Outsourcing: helping banks with regulatory compliance
It is the "oxygen to crime, terrorism and tax-avoidance", according to Frans Timmermans, first vice-president of the EU. Every year, laundered money accounts for 2-5% of global gross domestic product, or roughly $1-2 trillion.
The fourth anti-money laundering (AML) directive, which came into force across the continent on 26 June this year, represents a major attempt at ending this scourge. The new rules will strengthen existing laws and provide extra tools to those fighting against money laundering and terrorism financing in Europe.
Few begrudge this. The information revealed by the Panama Papers and, more recently, the Paradise Papers, has created huge public support for efforts to crack down on money laundering. For banks, however, the challenge of implementing and complying with new laws should not be underestimated.
"With the rapidly changing pace of regulation, banks, of which there are currently over 7,500 in Europe alone, face an increasing challenge trying to keep up," says Dan Sjöholm, CEO at the Swedish company Trapets, a leading provider of know your customer (KYC) and market/trading-surveillance and compliance systems.
Among the numerous changes brought in by the latest EU directive is an expanded definition of a politically exposed person, a new emphasis on ultimate beneficial ownership and enhanced customer due diligence, and a cash payment threshold lowered to €10,000.
"It is very resource consuming," says Sjöholm. "Banks need to understand how to apply the regulatory requirements regarding AML, KYC and counter-terrorism financing to their own specific type of business, and think about the extent to which they should be applied. At the same time, current technology is often substandard and fails to meet a manageable false positive level."
Despite these challenges, over the past few years Sjöholm has been impressed by what he has seen when it comes to banks preparing for and applying AML rules.
"I think that banks, in general, have become very aware of their responsibilities in fighting economic crimes," he says. "In most cases, I think the banks are adapting very well to new demands regarding AML and counter-terrorism financing."
But there are exceptions, Sjöholm adds. Some banks remain non-compliant across their entire business, he says, while others have areas within the bank that either don't comply or are only partly covered by the relevant measures.
This is bad for two reasons. First, it fails to take seriously the rules designed to make it harder for terrorist groups and criminal networks to hide and move money around Europe. Second, it opens banks up to serious punishment from regulators.
"One of the main concerns for banks and other financial institutions is the huge penalties that can be incurred for failing to comply with the current and upcoming regulations," says Sjöholm.
The power of outsourcing
So how can banks be in a better position to implement the new rules and stay ahead of the regulatory agenda? While they often prefer to keep compliance and regulation activities in-house, for Sjöholm, the key is choosing an external partner that has the right skills and expertise.
"It is almost impossible for banks and firms within the financial sector to have all the expert knowledge and experience in-house," he says. "The world is changing at an increasing pace, and the patterns of money laundering and terrorist financing are continually shifting. If banks want to keep up to date with these trends, they need to develop closer cooperation with the fintech and regtech community, and with other banks. Especially from an economical point of view, it is necessary to involve external suppliers."
For vendors, the key task, according to Sjöholm, is designing a system that fits the needs of different banks. While implementing an alert system for transactions that deviate from normal behaviour might sound simple, defining what counts as normal and how it should be measured is a challenging job.
"What is considered normal differs greatly between banks," says Sjöholm. "If you only consider static thresholds or averages, you will end up with a lot of false positives. Since Trapets has a lot of different clients, we know a lot about how different banks are performing their AML/ counter-terrorist financing tasks for a variety of products and segments, as well as the scenarios and thresholds they use."
Trapets, which has been expanding internationally over the past three to four years, offers clients a product platform called InstantWatch, which has AML and KYC functions.
InstantWatch KYC is a screening service that allows customers to check information against sanctions and politically exposed persons lists, while InstantWatch AML is a surveillance tool that covers areas ranging from automatic risk calculation and behaviour monitoring to transaction analysis, and alert and case handling.
"The fact that InstantWatch can run AML and market surveillance in the same system gives banks a much better, more holistic view of their client's activities," says Sjöholm. "We are also constantly developing new alert triggers and scenarios that can follow trends, new regulations and new requirements that our customers demand. One example is extending the system with specific alert scenarios for factoring. We already cover this area to some extent, but everything can be improved. We are also going to extend our offerings in the KYC area in the near future."
While InstantWatch is a central part of Trapets' service, Sjöholm is keen to point out that the company is not just a software provider. With years of experience and deep knowledge of the AML, KYC and counter-terrorist financing fields, it also offers a number of education and risk-assessment services as well as a fully outsourced trading surveillance product.
"Our outsourced trading surveillance (OTS) is the most unique thing we offer," Sjöholm says. "A team of experts within Trapets perform the operational surveillance tasks on behalf of the client, including detection, investigation, and documentation and reporting of suspicious transactions and orders. A surveillance system is in general quite complex, so a big challenge is to create a system that is easy to use but that can still do all of the tasks a surveillance system should do. We believe that we have been very successful in this regard."
This kind of outsourcing is set to become an increasingly compelling proposition for financial services organisations in the coming years, Sjöholm adds.
"Banks will outsource more and more," he says. "They will use a standard systems approach incorporating hosted systems that are much easier to keep updated and use than in-house developed systems."
The pace of regulation is unlikely to slow down either. A recent report by the European Commission identified a string of products and services that remain vulnerable to terrorist money laundering, including virtual currencies, real estate, online gambling, crowdfunding platforms and non-profit organisations.
Talks over a fifth directive, which will involve several amendments to the fourth AML directive, are already at an advanced stage. The amendments were first published in July 2016 following a wave of terrorist attacks in Europe. As the legal landscape changes, Sjöholm says Trapets will be there to guide and assist the banking and financial services community.
"Our clients will continue to face regulatory burden in the future," he says. "Using effective software, and choosing the right partner and systems to help them do their job in a cost-effective way will become even more important. Those vendors that are not agile enough to follow new developments, and who do not give enough attention to the requirements different customers have, will have a hard time ahead."