Can blockchain turn the tide on financial crime compliance? has been saved
Can blockchain turn the tide on financial crime compliance?
Current measures, imposed upon all subject persons within each EU member state since the entry into force of the 4th Anti-Money Laundering Directive, have struggled to stem the tide of illegal financial activities. Blockchain may hold the answer.
Throughout the last two years, since the entry into force of the 4th Anti-Money Laundering Directive (AMLD IV), the financial landscape across Europe has evolved significantly as institutions and subject persons attempt to keep up with evolving regulatory requirements. Nonetheless, current measures, imposed upon all subject persons within each EU member state, have struggled to stem the tide of illegal financial activities.
Multiple breaches of European Anti-Money Laundering and Combating Financing of Terrorism (AML/CFT) rules have pushed European institutions, and consequently national authorities, into action. Several initiatives have been launched in the fight against money laundering and terrorism, aiming at tackling the issue in a more efficient manner.
At European level, the fight against illegal movement of cash has been enhanced through monitoring as well as learning from the patterns of past cases. In particular, at the end of last year, the European Council recommended a ‘post-mortem’ analysis of recent money laundering cases in EU banks to understand how they came about and to help shape preventive measures. At national level in Malta, the Financial Intelligence Analysis Unit (FIAU) launched an updated version of AML Guidelines through a consultation process for which all interested parties have been invited. The main scope is to clarify obligations imposed upon subject persons when initiating a client relationship.
However, despite the efforts of institutions and regulators to enhance capabilities and requirements, authorities have still had to intervene on multiple occasions within the last two years. AML/CFT breaches within Europe did not spare even the largest and most reputable names in banking, whilst Malta has also dealt with its fair share of challenges. Investigations have often highlighted the existence of weak governance and internal controls, leading to significant fines or settlements. In addition to financial institutions, the gaming sector has also been under the AML/CFT spotlight. During the last 18 months, this sector has suffered several investigations due to breaches of various AML rules, resulting in fines and enhanced regulatory scrutiny.
Organisations of all shapes and sizes have undoubtedly faced significant challenges in their bid to manage the growing scope of regulatory requirements. With increasingly complex structures between banks and financial institutions, payments providers and gaming companies, the amount of shared, common and duplicated data is growing. This makes it harder to process data, validate transactions, and keep up with regulations in order to avoid compliance issues, not to mention privacy issues in relation to the latest data protection regulation – the GDPR. But proving even more difficult is the ongoing upkeep of documentation to be maintained and decision-making around how detailed customer due diligence (CDD) should be. In other words, it is fundamental for compliance departments to collect necessary information, while refraining from gathering disproportionate or irrelevant details. Essentially, subject persons, regulators and stakeholders have to navigate the limbo and find the delicate balance between regulatory requirements and customer satisfaction.
Moreover, legislators have been raising particular concerns about the growth of white-collar crime, highlighted by cases like the Panama Papers and Swiss Leaks. This brought about the adoption of the Fifth Anti-Money Laundering Directive (AMLD V), due to be transposed at national level by June 2020. AMLD V will further enhance requirements for EU member states and subject persons, making it even more challenging to navigate regulatory requirements. The main measures introduced by AMLD V are related to improving accessibility and use of the register of beneficial owners, by also including trusts and similar arrangements. A major addition to the directive is the decision to tackle the developing sector of virtual currencies, a sector which may not yet be fully understood by both legislators and stakeholders. Nonetheless, AMLD V identifies virtual currency platforms and wallet providers as obliged entities, required to implement CDD and transaction monitoring. Some minor changes worth mentioning cover prepaid cards, which will be subject to limits of monthly payment transactions and maximum amounts allowed to be stored electronically. Last but most certainly not least, AMLD V also includes measures designed to strengthen the national AML authorities by equipping them with more powers and systems.
Could blockchain be a solution?
Notwithstanding the above-mentioned complexities and difficulties, how can EU member states, financial institutions and interested parties overcome all these challenges? How can fraudulent individuals be deterred from criminal activity?
Technology is considered one of the foundational pillars to any solution going forward. Many financial institutions, grappling to comply with current and upcoming regulations, are exploring systems to increase efficiency in managing massive amounts of data. Their hope is to mitigate risks arising from poor data analysis, and to avoid malicious activities remaining undetected. A particular type of technology identified to support or even replace manual processes is distributed ledger technology (DLT), commonly referred to within the context of blockchain.
Blockchain, as per definition, is a DLT based system, which can be used as a distributed database and verification system for financial transactions. Via a publicly-viewed ledger, institutions can record and keep track of transactions. Each party in a transaction is assigned a cryptographic key and each transaction has to be approved and validated by the participants in the network. Once credentials are verified by the network, the transaction can be completed, and an encrypted block is created. Ultimately, the essential characteristics that makes blockchain so interesting within the sphere of transaction monitoring is the distribution of ledger copies, the independently verified consensus process that is used to validate any changes, and the immutability and transparency of the ledger.
But what are the concrete implications in terms of money laundering? The principal advantage is the integrity of data. A customer’s background, financial records, source of income, wealth and assets can only be placed on a blockchain once there is consensus across the whole network that all the information is accurate. As such, it is extremely difficult for any false information to be submitted and for internal fraud to occur. Considering each data entry is cryptographically hashed, it is nearly impossible to tamper with the information once it is verified and put on the blockchain.
An additional aspect not to be underestimated is that client information can be stored separately in various institutions’ databases. The institutions may include banks as well as transport, tax departments and judicial authorities. With the distributed ledger, all background information and identification could be stored on one blockchain network for institutions to tap into during the CDD process. This could make the Know Your Customer (KYC) process easier, faster, more comprehensive and far more secure against instances of human error or internal fraud.
The aforementioned applications are merely the tip of the iceberg of blockchain potential. However, only with coordinated and harmonised efforts among regulators, financial institutions, auditors, and other stakeholders can blockchain truly play a fundamental role in improving regulatory reporting, identity management, due diligence, and transparency. Simultaneously, these improvements can make it harder for criminal activity to remain undetected.