The financial sector is dogged by crime with money laundering figures providing a stark warning to the industry. The United Nations estimates that the annual amount of money laundered globally is 2 - 5% of global GDP, or $800 billion - $2 trillion US dollars.
Anti-Money Laundering (AML) regulations to respond to this increased fraud risk have been updated in an attempt to modernize AML risk management. The landscape of compliance within the sector has never been more fluid. Geographies including the U.S. and EU are making changes to regulations to help industry fight off financial fraud. As the framework of the directives and laws changes, industry has to modify their compliance approach. Behind the regulation updates is the application of smart technologies such as machine learning and other artificial intelligence-based systems. By using technology to enhance AML checks and processes, the financial sector can keep on top of compliance and maintain great customer experiences.
Addressing the Requirements of AML
Regulatory updates in the last few years have placed an emphasis on financial organizations being able to monitor AML risk. In the European Union (EU) the Anti-Money Laundering Directive has been upgraded from the fourth (4AMLD) to the fifth (5AMLD). In the U.S. New York State’s NYSDFS Part 504 (final rule) places an emphasis on the use of technology for watchlist monitoring and sanction screening.
Below is a breakdown of the main changes of both the 5AMLD and the NYSDFS Part 504 (final rule). These changes reflect the move towards a more complicated cybercrime landscape, with heavy hints at a technological approach to managing this increased risk.
The NYSDFS Part 504 (final rule)
Effective January 1, 2017, the New York 504 “Final Rule” (NYSDFS part 504) sets out stringent conditions that apply to managing risk around money laundering. The rule is an extension to New York State’s Anti-Money Laundering (AML) regulation. However, it was brought in to reflect improvements in technology in the financial sector and other industries. The scope of the rule applies to any organization that falls under the wide remit of regulated financial companies.
The 504 rule requires annual certification for compliance and there are stringent requirements, at board level, to achieve certification.
Part 504.3 “Transaction Monitoring and Filtering Program Requirements.” of the regulation, accepts both a manual and automated approach to managing AML risk. However, the rule focuses on the quality of the monitoring outcome. The use of automation in the form of machine learning is likely to be a best practice for compliance with the 504 rule and with other similar AML regulation.
Financial cybercrime is at record levels, with losses expected to be in excess of $5 trillion by 2024 according to analysts at Juniper Research. Banks and other financial institutions are attempting to redress this by moving from a manual to a rules-based, smart, AML monitoring and screening.
Platforms based on machine learning offer real-time analytics, vital in spotting fraud quickly. Machine Learning, for example, is used in sanction screening with options such as “fuzzy matching” able to provide the automation referenced in the 504 rule, which states:
“technology used in this area may be based on automated tools that develop matching algorithms, such as those that use various forms of so‐called “fuzzy logic” and culture‐based name conventions to match names. This regulation does not mandate the use of any particular technology, only that the system or technology used must be reasonably designed to identify prohibited transaction”
The NYSDFS part 504 rule does not mandate any particular technology. However, the use of smarter, artificial intelligence-based solutions offers a way to meet the stringent requirements of the NYSDFS part 504.
The Fifth Anti-Money Laundering Directive (5AMLD)
Back in 2017, the New York 504 rule future-proofs AML monitoring and screening. In doing so, it seems to have set a precedent across the world. The EU recently made several key changes to its previous AML regulation, the Fourth Anti-Money Laundering Directive (4AMLD).
The now, Fifth Anti-Money Laundering Directive regulation (5AMLD), came into force on January 10, 2020. The law is an update to the Fourth Anti-Money Laundering Directive and reflects a number of changes in the financial landscape. This includes provision for new technologies to manage risk in a climate of changing consumer behavior, and to facilitate consumer expectations of seamless transactions. 5AMLD also brings the law in line with other regulatory updates.
The EU Commission makes this statement about the updated directive:
“amending the Fourth Anti-Money Laundering Directive, intends to complement the existing preventive legal framework in place in the Union, by setting out additional measures to better counter the financing of terrorism and to ensure increased transparency of financial transactions and legal entities.”
Whilst the scope of the 5AMLD is the European Union (EU) it has a much wider impact. The directive requires that all banks and any organization that handles financial transactions within the EU must meet the requirements in the 5AMLD.
In a statement, the EU set out the main new requisites/changes covered by the 5AMLD:
Enhance the powers of EU Financial Intelligence Units (FIU) and facilitating their increasing transparency on who really owns companies and trusts by establishing beneficial ownership registers
- This pulls virtual currencies (i.e. cryptocurrencies) within the scope of the directive for the first time. Importantly for AML, the directive enforces the registration of cryptocurrency services with financial authorities. 5AMLD also extends the powers to FIUs to request the personal details of cryptocurrency owners.
- High–value goods transactions, of over 10,000 euros, are subject to AML/CFT reporting obligations and Customer Due Diligence (CDD) measures during a transaction.
- EU states are required to make their Ultimate Beneficial Owner (UBO) lists inter-connected across countries and to strengthen their verification mechanisms.
Prevent risks associated with the use of virtual currencies for terrorist financing and limiting the use of prepaid cards
- See also additional powers of the FIU.
- Prepaid cards are an ideal medium for criminals to move money. The 5AMLD transaction limit, before identification is required, has dropped from 250 euros (4AMLD) to 150 euros in 5AMLD. If a transaction is remote and anonymous, the limit drops further, to 50 euros. A prepaid card issued outside the EU is prohibited for transactions unless issued in a territory with acceptable AML/CFT standards.
Improve the safeguards for financial transactions to and from high-risk third countries
- High-risk countries are covered by the 5AMLD with the requirement for mandatory and Enhanced Due Diligence (EDD) on customers from these countries.
- The 5AMLD requires Politically Exposed Persons (PEP) lists in member states to be made publicly available; the EU has an EU-level PEP list. The individuals on the lists may be politically exposed by the GDPR’s ‘legitimate interest’ clause which is used as a legal basis.
- Centralized bank account registers or central data retrieval systems offer a mechanism to associate multiple national bank accounts that belong to an individual. This provides a means for law enforcement to perform financial investigations.
Anti-Money Laundering A Helping Hand in the Form of Smart Technologies
Having effective and modernized financial regulations is more vital now than ever before. As our payment mechanisms become increasingly seamless to meet customer expectations, doors of opportunity open for cyber-criminals to exploit. Regulators recognize this and have made adjustments to bring laws and directives into the 21st century. Checks on identification, sanction screening, and new transaction rules are strictly required by AML regulations. The whole is a complex mesh of requirements that must be met to perform a secure transaction. Compliance with AML regulations could be an onerous issue for companies. However, these regulations have been updated with the knowledge that technologies now exist to facilitate these stringent requirements. Using smart platforms, that utilize artificial intelligence methods such as machine learning, provide the basis for achieving compliance with AML laws whilst retaining a great customer experience.
Have questions? We’re here to help.
For more information on how EastNets can help you stay on top of regulatory developments that effect your organization, contact us: firstname.lastname@example.org