Tag: #aml

Posted on

Compliance risk and non-verifiable judgments

I’ve recently started reading Daniel Kahneman’s new book “Noise“. Like his previous book “Thinking, Fast and Slow” it’s what I would call a contemplative read, one that introduces concepts and stimulates thinking. I like these kinds of books. One of the concepts in “Noise” that he considers (in chapter 4, I’m still reading!) is that of verifiable and non-verifiable judgments.

Noise: The new book from the authors of ‘Thinking, Fast and Slow’ and ‘Nudge’ by [Daniel Kahneman, Olivier Sibony, Cass R. Sunstein]

In short, a verifiable judgment is one where the outcome can be verified. So predicting tomorrow’s weather is a verifiable judgment as you can very quickly validate whether the prediction of rain or shine was correct. In business and life, many decisions are verifiable but others, many of the most important ones you will make, are non-verifiable. This can be because at the point that the judgment is made they are impossible to test, have dependencies in how they play out, or that the time frame for validation is just too long.

Making a decision on the right business strategy. Selecting your partner for life. Lowering emissions to address global warming. At the critical decision point that these are made, these judgments all fall into the non-verifiable category. They may have been informed by the best available evidence, business trends, dating history, or scientific principles, but the timeline and dependencies make the actual judgments non-verifiable. As Steve Jobs suggests you need the luxury of hindsight to really prove you are right, so you have to trust in the judgments that you make.

“You can’t connect the dots looking forward; you can only connect them looking backwards. So you have to trust that the dots will somehow connect in your future”

Steve Jobs, 2005 Commencement Address

The world of risk, compliance, and financial crime prevention is full of non-verifiable judgments. As a financial crime officer, you have to make judgments on your risk policy and decide if it sufficiently protects your institution from financial crime or future regulatory action. In the last few years, we have seen a significant regulatory push for attestation and senior management accountability. This is all about trying to make those non-verifiable judgments verifiable, or at least to ensure sufficient due diligence is done in policy and process implementation and ongoing review.

Life would be easier if every judgment was verifiable. For this to happen we need things to be measurable, testable, and have rapid feedback to assess results and outcomes. We proved years ago that this is possible for sanctions filters, where outcomes can be measured against synthesized data and matched to the risk policy. There have been a few attempts to do the same for other areas of AML such as transaction monitoring but these are more difficult problems. It is possible to validate thresholds and settings of transaction monitoring tools but to answer the question of whether those systems are keeping money launderers at bay is one that puts us back into the land of non-verifiable judgments. This is especially true given a global regulatory framework that provides limited direct feedback on results against the millions of suspicious activity reports that are filed by banks and financial institutions annually.

In the new digital world, it is possible to verify the impact of website and mobile app changes, marketing campaigns, and sales initiatives in days rather than years or months. The speed of feedback for regulatory compliance looks archaic in comparison.

There are two take-aways here.

The first, that there is still a huge market opportunity for someone that can really crack the challenge of creating tools to make AML transaction monitoring and other compliance systems truly verifiable. Vendors continue to try, BAE Systems, Cable, AML Analytics, and others are moving in this direction but no one yet is doing it well. And anyway, shouldn’t these be capabilities be embedded in the AML transaction monitoring systems themselves?

The second, that there is no surprise that we already have evidence that fast feedback and qualified outcomes work. The UK National Crime Agency reports significantly better outcomes for Defence Against Money Laundering (DAML) over traditional suspicious activity reporting. DAMLs provide a fast feedback loop that allows iteration and improvement that helps make some of those non-verifiable judgments verifiable. One day all compliance will work this way!

Posted on

Back to the efuture: eIDAS & the new European Digital Identity Framework

Last week (3 & 4 June 2021) the EU announced simultaneously the death of eIDAS and launched a brand new European Digital Identity Framework. Taking both a step backward and another forward in a move towards the digital e-future.

eIDAS had promised a vision of the future where electronic signatures and other trust services across the EU would remove need for physical signature and proof of identity. In its youtube video these services were set to be available by 2019. It is a shame that things didn’t move as fast as hoped.

