Eight years after the 9/11 attacks, any attempt to evaluate the fight against money laundering and terror financing entails assessment of two facets:

1. Regulation and its effectiveness.
2. Implementation machinery in the financial sector.

Regulation

Moves to enforce stricter compliance within the global financial services industry have generally met with success. At least 156 countries have well defined regulation - even if it is only from the view of avoiding the non-cooperative countries and territories (NCCT) list. Owing to the efforts of the Financial Action Task Force (FATF), it appears that there is also a significant amount of standardisation in the regulatory approach, with most countries adopting common measures of identification of critical typologies and red flags, stipulation of mechanisms for reporting and achieving clarity on international co-operation.

This, however, hasn’t always been the case. The first reactions regarding the anti-money laundering (AML) compliance requirements traditionally range from disbelief to acute frustration in the financial sector. Bankers have initially, off the record, termed the regulations as draconian and impractical. It is interesting, though, that with sustained efforts of financial intelligence units (FIUs), regulatory bodies and law enforcement agencies, most banks have begun to comply, first in the letter and then in the spirit of the law.

That said, the line between a banker’s role - seeking to maximise his profits versus the ‘policing and investigative’ role which AML compliance requires - is frequently debated and there are differences of opinion.

Implementation

From an implementation perspective, the status today is the result of multiple factors, such as regulatory pressure (which in turn translates into the seriousness with which the financial sector decides to implement), and the awareness and readiness of the financial sector. We can categorise implementation into a few steps to make the evaluation more objective.

Implementation of AML in the financial sector depends upon a number of variables. Some of these variables impact the attitudinal shift towards compliance; in other words, the will or intent to comply. Three principal variables in decreasing order of impact are:

• Threat of regulatory penalty and sanctions.
  
• Pressure mounted internally by the enforcement agencies.
  
• Perceived internal threat by the financial institutions themselves.

The factors on which the actual implementation by financial sector depends on:

• Level of organisation and regulation in the financial sector.
  
• Level of automation and readiness.
  
• Size of the sector and also the average size of the institution.

From the macro perspective, if countries can ensure that every financial transaction leaves a footprint, it is a huge step forward. While it is obviously easier said than done, it is interesting to note that the need for AML compliance has triggered or accelerated several initiatives that have always been considered important but never urgent. Changes that have occurred in processes and technology implementation, if used strategically, can have a very positive impact on the financial institutions (FIs) themselves.

The implementation of AML measures also result in some interesting attitudinal responses in the minds of bankers, and in the AML regulatory environment, every banker goes through a few levels of realisation:

• Compliance cannot be wished away.
  
• Compliance has a cost.
  
• Banks and FIs have to continue to be driven by profitability and hence the investment into AML needs to be leveraged innovatively.

Ultimately, this probably leads to questioning on whether AML regimes converts bankers into policemen, or whether it makes them better bankers. In the longer term, it can probably be argued that we get more efficient and innovative banking, because bankers are ultimately in the business of making wealth grow and, to that end, they will find solutions.

In order to get a winning proposition, one has to integrate the regulatory requirements into business planning in such a way that it yields a situation of return on investment (ROI) - through better customer experience, more efficient operations, or through a healthier bottom line. Observing the financial crime management industry unfold within the banking, finance, security and insurance (BFSI) segment, this trend appears to be already occurring.

Where the institution is of a smaller scale, reporting can be an onerous task, and if taken to the extreme can result in the risk of the business becoming unviable. But for the larger institutions that are seamlessly trying to integrate compliance and business processes, there are a number of visible by-products.

Data Sanitisation, Data Marts/Warehouses and Integration

After the first round of relatively frustrating experiences with sundry reporting to the financial authorities, most institutions have accelerated data sanitisation projects. Such projects have always been deemed necessary and important but never urgent. Now, with some serious quality deficiencies in the inevitable defensive reporting for AML, the need to sanitise data has been accentuated more than ever.

Also, the need to consolidate databases rather than working independently on fragmented ones has become pronounced. A simple alert that talks about ‘single customer with multiple accounts with no discernable rationale’ requires the bank to investigate and identify multiple relationships that an entity has - essentially the long pending de-duplication exercise is undertaken. The result sets throw up some surprises; a few shocks and a relatively larger number of up-sell and cross-sell opportunities. The elusive 360-degree view of the customer relationship management perspective suddenly becomes a reality. All this is possible because the compliance needs are catalysing the much needed optimisation interventions like the creation of data marts, warehouses and integration of distributed databases.

