By Ian Henderson, CEO of Kyckr
Will your company receive an AML fine in 2022?
Regulated firms were fined over $2.7 billion in 2021 according to our “AML Fines 2021” report, and that number is expected to increase in 2022. Banks and financial institutions who haven’t yet dedicated effort and resources towards strengthening their Anti-Money Laundering (AML) and Know Your Customer (KYC) approaches will find themselves facing increasing fines for their non-compliance, as AML compliance breaches continue to plague regulated organisations. Firms subject to international AML regulations will also face not just one main challenge in keeping their compliance strong, but three main challenges in 2022: COVID-19 related financial crimes, regulatory fines, and reputational damage.
But why will that amount increase, and how can firms avoid costly fines or incurring damage to their reputation? What follows are five reasons why this number is only going to rise in 2022, and steps you can take to make sure that your company stays off the fines list.
5 Reasons Why AML Fines Will Only Get Worse
Financial institutions face increasing complexity when it comes to keeping their customers and their data safe, yet gaps in that vigilance can easily result in breaches in compliance that will result in fines if not addressed. Here are some of the common pitfalls that can cause non-compliance, and how to address them within your financial institution.
Inadequate KYC and CDD checks
Every company has a process for onboarding their customers, but regulators scrutinise how financial institutions perform these KYC and Customer Due Diligence (CDD) checks. Banks certainly wouldn’t let just anyone open an account, but banks should also understand the inherent risks in the customer relationship and apply a proportionate level of due diligence. Unfortunately, inadequate risk assessments can leave you widely exposed, especially if you are categorizing high-risk customers as medium or low risk to reduce the KYC and AML compliance burden.
This misalignment of risk application can subject you to pressure from the regulator, and applying a generic customer risk assessment to different types of risks will inevitably result in the regulator fining your bank. Banks should ensure that they’re evaluating their customers’ risk level appropriately.
Reliance on outdated systems and processes
Because of increased regulations, varying types of risk, and more frequent breaches, firms should prioritise keeping their systems up-to-date and airtight. Yet many FIs are still using outdated KYC and AML systems alongside processes and procedures that are in need of a refresh. A report by Fenergo highlights that 33% of banks surveyed have not invested in customer onboarding and only 15% have automated data collection. Additionally, European banks are still lagging behind US counterparts when it comes to deployment of digital KYC solutions, according to an industry report from Greenwich Associates.
Outdated KYC processes and systems in corporate banking are unsustainable, and relying on decades-old systems may leave you exposed to financial crime risks. Therefore, banks looking to improve their processes, better protect their customers, and avoid fines should invest not only in software and hardware upgrades, but should reevaluate their AML and KYC approaches as well to see what can be streamlined or even automated.
Incomplete or outdated documentation
Not only will outdated processes make serving customers and keeping their information safe more challenging, but outdated documentation will also adversely impact your data-driven decision making. Regulators demand that you use current, up-to-date information in your KYC approaches. For example, in the case of identifying and verifying ultimate beneficial owners, using stored or outdated documentation may result in missing shareholders who may pose a legal or regulatory risk to your business. Incomplete documentation impacts risk assessments as well, as it may miss red flags that could warrant additional due diligence.
Data doesn’t come without its challenges. Old documentation poses risks, as does the way data is collected and a lack of transparency into that data. Data also comes in different formats and types, and there is no universal gold standard for data. Therefore, banks should, at the very minimum, ensure that they’re using the most current documentation available from both primary and secondary sources.
Poor culture of compliance
Another key cause of shortcomings in KYC and AML compliance? Having a poor culture of compliance. A business’ culture is the beliefs and behaviors that fundamentally determine how employees and senior management interact with each other and do business every day. Since compliance risk is owned by the organisation, it’s no surprise a financial institution with a poor culture of compliance may face regulatory fines.
Having a strong compliance culture means that each individual is dedicated to ensuring that they’re not only keeping compliant in their tasks, but actively looking for ways to improve the compliance process. This type of culture is proactive in detecting compliance problems, minimising risk, and setting the tone from the top.
Evolving threat landscape
Digitisation and COVID-19 have brought with it greater and evolving risks in cyber-crime, fraud, and money laundering. Transnational criminal gangs and corrupt Politically Exposed Persons (PEPs) are finding new ways of disguising illegal gains as legitimate, and criminals continue to hide behind a veil of corporate secrecy in offshore tax havens and exploit loopholes in corporate tax law — all of which could put your organisation at risk.
Currently there is no global standard in corporate KYC despite the evolving threat landscape, which means that criminals remain one step ahead of banks and law enforcement agencies in a cat and mouse game. However, regulated firms shouldn’t just give up, and can educate themselves about criminal tactics and approaches, and continue to do their due diligence on each customer.
Avoiding Fines in 2022
Compliance investigations are becoming more complex and time-consuming, and regulators will continue to dish out hefty fines for breaching AML and sanctions law, as long as banks and regulated firms continue to fail in KYC compliance. As seen above, inadequate KYC and CDD, relying on outdated documentation or missing information, relying on aging KYC and AML systems, and a poor culture of compliance can put your organisation at risk. Regulators will continue to fine companies that flout AML regulations — so ensure that you stay off their radar in 2022.