FINTRAIL

A look forward: what does 2021 have in store for the anti-financial crime community?

2020 was a rollercoaster for us all, not least professionals in the anti-financial crime (AFC) space who had to deal with regulatory change continuing, and criminals upping their game and exploiting the pandemic in tragically ingenious ways.  You can read more about the impact of the global pandemic, and other key regulatory and typological developments in our lookback papers from our Europe, Middle East and Africa, and Asia Pacific teams.  But, let’s now take a moment to look ahead to 2021 and what we might expect to see as AFC practitioners over the year and what we plan to do as FINTRAIL. Normally, we shy away from predictions, but nothing could have been stranger than the reality that was 2020, so we thought we would give it a go!

Effectiveness and Outcomes-focussed Compliance

We’ve already started to see a shift in this direction in the AFC community, in both larger, traditional banks, as well as in the FinTech community as the pressure from regulators for firms to achieve good outcomes in financial crime prevention increases.  Even as far back as 2019, the then-interim Chief Executive of the UK’s Financial Conduct Authority noted: “One thing is already clear – we are moving from a narrower compliance with the rules, to a focus on delivering the outcomes we want for the users of financial services.” While not specific to anti-financial crime, it is clear that all financial services firms want good outcomes for their customers, particularly when it comes to preventing crime against them or involving them. 

What is likely to come this year, in our opinion, is a greater focus from regulators on how those outcomes are measured and therefore how confident a firm can be that its controls and AFC risk mitigants are indeed effective at tackling financial crime. Presently, measuring effectiveness can be challenging and is often unsystematic, relying on annual Money Laundering Reporting Officer (MLRO) reports that pull together proxy measures of effectiveness from a wide range of sources, which is manual, time consuming and potentially error prone if the data is not tracked on a more regular basis, and unusual findings pulled out and scrutinised. Using technology to address this problem in the future is at the heart of the solution. In our view, not only will an outcomes focussed approach increase the relevance of reporting that AFC provides to its senior leadership teams - as it will be able to demonstrate clear Key Performance Indicators (KPIs) and markers of improvement over time - it will also drive positive developments in AFC controls by helping to understand better whether those controls are working to actively reduce crime and illicit funds flowing through the financial services ecosystem. 

So what are we doing about this at FINTRAIL to ensure our clients adjust to the shift in focus? Our immediate response is to embed ‘effectiveness’ into all of our service offerings in 2021 from advisory to assurance; our consultancy teams are putting it at the heart of everything they do for our clients.

Secondly, FINTRAIL is now an investor in Cable.tech that is headed by the fantastic Natasha Vernier and Katie Savitz who both bring great pedigrees from the likes of Monzo and Square. Cable is focused on finding a technical solution to the challenge of AFC effectiveness. We are super excited by what the team there is building and are sure as 2021 progresses they will be taking the industry by storm. 

Increasing specialisation in AFC Compliance

A few years ago and anecdotally at FINTRAIL, we noticed a shift from quite siloed AFC teams with specific areas of focus across the different crime types (e.g. Head of Fraud), to a more homogenous AFC team structure with experts in a number of areas working together and collaborating. A particularly notable change in some organisations was the inclusion of Fraud teams into wider AFC compliance teams, where Fraud had sometimes more traditionally been placed alongside operations or in security and cyber security teams.  This flatter approach was especially popular in newly established AFC teams in startups and FinTechs. 

Our prediction for 2021 is that we are going to see an increasing specialisation of AFC compliance professionals in the product areas that they oversee and risk manage. For example, Fintech AFC compliance officers might well be broken down further into payments AFC specialists, Foreign Exchange (FX) AFC specialists and Banking as a Service (BaaS) AFC specialists. These specialist product skills will help AFC officers really pinpoint the risks their firm’s products are facing and thereby design more nuanced controls to manage those risks.

As such, it seems increasingly likely that these skills will be required by FinTech firms when recruiting and that candidates coming from more generalist backgrounds will need to demonstrate additional competencies in order to compete with the more specialist compliance officers out there. 

