28 May How RegTech can support AML/CFT Supervision
The FATF have commenced engagement with the RegTech industry. The most recent engagement was a two day forum at PayPal’s headquarters in Silicon Valley on the 25th and 26th May 2017.
Neil Jeans of Initialism, through our joint venture AML Accelerate www.amlaccelerate.com, was invited to attend the FATF forum and present on how RegTech solutions can support AML/CFT supervision efforts. The following text is a summary of the presenation to the FATF.
Supervision of compliance is a vital component of any AML/CFT regime. However it is our experience that supervisors are often under-resourced to provide effective supervision and oversight of regulated entities.
To date many AML/CFT supervisory regimes have predominantly focused on larger (Tier 1) financial organisations which are seen as systemically important.
There is however a growing recognition that Tier 2 financial organisations to date have been subject to less regulatory focus, and consequently businesses covered by AML/CFT obligations in many countries are struggling to achieve effective compliance with AML/CFT laws and regulations.
Countries are also expanding AML/CFT regimes to include other gatekeepers (DNFBPs). This will see many more businesses across a diverse range of sectors needing to comply with AML/CFT obligations and subjected to supervision, and therefore will place additional strain on the existing finite resources of AML supervisors.
Supervision of compliance is a vital component of any AML/CFT regime. This is recognised by the Financial Action Task Force (FATF), who devote 3 of their 40 recommendations to supervision.
FATF Recommendation 26 relates to the regulation and supervision of financial institutions, which requires countries ensure that financial institutions are subject to adequate regulation and supervision and are effectively implementing the FATF Recommendations.
FATF Recommendation 27 sets out the powers of supervisors, stating that supervisors should have adequate powers to supervise or monitor, and ensure compliance.
FATF Recommendation 28 relates to the regulation and supervision of Designated Non-Financial Businesses and Professions (DNFBPs), requiring countries to ensure that DNFBPs are subject to effective systems for monitoring and ensuring compliance with AML/CFT requirements.
The interpretative notes to the 40 Recommendations state that supervision should be risk based to ensure effective AML/CFT supervision, which requires supervisors to understand risks and allocate resources to AML/CFT supervision based on the risks.
The interpretative notes also state that countries should ensure that supervisors have adequate financial, human and technical resources.
Our analysis of the most recent FATF mutual evaluations across each of the countries that are full FATF members identifies that supervisors face significant challenges in complying with the FATF Recommendations:
- 26% (9 out of 35) are Partially Compliant regarding the supervision of FIs.
- 31% (11 out of 35) are Partially Compliant regarding the supervision of DNFBPs.
- 46% (14 out of 35) are Non-Compliant regarding the supervision of DNFBPs.
As part of the revisions in 2012 the FATF put in place effective in practice assessments as part of the 4th round of mutual evaluations which commenced in 2014 and are scheduled to continue until 2022.
The methodology for the 4th round mutual evaluations sets out the criteria with which the FATF will assess AML/CFT supervision and should be a route map for AML/CFT supervision globally.
The FATF 4th round mutual evaluation methodology states:
- Supervisors should appropriately supervise, monitor and regulate financial institutions and DNFBPs for compliance with AML/CFT requirements commensurate with their risks.
- Supervisors should provide financial institutions and DNFBPs with adequate feedback and guidance on compliance with AML/CFT requirements.
- Over time, supervision and monitoring should improve the level of AML/CFT compliance, and discourage attempts by criminals to abuse the financial and DNFBP sectors, particularly in the sectors most exposed to money laundering and terrorist financing risks.
The mutual evaluation methodology also sets out the assessment criteria for the 4th round for supervisors:
- How well do the supervisors identify and maintain an understanding of the ML/TF risks in the financial and other sectors as a whole, between different sectors and types of institution, and of individual institutions?
- With a view to mitigating the risks, how well do supervisors, on a risk-sensitive basis, supervise or monitor the extent to which financial institutions and DNFBPs are complying with their AML/CFT requirements?
- To what extent are supervisors able to demonstrate that their actions have an effect on compliance by financial institutions and DNFBPs?
- How well do the supervisors promote a clear understanding by financial institutions and DNFBPs of their AML/CFT obligations and ML/TF risks?