Know Your Customer

With the explosion of automated banking, the underlying philosophy of know your customer (KYC) has undergone a metamorphosis. Earlier bankers actually ‘knew’ their customers. Technology has, over the last decade, removed the relationship between the banker and the retail customer. The net result is that we are seeing a whole new, process-driven format of KYC - one that no longer depends solely on the banker’s discretion (that format actually worked for several decades).

If we have witnessed a standardised effort across the entire banking segment, it is KYC processes. Every banker knows that obtaining the right customer is as important as keeping the undesirable one away. That involves investment. Be it scanning against caution lists or identity verification or referral checks - it costs money. So the offshoot from KYC is that once you actually know your customer, you can then maximise the value from them. It makes far more economic sense to the bank to extract business out of an existing customer than ever before.

This presents benefits both to the bank and the customer - to the customer, better service and better offers, and to the bank, lower cost of retention with regard to acquisition and life-cycle economic value-added (EVA) being much higher.

From AML Compliance to Financial Crime Management

Increasingly, there is a perception that AML is a smaller component of the financial crime management solution that banks are trying to adopt. The convergence of efforts towards these two is driven by synergy in terms of common data, common technology and also common resources that investigate and analyse. Fraud, theft, intrusions and other forms of financial crime are being brought under the same umbrella, so a comprehensive view provides a concerted effort into the possible prevention and management.

The costs involved for each individual organisation have also made businesses look outside for collective efforts. Shared models, though difficult to enact, are being cobbled together in several places. In order to optimise expertise, several apex bodies are activating their AML efforts jointly while trying to keep their individual needs intact. Another intervention is more focused on suspicious transactions and patterns at institutions where consolidation of data occurs - exchanges and depositories, for example, instead of individual broker-dealer checks at clearing houses and remittance gateways. This, in conjunction with plugging cash entry points, can yield far richer information on patterns that drive smaller entities to desperate, namesake compliance.

Gaps that Persist

While much has been achieved and much more is in the pipeline, it is imperative to acknowledge the gaps and issues that persist. Even within what has been achieved there are gaps either in the implementation or the spirit. Where it is felt that the gap is more due to intent than inability, severe punitive measures are being imposed. However, the fact remains that gaps remain in the following areas:

• Patterns of terrorist financing are very difficult to predict - they neither involve large amounts nor do they set off too many behavioural anomalies.
  
• Most financial criminals understand weaknesses in the system and work on ‘building’ normal profiles before striking. Therefore the premise of suspicion being anything out of normal or something that does not have an economic sense.
  
• Types of patterns used by money launderers and terrorists will keep varying and therefore it becomes necessary for every reporting entity to be dynamically vigilant.
  
• It is also difficult for practical reasons for the regulators and financial intelligence units to validate the models being used by each reporting entity.
  
• Effectiveness of the caution lists is being questioned by several reporting entities.
  
• In many instances, the FIUs are still in the process of gearing up their automation, which is a necessity for processing the huge quantities of data churned out by the reporting entities.
  
• In most countries, though implementation in banking appears to be moving in the right direction, other segments like insurance, remittances and securities broking are still some distance away. Also, the segments with large cash transactions that are not necessarily within the financial sector are tougher to regulate.
  
• Success of the entire fight against money laundering/terrorist finance(ML/TF) is a much larger canvas than just the financial foot-print. It involves political will, effectiveness of criminal intelligence, effectiveness of follow up and action on the suspicious activities.

What Next?

Much has changed in the financial sector since 9/11, and the methods used to tackle money laundering will doubtless continue to evolve. A level of regulation that many would never have dreamed possible has come into effect across most countries. Tracing the financial footprint has become extremely important and regulatory processes and automation has paved the way for this. There is significant scrutiny of every entity under the KYC requirements. Automation in banks has been hastened to consolidate and collate their data to comply with AML requirements. For banks that can sustain and think strategically, this presents a positive environment for higher efficiency and EVA management. For smaller entities the compliance is very taxing. From regulatory authorities, the indications are definitely positive that traces of seriously suspicious activity are visible through the intelligence at the apex level based on the compliance reports. It has been difficult and expensive, but if it has at least made undesirable transactions difficult to make, then it has well been worth it. However, there is no room for complacency since the financial criminal is technologically savvy and understands both system and process weaknesses and regulation and compliance requirements.

Article by Jyotsna Ayyagari is a research and strategy professional focusing on the banking, financial services and insurance (BFSI) segment. She is currently the principal consultant for the anti money laundering and fraud management practice of 3i Infotech.