We have responded to this development and the growing, critical need for certified qualification in the FinTech industry by partnering with ACAMS to offer the Certified AML FinTech Compliance Associate (CAFCA) qualification and examination. This sets a new standard for the global FinTech industry and brings credibility and parity to an industry that has historically faced questions about competence. As our colleague Kate Hotten put it “It's for FinTechs, but it's so much more: it explores how scale, inclusion, new financial models and technical skills impact how we work in AML. We really worked hard to make sure this wasn't the same old AML blah-blah.”

Wellbeing is critical

2020 gave us all time to reflect on what wellbeing really meant to us as individuals, and firms are starting to do more to ensure that their staff are engaged, resilient and are looking after their physical and mental health. Not only is doing so beneficial for the employees involved, but it also has proven and wide ranging benefits on productivity, employee retention and engagement, inter alia. Staff in AFC teams are no exception to this, and in these roles especially dealing with the negative sides of society that we see when we investigate some pretty horrendous crimes, wellbeing should be prioritised.  Further, the sometimes relentless pressure - whether it’s from criminals breaching your perimeter controls to the more generalised stress of working in a regulated industry - can take its toll, and mental health and wellbeing should be taken seriously. Plus, with crime continuing to increase during the pandemic, this focus has never been more needed. And, just because we are working remotely doesn’t mean that wellbeing can be discounted, in fact it’s just the opposite.

At FINTRAIL, we are proud to offer the services of app-based therapy provider, Spill to our colleagues, and are also looking forward to exploring some more bespoke options with Your Virtual Wellbeing Hub, a research-backed one-stop-shop for employers looking to introduce, add to, or kick-start their employee wellbeing offering. We hope that these efforts will make sure that our team’s wellbeing is central to our company ethos.

For the wider FinTech FinCrime Exchange (FFE) community, we are excited to be offering a series of free, donation-based yoga classes from March onwards to help our members disconnect from their day jobs and find that all important “me” time, making them even better crime fighters.


So, whether you are looking to hone your compliance skills, take some time out for yourself from a busy day or are looking at how to revitalize your compliance programme over the next year, we hope you’ve enjoyed reading this piece, and if you would like to contact us about any of the topics raised in this article, or about any other anti-financial crime compliance needs, please reach out at contact@fintrail.co.uk

Goodbye 2020: Highlights of the year from the Europe team

Regulatory Changes

Throughout 2020, the financial sector saw a number of changes - including regulatory change. Whilst the year had its fair share of bad press around the adoption of regulation, there were also a number of positives to come out of 2020.  The implementation of the Fifth Anti-Money Laundering Directive (5AMLD) at the start of the year and the newly updated UK National Risk Assessment were long awaited updates that will help to drive positive change within the financial sector and beyond.   

Fifth Anti-Money Laundering Directive 

The 5AMLD came into force on January 10th 2020. The directive brought a number of changes, which now applied to firms that were previously unregulated. The 5AMLD now covers cryptocurrency firms, high value dealers (anything over 10,000 euro), and estate agencies. In 2020, cryptocurrency firms started to bolster and refine their anti-financial crime frameworks  - a sure result of 5AMLD.  

UK National Risk Assessment

Towards the end of the year the UK released it’s 2020 National Risk Assessment - an update on the 2017 Risk Assessment. The changes (highlighted in our December 2020 RegCap) included a number of increased risk levels for some specific industries such as property and trust/company service providers. The assessment also included initial ratings of newly regulated sectors such as estate agents. No areas saw their risk levels lowered, either for money laundering or terrorist financing. 

FINTRAIL Projects: Europe

Whilst the year wasn’t quite as many had planned, we at FINTRAIL continued to work with our global client base to deliver the best of anti-financial crime consultancy. The year saw us work on a number of different projects, from risk assessments to creating due diligence policies. Two areas that increased in popularity this year were audits and training. 