Since 2014, there have been 31 mutual evaluations globally, as part of the 4th round. The results are mixed:
- 25% are Partially Compliant regarding the supervision of FIs.
- 80% are Partially Compliant regarding the supervision of DNFBPs.
- 61% need major improvements in supervision effectiveness.
- 25% need fundamental improvements in supervision effectiveness.
Against this scorecard, supervisors are facing challenges to meet the FATF requirements. However, RegTech solutions are developing that can support supervisory objectives and demonstrate compliance with FATF requirements.
Supervisors understanding of ML/TF risks
RegTech solutions can help supervisors identify and maintain an understanding of the ML/TF risks in the financial and other sectors as a whole, between different sectors and types of institution, and by individual institutions.
RegTech solutions are becoming available that provide the structured and consistent application of ML/TF risk assessment methodologies.
Solutions are able to collate and provide consolidated views of the assessed ML/TF risks between different sectors and types of institution, and between different regulated entities within the same cohort.
Solutions are also able to support the benchmarking of ML/TF risk by individual regulated entities.
Supervisors monitor compliance
RegTech solutions can support supervisors’ ability to monitor the extent to which financial institutions and DNFBPs are complying with their AML/CFT requirements.
RegTech solutions are developing that will support the application of consistent AML/CFT programs and controls by regulated entities based on their ML/TF risks and legal and regulatory requirements.
Solutions, due to automation and structured data collection and management, could be able to provide supervisors with insights into how regulated entities are responding to AML/CFT requirements and ML/TF risks.
Supervisors impact levels of compliance
RegTech solutions can support supervisors being able to demonstrate that their actions have an effect on compliance by financial institutions and DNFBPs.
RegTech solutions are developing that will support the structured amendment of AML/CFT programs and controls by regulated entities based on changes to ML/TF risks and legal and regulatory requirements.
Solutions, because of centralized ML/TF risk, compliance programme and related data management, could also be able to provide supervisors with insight into how regulated entities are responding to changes in the ML/TF environment and AML/CFT requirements over time.
Supervisors support understanding of AML/CFT
RegTech solutions can help supervisors promote a clear understanding by financial institutions and DNFBPs of their AML/CFT obligations and ML/TF risks.
RegTech solutions can provide a structured way of engaging with regulated entities about regulatory requirements and expectations.
Solutions, as they provide structured, automated and scalable channels to regulated entities, could also be able to provide supervisors with insights and understanding to regulated entities about AML/CFT and approaches to addressing AML/CFT obligations and ML/TF risks.
AML/CFT is a partnership
A partnership approach has always existed within AML/CFT. The AML/CFT partnership is between government agencies, regulatory authorities, law enforcement and regulated entities, with each focused on playing their role in AML/CFT and mitigating ML/TF risk and vulnerabilities.
In order for RegTech to fully support supervision objectives, consideration should be given to extending the partnership to other stakeholders such as RegTech solutions.
As with any other partnership engaging with RegTech should be a two- way street. RegTech can play a role by:
- Incorporating regulatory feedback on content and product features into solutions.
- Publishing ‘announcements’ to customers on changes to AML/CFT law and regulation to assist with industry awareness, particularly regarding regulatory expectations.
- Providing regulators with anonymized data analytics from the highlighting trends/outliers & insights regarding assessed ML/TF risk, frequency of refresh of programs/controls, and the adoption of changes to requirements/standards.
- Helping focus on potential non-compliance by saving time currently spent in reviewing and providing feedback on levels of compliance (i.e. if a regulated entity is using a trusted RegTech solution there is an acceptable assumed level of compliance).
On the flip side supervisors should consider:
- Assisting in the design and support of development of RegTech solutions by providing timely and insightful feedback.
- Participating in Open Data Sharing Programmemes for non-sensitive data held by the regulator.
- Public recognition of RegTech solutions that support regulatory and supervisory objectives.
In conclusion, the challenges facing supervisors are significant and many countries may need to revise their supervisory practices to meet the FATF 4th mutual evaluation criteria.
RegTech solutions are developing that can support and enhance supervisory activity. However, the environment does not yet exist in which RegTech solutions can reach their full potential in supporting regulatory requirements and supervision objectives.