a critical report from the Financial Action Task Force. The provisions resulting from the Act are to commence in a staggered fashion throughout 2021 and 2022, the main areas being know-your-customer controls or "customer due diligence," correspondent banking, information secrecy and cross-border money movements.

The sanctions landscape and how to prepare

Sanctions are a big part of AML-related regulatory policy, as we have seen. Financial institutions that screen their prospective customers (and existing customers) against sanction watchlists can often feel as though they are operating in the dark – with high penalties in the offing if they go wrong. Regulators all over the globe fined banks more than US$14 billion last year for a variety of transgressions, including failures to observe sanctions and bad AML controls. US financial institutions alone accounted for more than $11 billion-worth of fines, or nearly three-quarters of all the fines that all regulators imposed.

If we want to avoid these costly pitfalls, it is important for financial institutions to know why the landscape is so complicated and work out what they can do to make it easier for themselves to comply and avoid costly missteps.

The sanctions landscape is continuously in flux

Governments and political entities frequently issue sanctions as a foreign-policy tactic against a wide range of targets, including individuals, businesses, organisations, banks and government agencies. They issue and remove sanctions constantly, updating their watchlists often. Shifting political developments (such as Brexit and the sanctions and the once-repealed, once-reinstated Anti-Money Laundering Act 2018) can also have a domino effect, creating fresh lists that must be reviewed, updated and monitored.

Adding another layer of complexity stems from the fact that there are numerous government agencies and political bodies all over the world – including the United Nations, the European Union (EU) and the Office of Foreign Assets Controls (OFAC) – that can issue sanctions against a wide range of targets. Hundreds of organisations in many regions therefore have to update their watchlists quickly.

The best solution to this is for financial institutions to build or buy sanctions-screening IT that includes watchlist management (WLM) functions that update relevant data automatically instead of relying on manual updates by human personnel. Operations and control functions can ensure that they are set up to absorb change and are prepared to pivot as required.

Sanctions screening is complicated!

The job of keeping tabs on individuals, businesses and entities that are on sanctions lists represents but one layer of complexity in the workflow of sanctions screening. The job of monitoring 'adjacent' people who are connected to the ones on the lists represents another layer.

Financial institutions need to keep an eye out for politically exposed persons (PEP) as part of the screening process. PEPs might not be sanctioned directly but they can work with (or be associated closely with) people and entities on sanction watchlists. PEPs are more likely to facilitate money laundering and other financial crimes because they might be called upon to move money at the behest of sanctioned individuals. They are also more susceptible to corruption because they have access to, and can influence, certain activities. As new payment options such as cryptocurrencies become used more widely, financial institutions ought to stay abreast of the ways in which people are using these funds and the ways in which sanction rules come into effect.

Staying in tune with regulatory 'expectations' is one way of staying on the right side of sanction rules. Every regulators probably has a set of expectations about the type of business that a bank can conduct and with whom. With this in mind, the bank should consider working with people who are experienced in the field of sanctions compliance and who can guide it through new problems. As part of this, it should ensure that service-level agreements (SLAs) do not compromise its efforts to meet its regulatory commitments.

It ought, therefore, to keep its lines of communication with regulators open and initiate dialogue on its own initiative. This ought to help it understand its sanctions-related obligations and see how the landscape may be shifting. Thus can it plan ahead and embed new or updated requirements in its workflows. It must anticipate new sanction-related rules as well.

Unknowingly facilitating

It is not, however, enough to understand regulatory requirements and to adjust operations accordingly. The organisation must be proactive in assessing risks to ensure that it is not unwittingly facilitating or aiding any sanctioned activities.

All organisations want to increase their revenue and their operations but in the minefield of sanctions it is not a good idea to chase dollars blindly. This can have far-reaching consequences if a company is found to have helped a sanctioned entity, individual or PEP to commit a crime or avoid the full glare of its screening processes.

Strong, proactive and regular risk assessments always identify ways in which bad people (or affiliates) can abuse a bank's products or services in the interests of crime. They can act as a guardrail that helps an organisation to obey sanctions by understanding all the relevant parties to transactions. It can keep control of its operations by reviewing products in its inventory and scrutinising its own activity. The key here is for it to understand the ways in which people can use products or new features on offer to help sanctioned entities or facilitate financial crime.

Rules are often unclear, but consequences can be heavy

Conflicting communications only add to the headaches that an organisations sanctions-screening people endure. If an organisation is headquartered in the United States with operations in a potentially highly risky jurisdiction, the regulators could tell it that it is not allowed to conduct business with certain sanctioned entities in that jurisdiction. That jurisdiction may have its own regulators who take a contrary stance.

Although the rules are confusing, the consequences can be severe – and not just because of the fines. Regulations are in place to stop illegal activities and prevent real criminals and terrorist groups from inflicting suffering on real human beings. When organisations are found to have been facilitating illegal arms deals, financing terrorists, laundering money for criminals or helping human trafficking rings, the damage to their reputations is devastating.

The best way to offset the risks inherent in sanctions compliance is to embrace IT that takes full account of the confusing and chaotic sanctions landscape. Organisations should take stock of the jurisdictions in which they offer their products and the areas in which they operate. Then, they ought to consider these jurisdictions and the governmental watchlists associated with them when setting up their screening policies. They can use sanctions screening systems to understand existing sanctions, review numerous watchlists and work out how existing sanctions affect their operations. These pieces of software can also peel back the layers of ownership of parties involved in a transaction to reveal whether the organisation is at risk of doing business with highly risky entities.

Now is the time for organisations to review their AML programmes and take the necessary steps to address these slight, but important, changes in expectations. Whether it is through hiring, putting processes in place or making technological changes, it is time for them to make battle plans. Technology has the power to make one of the most cloudy areas of AML regulation – sanctions screening – more efficient, transparent, and thorough. Though there would appear to be some time in which banks can put their houses fully in order, they ought to take small steps towards the larger goal as soon as possible.