Audits often get a bad reputation. They are a regulatory requirement and often seen as a burden. However, these can be extremely useful tools and help to shape and prioritise the year ahead for your anti-financial crime function. We conducted several audits in 2020, from a crypto firm’s first audit to working with a challenger bank who is well versed in the audit process. 

Firms have also looked to either increase their knowledge or change the way they are learning and conducting training. Despite the challenges of working from home, FINTRAIL delivered bespoke, specialist training - albeit from behind a screen. This appetite for training stretched across most companies with an increase in requests for training of more junior members of staff as well as the more senior compliance employees. RegTechs also requested training in 2020, to ensure their sales teams were attuned to the latest regulations; understand where their product fits into their potential clients’ lives; and were aware of the problems it solves. Alongside RegTech partners, our clients within the training space in 2020 included challenger banks, crypto firms and law enforcement agencies to name a few. This trend for increased training is likely to continue into 2021.

Another highlight of the year was conducting work in the investigations space. One particularly interesting project included a due diligence review and evaluation of the specific risks posed by a particularly high-risk client. FINTRAIL also assessed the current control measures in place and offered suggestions for enhancements to the financial crime control framework to mitigate the risk further. 

Part of  2020 was also spent leading a major transformation project within a bank's anti-financial crime function. This large scale project was great to work on, as it involved delivering various pieces of work from an enterprise wide risk assessment to customer due diligence policies, right the way through to the training programme for its employees. FINTRAIL successfully helped to shape a more effective compliance framework for the bank, entirely through remote delivery.  

Looking to the future

Entering into 2021, we look forward to working with our existing and any new clients that the year may bring. There are already early signs that the year could be an eventful one, with rapidly changing crypto regulation through to Brexit finally being realised. 2021 is sure to bring its challenges - and opportunities.


Getting tough in 2020: Lessons learned from a landmark year of AML fines in APAC

APAC has overtaken the US in terms of the value of enforcement actions for the first time since 2015 with regulators imposing approximately USD 5.1 billion in fines for AML and KYC violations in 2020.¹ This is a result of two landmark fines imposed against Goldman Sachs for its involvement in 1Malaysia Development Berhad (1MBD) and Australian bank Westpac for its money laundering scandal with links to serious crimes. As a result of this landmark year for penalties, what are some of the key high level takeaways for APAC and how can financial institutions prevent these occurrences happening in future? 

Back to Basics

The material failures of Goldman Sachs and Westpac highlight that there is a need for financial institutions to go back to the very basics in understanding the underlying reasons for AML laws and why financial crime controls and oversight is so important. So often financial institutions approach financial crime compliance with a checklist attitude failing to understand the complex and evolving nature of financial crime risk, as well as forgetting the human impact of the underlying predicate crimes of money laundering. After the material failings of this year, compliance professionals, senior members of staff and board members should pause to reflect and ask themselves why AML and KYC controls are so critical in not only mitigating money laundering risk but also in preventing harm to the victims of financial crime. 

Both landmark cases of 2020 highlight there were significant failings of financial institutions in performing adequate customer due diligence. In the case of Goldman Sachs, the initial red flags identified in regards to the source of wealth and suitability of Malaysian businessman Jho Low as a private banking customer were allegedly dismissed by the deals team and business was actively pursued with Jho Low and his associates indirectly through the three 1MDB bonds held with Goldman Sachs. Whilst the wrongful actions of the deals team highlight a fundamental cultural concern within the bank, the fact that Goldman’s ongoing monitoring and due diligence controls do not identify the ongoing connection between the 1MDB bond transactions and Jho Low is also an area of concern. This ability to circumvent controls by the deals team as well as failures in the ongoing monitoring of customers and transactions highlight several lessons for financial institutions:

  • Due diligence is by no means a one time event. It should be conducted at the start of a relationship but also holistically and throughout all relationships.

  • All business decisions should be recorded in sufficient detail and accessible to all business areas. If at any point the relationship is terminated or declined a clear rationale should be recorded in the customers due diligence records and used as intelligence for ongoing monitoring activity.