In the report on “the evaluation of Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS)” the Council of the European Union stated:

The current eIDAS Regulation cannot address these new market demands given its inherent limitations to the public sector, the complexity for online private providers to connect to the system, its insufficient availability in all Member States and its lack of flexibility to support a variety of cases.

So eIDAS is dead, well not quite. The commission is now rallying behind the new European Digital Identity Framework, designed to deal with many of the problems that eIDAS set out to fix.

Citizens will be able to prove their identity and share electronic documents from their European Digital Identity wallets with the click of a button on their phone. They will be able to access online services with their national digital identification, which will be recognised throughout Europe.

This is good news for all of us that believe that digital identity is the missing link that binds payments and compliance, and will solve the age-old problem of proving you really are who you say you are.

But we are not quite there yet. The commission wants to make digital identity a reality as soon as possible and suggests an aggressive timeframe to create a common toolbox by September 2022, with a target in the Commissions Digital Compass of 80% of citizens using digital ID by 2030.

So, not a quick fix for the current know-your-customer, customer due diligence, and on-boarding challenges faced by most of Europe’s banks! But another step in the right direction.

Posted on

EBA consults on a new central AML/CFT Database

On 6 May the EBA published details of a consultation on the creation of “Regulatory Technical Standards (RTS) on a central database on anti-money laundering and countering the financing of terrorism (AML/CFT) in the EU”.

The EBA has faced significant criticism in the wake of supervisory issues that emerged from events at Danske Bank. At the start of last year, it announced a new legal mandate that establishes it in a new role to lead, coordinate and monitor the financial sector’s fight against money laundering and terrorist financing across the EU. They published a factsheet on the strategy and approach.

Taken from EBA – Anti-Money Laundering and Countering the Financing of Terrorism, Feb 2020

The new consultation is part of work to create a key tool as part of the new EBA strategy. To establish and keep up-to-date a central database with information on AML/CFT weaknesses that competent authorities (CAs) across the EU have identified in respect of individual financial institutions.

Information sharing, either public or private, relating to financial crime is always a good thing but the focus here seems to be misdirected and could lead to further pressure on banks and FIs without the desired effect of risk reduction. As such the priority seems to be an attempt at fixing the supervisory failings, without turning the spotlight on the supervisors themselves, when it should really be focussed on improving the financial crime compliance outcomes.

It is obvious that competent authorities across the EU, and FIUs globally, should do more to coordinate their efforts to combat financial crime and that information sharing is a key enabler to do this. It is also clear that the assessment of institutions plays a significant role in ensuring safety and soundness – we are only as strong as the weakest link. But, if the technical specifications described in the consultation paper are anything to go by, this new database will just create a further stick to beat the banks with rather than real risk reduction.

Posted on

NCA – Annual Threat Assessment

The National Criminal Investigation agency has just published its annual threat assessment.

A very interesting report full of facts and figures and some lovely info-graphics. Strong evidence this year of Covid-19 playing its role in the changing landscape of crime and a clear demonstration of how quickly criminals adapt.

Many insights make depressing reading. Over £12bn of criminal cash generated annually, the scale of money laundering in the hundreds of billions, money mule activity, cyber-crime, ransomware and crypto-asset laundering on the up, child sex abuse increasing due to lockdown and increased online access, fraud at £3bn …

Sometimes though bigger numbers aren’t always bad. Here’s two that I’ll take as positives:

  • £172 million was denied to suspected criminals as a result of defence against money laundering requests (up by 31% – see the SARs Annual Report for detail);  and
  • £982 million of potential financial sanctions breaches were reported in the year ending March 2020. A 3.7 times increase from £262 million in 2018/2019.

Two indicators that firms are doing a better job in relation to financial crime compliance. More reports, more investigations, more disruption of criminal gangs.

Back to top