NextGen AML: Output-driven change

Refocus the risk based approach

If the combined Anti-Money Laundering efforts of Financial Institutions (FI’s), regulators and enforcers are to really reduce financial crime, they need to be focused where they will have most impact. That means first reaching agreement among themselves what the output of these efforts should be to make an impact. And then, importantly, making choices which new and existing AML processes they need — or don’t need — to achieve it.

FI’s are steadily ramping up their AML efforts. The output of these ‘AML factories’, i.e. the number of transactions that are deemed useful to investigate according to the participating banks, has risen significantly in recent years. An encouraging, measurable output, but are these red flags really the output we’re seeking from our overall AML efforts? Are FIs that report many potential unusual transactions ‘AML champions’? 

Measuring success

We could also define output as the number of criminal investigations resulting from current AML efforts. This output (partly because law enforcement can only investigate a fraction of the FIs’ unusual transaction reports) is as yet fairly low. But how interesting is that as a measure of success? The first responsibility of FIs, as gatekeepers of the financial system, is to perform strong Client Due Diligence, and thereby keep money launderers from accessing the system in the first place. So the question is: do more unusual transaction reports and investigations, however welcome, really signal a better-working AML framework?

Taking AML to the next level, we believe, means looking beyond such quantitative output and focusing more on quality. Our collective goal should be to make money laundering harder, riskier and less rewarding for criminals. This is also the basis for the risk-based approach that various AML directives and policies are imposing. However, the way in which the AML approach is made risk-based should be enhanced. The question is, how?

Joint strategy and tactics

As described in our previous blogs on ecosystem and intelligence, we advocate stronger, broader, more structural alignment between parties in the AML chain when it comes to priorities, strategies and tactical information. In the ideal situation, with a strategic agenda agreed, financial institutions pledge to reserve and deploy part of their precious human resources specifically for the chosen high-risk, high-priority themes. These teams have the freedom to conduct their own investigations based on internal or external intelligence. On a tactical level, when they receive details from task forces of the targets under investigation, they also have capacity for a quick deep-dive, producing relevant information that gets immediate follow-up by law enforcement.

Rethinking instruction and supervision of FIs

However, freeing up enough capacity for this targeted approach will only happen if FIs can afford to reduce the amount of staff working on low-risk, low-priority checks. State-of-the-art technology may help to smooth the way for this paradigm shift, but in the meantime, what FIs need is the assurance that, if their overall AML approach meets requirements, the regulator can grant them at least a little room for error. In the US, a setup in which FinCEN (the equivalent of our FIU) determines priorities that FIs should and could follow in their AML programs has been enthusiastically received in the sector (AML Act 2020). It is seen as the first step towards shifting the focus of the regulatory framework from ‘technical compliance’ to outcome effectiveness. As our colleagues in the US described, this opens up possibilities for FI’s, but also comes with a series of questions and challenges to consider. In the Netherlands, it would be interesting to explore these possibilities, too.

AML programme effectiveness

The ideal regulatory approach for assessing FIs’ AML performance, in our view, is one that takes more account of what an FI is doing right. Rather than a primary focus on what has gone unnoticed, the regulator reviews an FI’s AML programme in its entirety. And both the FIs and the regulators alike, should then have the agreed-upon norms to evaluate whether the programme is effective. Norms that are based on actual outcomes and output, rather than on paper-work conditions that do not directly create an impact against financial crime in the real world. Norms that incentivise  innovations and new initiatives to meet the prioritised AML goals. FIs should not feel limited by scrutiny (such as lookback obligations) to do a better job on the AML priorities. 

Focused control and resource allocation

As stated above, more clarity and regulatory certainty about AML priorities within the field, will enable FIs to allocate their focus and resources to generate output that makes an impact. As such, they are not only adequately performing their general gatekeeper role. They are also providing reports that are contain more actionable information for law enforcement, because the information is aligned with the public priorities set. As with a better use of intelligence, explained in our previous blog, this should also enable FIs to stop efforts that do not contribute to effective outcomes. For instance, periodic client due diligence reviews on low-risk clients without any deviating profile or behaviour can be replaced by more automated procedures, screening the client data for ‘triggers’ that have been proven to be indicative of financial crime risks. This will enable FIs to scope their reviews on clients with actual risks, rather than performing pointless the technical compliance checks for all clients.

Maximise value added

By making the AML effort output-driven, we can maximise the value added by FIs as gatekeepers. The current practice of blanket AML screening needs to gradually give way to a deeper and well-established risk-based approach, aimed at making impact where it matters. The already existing initiatives are only the beginning, and it’s a matter of putting more push behind them. However, for the output driven AML framework to be successful, there is another firm requirement, and that’s high quality data. More about that in our upcoming NextGen AML blog on Data-driven change.

Click here for an overview of the blog series

Did you find this useful?