  • Deliberate dismissal of financial crime red flags for the purpose of lucrative and unsavory business or the personal gain of employees may exist and there must be adequate internal controls and oversight to mitigate this type of behavior

Similarly, the Westpac scandal in which Westpac has admitted to “breaking the law by failing to monitor whether a dozen customers were making transactions consistent with child exploitation” also touches upon the importance of ongoing customer due diligence and monitoring.² Allegedly it was known to the bank that a customer had an existing conviction for child exploitation offences and was one of many customers sending funds to the Philippines where child exploitation is a serious concern. AUSTRAC have identified this as a failure to carry out appropriate customer due diligence in relation to suspicious transactions associated with possible child exploitation cases. Here we can learn that:

  • Customer risk evolves and ongoing monitoring solutions should be robust enough to detect and monitor any changes to customer behavior or suspicious activity, particularly those customers and transactions that are considered higher risk. 

  • AML professionals should be regularly trained on current and evolving money laundering typologies by regions, products, service offerings, customers types etc. Criminal groups and those responsible for laundering money are getting smarter. It is therefore important for transaction monitoring systems to stay relevant but also for the individuals monitoring the alerts. 

Financial Crime Compliance is everyone’s responsibility 

In this increasingly competitive climate with traditional banks losing footing to digital and neo-banks, the reputational damage and hefty fines as a result of AML/CTF breaches is no longer something banks can take lightly. As such, financial crime compliance should be at the forefront of everyone’s agenda across the business including at the most senior levels. The Goldman Sachs scandal showcases how the siloed approach between the sales team, senior management and the compliance function lead to information slipping between the cracks, and exposing Goldman to bribery and corruption. 

The due diligence failings relating to Jho Low provides one example of how a siloed approach to KYC allowed the sales team to circumvent controls and onboard Jho Low as an indirect customer via the 1MDB bonds. Similarly, allegations surrounding bribery in relation to the 1MDB transactions were allegedly known to Goldman, in which the Malaysian unit admitted to “knowingly and willing” paying bribes to foreign officials.³ These red flags were allegedly ignored by the relevant personnel instead of alerting higher-ups to problems with the bonds. Chief Executive, David Solomon, highlighted that ‘while many good people worked on these transactions and tried to do the right thing, we recognise that we did not adequately address red flags and scrutinise the representations of certain members of the deal team”. The 1MDB investigation highlights there was a problem with the corporate culture in the Malaysian division which looked to emphasize revenue and sales over honest business and compliance. 

Similarly, following the findings of AUSTRAC’s investigation and the headlines linking Westpac to child exploitation, Westpac’s Senior Management and Board of Directors have openly discussed and committed to address the concerns of its corporate culture and governance and accountability frameworks and practices, admitting that Westpac has “been focused on finding individuals to blame for problems when they arose rather than addressing systemic issues”⁴. According to Westpac, it follows the three lines of defence model to detect and combat risk, however, has admitted that this is not ‘consistently understood and embedded’ in the bank meaning that roles, responsibilities and accountabilities are often misunderstood and have allowed some things to fall through the cracks⁵. 

How can cultural and structural issues within a financial institution be addressed? Consider the following: 

  • Compliance is everyone’s job. Even within the sales team compliance should be at the forefront of the business agenda, ensuring that business is conducted honestly and transparently. Compliance should not be seen as a barrier to business but as a tool for the acquisition of good business to help achieve the firm's commercial and strategic objectives. 

  • A positive compliance culture lays the foundation for an effective AML/CFT framework. When talking about culture, this should include active engagement from the firm's leadership in terms of setting the ‘tone from the top,’ effectively integrating AML/CTF controls in business as usual and encouraging a healthy reward system where reward behaviour supports a positive AML culture

  • Allegations of bribery or misconduct should be taken seriously. Financial institutions should have in place suitable reporting and escalation policies and procedures to ensure red flags and concerns are identified and responded to by senior management where appropriate.

  • Financial institutions should ensure that their staff are aware of, and trained on, the escalation policies and procedures on a regular basis. 

