ComplianceMarch 23, 2016

Major weaknesses and concerns in AML regimes operating at financial institutions in Australia

Although often not where funds are first introduced into the financial system, most large sums of dirty money flow through major financial centers, such as Hong Kong, Singapore, New York or London, at some point in the cleansing process. Much of the money is drug related, and major Mexican cartels are now operating across the Asia-Pacific region, including Australia, so it is no surprise that authorities in Australia are focusing on drugs, fraud and tax evasion as the main predicate offences.

This is significant because cartels are experts at putting pressure on individuals to assist them, so financial firms in Australia must remain vigilant for changes in staff behavior that could indicate that employees may have been compromised. Whilst it is often employees breaching controls, it is the institutions that suffer the penalties.

In December 2015, Wolters Kluwer conducted a survey of 44 financial institutions in Australia and New Zealand to determine their greatest AML/CTF concerns for 2016. Compared to their counterparts in the rest of Asia-Pacific, we can see that AML professionals in Australia have greater concerns about ‘keeping pace with domestic regulatory changes', ‘performing rigorous KYC verifications’ and ‘insufficient management focus’ than the rest of the region.

Since the FATF inspection in late 2014, and the subsequent report last year, the climate is changing in Australia with authorities considering tighter anti-money laundering rules to include real estate agents and precious stone dealers. So what can financial institutions do to reduce the risk of being fined for non-compliance?

Name checking against established lists is essential. Large organizations will typically subscribe to a specialist vendor list, but smaller firms should focus on UN lists, OFAC and local regulatory lists which are freely available. The lists must be kept up to date, a key focus for terrorist funding which is largely after-the-fact tracking of money trails. Automated solutions must be capable of identifying close matches and minimizing false positives. They may also need to handle multiple languages depending on the jurisdictions involved. There must be regular reviews of the KYC data held for each customer, with review frequency set according to risk level, making the due diligence process directly linked to the risk profiling. Whenever this data changes it can be reflected such that a sudden change of a single factor can instantly change the broader categorization without manual intervention, also then changing the next review date for the customer based upon their risk category. It also allows each firm to reflect their own appetite for risk in different product areas as they design their individual scoring thresholds.

Transaction monitoring and customer profiling is the most dynamic area of the automated solution. It also must be the most flexible so that new rules can readily be designed and inserted into batch or online processing to implement any new typologies. They must be capable of viewing activity over time to profile a customer and identify a change of behavior, also comparing activity across peer groups in similar businesses and individuals to identify those that stand out from the crowd. Advanced analytics can also be applied if your business is complex, though may not be necessary for smaller firms. Solutions need to be scalable to ensure there is no restriction on business growth and development. This module must link in with the risk assessment to reflect changing behavior that may lead to a review of the customer relationship.

International transfers are clearly of higher risk than domestic, so proper review of payments information is needed to ensure that all of the required counterparty and beneficiary information can be assessed for increased risk. It is not just about checking names but also reasonableness of all relevant information.

We are going through a period of major change in banking and related sectors, with increasing innovation. We are familiar with issues around ATMs and credit cards, but the rapid move to online and mobile banking is introducing a new set of risk factors, with speed of customer approval tending to diminish due diligence processes, and the velocity of transactions overwhelming established systems. In many cases these new areas of finance are not conducted with rigorous controls and are loosely regulated as regulators struggle to keep pace.

These new business models are making it easier to bring money into the financial system, opening new opportunities for money laundering, tax evasion and fraud. But their public popularity mean that banks cannot resist the pressure to compete. Regulators need to work with established financial firms to improve regulation and supervision so that we do not loosen controls.

With all of those factors to consider, AML professionals in Australia selected ‘Additional checks for PEPs', ‘Customer profiling’ and ‘Risk analytics specific to AML/CTF’ as the top three inadequacies of their own systematized AML solutions.

Most countries tend to tighten their laws and regulations as they approach a FATF review, and again 6 months later once the FATF publishes its findings. The Australia review requires extension of AML regulation beyond the financial sector, better control of correspondent banking, more education and better implementation of controls by smaller financial firms and stricter enforcement of penalties for deficient controls. The pressure from the FATF is leading to greater cooperation between regulators and more standardized approaches internationally. There is also more linkage to other areas of regulation, with an increased focus on tax evasion closely linked to the FATCA and GATCA initiatives that our earlier commentary discussed. We can also see the effect of terrorist events in Europe leading to more focus on terrorist funding at top government level, with a ripple effect likely in this region in months to come.

We stress that automated systems are not a silver bullet solution, they need to be integrated with manual processes and procedures. An automated system cannot detect unusual eye movement or expansive hand movements during the KYC questioning and they cannot perform the extensive background checking that may need to be completed in high risk situations.

Staff need to be trained to spot potential issues and to perform these checks, and training should include the boards of directors to ensure their commitment to compliance. Financial firms must also test their AML/CTF practices through unannounced audit review. Risk can never eliminate completely and money will continue to be laundered, but the best defense is a rigorous application of best practice.


Explore related topics
OneSumX for Finance, Risk and Regulatory Reporting
A best-in-class integrated regulatory compliance and reporting solution suite that establishes a single source of data for finance, risk and regulatory reporting.