Financial crime risk management: The best effort is yet to come

The need for change

An estimated 16 billion euros is laundered in the Netherlands annually. Financial institutions (FIs) are responsible for detecting and stemming the tide of criminal money that has been linked to human and narcotics trafficking, terrorist financing and a host of other offenses. But current prevention efforts are proving insufficient in our rapidly evolving risk landscape. As COVID-19 emerged and technological development surged, new areas of concern have cropped up, in the Netherlands and globally.

Fortunately, the past couple of years have also seen exemplary efforts to manage financial crime risk, as highlighted by Deloitte and the IIF. For example, the five largest Dutch banks have agreed to establish the TMNL B.V. (Transaction Monitoring Netherlands), to jointly monitor their transactions for money laundering. More examples – good and bad – are found in the Deloitte-IIF paper “The effectiveness of financial crime risk management reform and next steps on a global basis”, which trains a spotlight on what has worked, and where we’re falling short.

Admitting the problem

The rapidly growing problem of financial crime demands faster, and sometimes fundamental, changes to our defensive processes. Mere compliance with financial crime regulations is insufficient to safeguard cryptocurrency and other new or enhanced products and systems. Moreover, we will need to better connect efforts by public and private actors to make a deeper impact against financial crime. We need to fight smarter – together – and that the existing system is ready for reform.

However, reform will not be successful without three elements: 1) the view of financial crime as a societal problem; 2) technology, more data and exchange of that data; and 3) an emphasis on output, rather than the compliance requirements of identifying, reporting and combatting crime.

The Netherlands can benefit from building on efforts around the world to improve the system, as outlined in the Deloitte-IIF paper. For example, Singapore, with its effective Monetary Authority of Singapore, its encouragement of using technology and advanced data analytics, and its cryptocurrency regulations that mitigate money laundering and terrorism financing. But also, the UK, where reforms are likely to be heavily based on stakeholder evaluations of how effective the UK anti-money laundering (AML) system is. Finally, the US’s risk-based perspective is praised, by which law-enforcement officials set and communicate priorities for effective AML programs in the financial sector.

Four reasons for hope: Where to focus reform efforts

Although regional progress is being made in specific directions, the IIF advocates systemic reform at a global level. The following four key focus areas, outlined in the Deloitte-IIF paper, demand the collective focus of FI business leaders, regulators, policymakers and law-enforcement agencies worldwide.

1. Financial intelligence
   The Suspicious Transaction Report/Suspicious Activity Report (STR/SAR) system has led to an environment of over-reporting. This means the quality of feedback on threats and typologies must transform. For financial intelligence to be useful, the feedback must become swift, specific, focused and actionable. Additional objectives include: achieving the flexibility to match efforts to shifting priorities, reporting only high-level details of suspicious activity, and eradicating geographical and thematic siloes that prevent entities and financial intelligence units from sharing SAR analysis.
   
   Many public-private partnerships (PPPs) and other collaboration initiatives enable financial intelligence and information sharing – including in the Netherlands, with its task forces, cross-FI collaboration and transaction monitoring utility. Now it’s time to embed these PPPs into AML architecture around the world, at a national level.
   
   According to van Rooijen, those forms of collaboration also need to scale and become mainstream, potentially replacing compliance-based information-sharing processes. To deepen collaboration and foster the sharing of expertise, Van Rooijen is a firm believer in developing global resource-exchange programmes, such as we’re seeing with international banks that are moving away from a local focus.
   Other areas of reform, where financial intelligence is concerned, include improvements to beneficial ownership reporting transparency, transformations to new data and information utilities (such as a KYC utility), and abidance to data protection, privacy and confidentiality regulations.
   
2.  Risk prioritisation
   A risk-based approach is critical, and it should home in on suspicious activity that is specifically relevant to the national government. For the Netherlands, the Dutch National Risk Assessment may offer some useful priorities, but van Rooijen believes this guidance can be made more specific and actionable, and better aligned with the AML programmes of financial institutions. This could form the basis for more streamlined cooperation, preferably overseen by a national anti-money laundering coordinator.
   
   The challenge for the Netherlands and other nations is for FIs to try to focus on national risk priorities while attuning their risk assessment processes to output, rather than compliance procedures. They should also work to quickly understand and incorporate new information received, and reallocate resources where needed. Moreover, all stakeholders – law-enforcement authorities, examiners, auditors, FIs and other programme evaluators – must align their efforts to measure and evaluate AML/CFT (Countering the Financing of Terrorism) programme effectiveness.
3.  Technology and innovation
   Emerging technologies have helped FIs aggregate and analyse significantly more data than previously seen, which can free up capacity to focus on areas of national priority and identify new risks faster. But private- and public-sector stakeholders need to clarify how examiners will evaluate the effectiveness of new approaches, and continue finding a balance between DPP (data protection and privacy) and AML/CFT rules at the domestic and international levels. Finally, stakeholders should foster the worldwide knowledge of how new technologies can improve baseline risk and compliance functions.
4. International cooperation and capacity building
   Implementing more consistent international standards can be achieved via enhanced cross-border dialogue about areas of mutual concern. Topics should include how to produce more uniform outcomes through, for example, mutual recognition determinations or memoranda of understanding. Global cooperation also demands that capacity inadequacies across jurisdictions be addressed. Public- and private-sector stakeholders should encourage education, training and technical assistance, and the sharing of expertise among sectors, such as through secondments.

Fast-forwarding reform

The Netherlands may benefit from the EU’s concentration on collaborating and harmonising procedures and data sharing among its member states, but it may take a while. Ultimately, the Netherlands and other EU states should see a new supervisory body and, potentially, a new structure for supervision, followed by its eventual incorporation into local laws and implementation. Until that day arrives, business leaders can move forward of their own accord, if they are willing to see financial crime as a societal problem that they can – and should – help remedy.

Van Rooijen is hopeful: “As elaborated in the recent NextGen AML whitepaper, we think the current AML system is ready for reform. Also from a global perspective, we need to come up with new strategies to elevate the fight against financial crime. Together with civil society, the public and private sectors should participate in discourse and understand that each of us plays a role in protecting our financial system. Only if we step over compliancy discussions, and come to the next level of collaboration and innovation, can we keep up with the ever-advancing schemes of financial crime.”