  • A speak up culture should be encouraged, where no issue or concern is too small or unimportant. But most importantly, any concern should be addressed appropriately and by the relevant personnel. 

  • Roles and responsibilities should be clearly defined and understood in order to rapidly identify, prioritise, escalate and remediate issues.

Slipping through the cracks

Since the 1MDB scandal broke in 2016, a series of events have unfolded throughout the US, Switzerland, Malaysia, Singapore, Hong Kong and the UK. Central to the scheme were several senior Goldman bankers that managed to circumvent financial crime controls in place to siphon off approximately USD2.7 billion from 1MDB for their own personal gain as well as to pay a series of bribes to foreign officials. 

The Goldman case is notorious as not only was there criminal conduct by a number of Goldman executives but as we have seen there were a number of red flags from the onset and throughout the 1MDB relationship that were raised over the years that should have allowed Goldman Sachs to either identify misconduct and follow up on it or stop it altogether. Essentially the accumulation of letting things ‘fall through the cracks’ allowed for billions of dollars being laundered and stolen from the Malaysian people.

The series of failings linked to the 1MDB transactions highlight ineffective oversight of the internal money laundering controls at Goldman and also demonstrate a number of key takeaways: 

  • Documentation, record keeping and following up are so important. All decisions, rationales, investigations or resolutions made should be appropriately documented which will ensure that any risk is assessed and addressed at a point in time.

  • Corporate compliance programmes are not only adequate on paper, but companies need to ensure that they are adequately resourced, functioning properly, tested and that they can actually identify, stop and mitigate the type of conduct that lead to criminal charges.

  • Escalate, escalate, escalate. Where there is a concern escalate this through the relevant pathways and discuss these issues in a risk and compliance setting with individuals from the business and the compliance functions. 

  • Ensure there are appropriate measures in place to undergo “four eye” checks or reviews prior to opening or closing accounts, particularly high risk accounts, associated PEP accounts or accounts with any financial crime concerns. 

With this milestone year for APAC in terms of regulatory enforcement action, there are critical lessons that all financial institutions should take away to prevent being subject to hefty fines and reputational damage in future. Whether this is by encouraging firms to go back to the basics, pausing to reflect on the importance of a financial crime framework, ensuring that compliance is everyone’s responsibility or maintaining a robust control framework that is adequately tested to ensure nothing slips through the cracks, these are fundamental activities that financial institutions should undertake to protect the financial system and any victims from the perpetrators of financial crime.  

FINTRAIL in 2020

2020 was a challenging but exciting year for FINTRAIL in Asia. We further consolidated our presence in this region by working with a number of new clients on health checks, policy and procedure drafting, risk assessments and license preparation and application. We also continued to facilitate knowledge sharing within the FinTech community by taking our FFE meetings online. As demand for our services grew, we added to our team - we welcomed Sara in December who combines her industry experience working in financial crime operations for a range of financial institutions including private and investment banking and global payments services with expertise in agile project delivery. We have plenty in the pipeline for 2021 which promises to be our best year yet. 


If you would like to contact us about any of the topics raised in this article, or about your financial crime compliance needs in the APAC region, please contact payal.patel@fintrail.co.uk or sara.abbasi@fintrail.co.uk

¹Fenergo AML, KYC and Sanctions Fines for Global Financial Institutions reach 5.6 billion mid year
²
Westpac admits it broke law over customers' transactions allegedly linked to child exploitation
³
Goldman Sachs to pay $3bn over 1MDB corruption scandal
Westpac admits it has failed to fix culture that contributed to money-laundering scandal
⁵Westpac admits it has failed to fix culture that contributed to money-laundering scandal

Case Study: Digitisation Support

Designing Financial Crime Compliance Programme for Africa-Focused Digital Product

A case study of how FINTRAIL helped an international banking group launch a new digital product, by designing an innovative, tech-focused financial crime compliance programme.

See how FINTRAIL designed bespoke policies and procedures, processes for customer onboarding and ongoing monitoring, to ensure full regulatory compliance, effective risk mitigation, and great customer experience.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk