Unseen Barriers Hindering Critical AML Implementation in UK Financial Services

AML is making the headlines for all the wrong reasons

In December 2022, the Financial Conduct Authority fined Santander UK plc £107.8 million[i]for several shortcomings and failures in its internal anti-money laundering (AML) processes over a historic period. However, it was the latest fine for such a breach, capping a remarkable year in which 25 entities active in financial services were fined a staggering combined total of £214.25 million.

Research published by Refinitiv in 2020[ii] revealed that 97 percent of over 3,000 respondents believed technology could significantly prevent financial crime. The report also highlighted a rising trend in allocating resources to people, automation, and software, among other things, to enhance AML processes and proactively tackle financial crime.

Despite estimated global spending on AML software and technology, including artificial intelligence (AI) and machine learning (ML), as well as people, reaching $1.9 billion globally in 2021, the number of entities in financial services being fined for AML process failures is at its highest in five years. Is there something holding them back from making AML critical within their organisation?

Why do firms find AML and AFC so difficult to get right?

The importance of AML and anti-financial crime (AFC) cannot be overstated, especially its impact on the top and bottom lines. According to the Financial Times, financial crime fines surged 50 per cent in 2022[iii]. The eye-watering penalties handed out by regulator(s), even when no wrongdoing was found, and the only issue was a lack of adherence to organisations’ internal controls, have caught the headlines and focused the attention of senior management. This underscores the urgency and significance of the issue. So, why do banks find AML and AFC so difficult to get right?

Their dynamic nature compounds the challenge of AML and AFC compliance. These are not static, singular targets; instead, they encompass multiple facets that collectively form the compliance objectives set by regulators. These facets are influenced by a multitude of external and internal factors, making the task of compliance even more daunting. This complexity underscores the need for a comprehensive approach to combating financial crime.

Let us examine external and internal obstacles or challenges to understand why firms struggle to improve their AML practices despite spending vast amounts of money.

External challenges

Perpetrators of financial crime remain the most critical external factor. They are becoming ever-more sophisticated in their efforts to launder money and are increasingly operating across borders. At a high level, two broad categories of factors impact financial services firms, which are also potentially interlinked: regulatory and geopolitical.

Local and global regulatory changes

A critical external factor is the ever-changing regulatory landscape that banks need to navigate. For example:

• Recently, regulators have increased the number of predicate crimes which fall under the scope of AML
• The facilitation of money laundering has been brought into the scope of AML
• The cash transactions threshold has been harmonised across the EU
• The European Union-wide AML Authority (AMLA) has been established and will come into full effect by 2026, aiming to harmonise AML practices across the EU
• Regulators are also increasingly cooperating and co-ordinating, globally, with each other in their supervisory role, thus increasing the burden on banks

Geopolitical

Brexit allowed the UK more freedom in regulating its banks. The UK wants to reduce some regulations introduced following the 2008 crash. This, in theory, would make the UK a more attractive location for banks to do business and help London maintain its status as the leading global financial centre. However, Brexit's uncertainties have also led to rapidly relocating some staff and operations from the UK to the continent.

Brexit aside, the current geopolitical landscape, particularly the war in Ukraine, is impacting almost every aspect of society, including financial services. This is not just in terms of rapidly changing sanctions; for some banks, this has meant the rapid relocation of staff and operations from Russia.

These external factors project onto financial services and add to the internal challenges firms must grapple with and address to improve their AML practices.

Internal factors

Generally speaking, external factors are relatively better known and understood. However, some internal factors tend to be less well known, as they can only be observed from within the organisation, making them more challenging to address.

Horizon scanning

Banks need appropriately trained and experienced staff to identify and interpret what up-and-coming legislation, regulations and guidance apply to their lines of business and, ultimately, the data required to meet it.

However, banks find it challenging to identify and ring-fence the appropriate resources. An option is to bring in external consultants. Some would argue that they may lack specific client insights, but this is outweighed by the experience and objectivity they bring, especially if they work closely with internal staff.

Data quality, controls and documentation

Banks often find it challenging to demonstrate that they have all the pertinent documentation in place demonstrating the end-to-end data quality and controls around the data required for AFC processes. The level and consistency of documentation and controls can often vary for several reasons, including lack of resources, availability of time, clarity of end-to-end ownership, prioritisation of tasks (as there are often competing demands and limited resources), etc. Whilst there may be a myriad of challenges/issues, the net overall effect is often very similar; they include:

• Lack of clarity on the Golden Source(s) required for AFC detection purposes;
• Poorly documented (detailed) end-to-end data flow from the Golden Source to the target AFC systems;
• Lack of clarity/demonstrability on end-to-end data completeness and quality across the entire data flow, including controls.

Culture is difficult to define but can play a pivotal role in minimising AML/AFC risk.

In 2018, Dutch bank ING Group NV agreed to settle a fine of US$900 million for failures in its AML and AFC processes[iv]. There wasn’t a single point of failure or a particular group or an individual within the bank that was at fault; instead, the failure stemmed from the bank’s culture. It is alleged that, years prior, ING had determined that settling a fine, potentially of up to €100 million, from the Dutch regulator would be cheaper than properly implementing and following AML and AFC processes.

In Santander’s case earlier, the FCA Final Notice highlighted shortcomings in how management approached the issues of AML and AFC. Again, this didn’t boil down to any failures by a single individual but, instead, how the bank operated, i.e., because of its culture. 

The very intangible nature of culture makes it difficult to define. However, some of the things it includes are the values, beliefs and practices that shape the atmosphere and behaviour within an organisation. It also consists of the company’s mission, vision, goals, and employees' everyday interactions and decision-making processes. A positive culture fosters a sense of community and commitment among employees towards a common goal and can lead to increased productivity and job satisfaction. On the other hand, a negative culture can lead to high turnover, low morale, and poor performance.

The very nature of culture makes it tricky to address. Culturally, middle management within the businesses places limited importance on AML and AFC. This manifests in several ways:

• Often, there is a reluctance by middle management within a bank to identify and capture issues because the timely resolution of such operational issues, especially AFC-related ones, is linked to their compensation.
• A compliance culture necessitates values such as integrity, which are enabled and reinforced through supporting processes such as reward, performance management, and recognition.
• In some cases, middle management can influence or change incumbent processes followed by the bank to identify, track, triage, resolve and identify the root cause of the issue. The underlying implicit aim is that the issues are not captured in the existing issue resolution process, which could lead to bonuses being impacted and instead addressed on a best endeavours basis.
• At times, some middle management will refer to tactics, perceived by some as bullying, to persuade more junior staff members not to raise issues using the official process and instead aim to address the problem on a “best endeavours” basis outside the existing investigation and remediation process.
• There can be occasions when some middle management refuses to accept an issue which should be investigated using existing processes and will try to bully more junior staff members into not raising the issue.

The above are just a few examples of how middle management tries to circumnavigate existing issue investigation and remediation processes. The underlying driver for this behaviour is the compensation and bonus structure that often exists in some banks, which can deter middle management from confronting the issues head-on. It then falls upon senior management to intervene and be seen to be intervening to address the problem.

Conclusions and recommendations

AML and AFC are challenging objectives at the best of times. External factors such as the ever-changing regulatory landscape, geopolitical tension, etc., are tangible and, therefore, easier to address. However, internal obstacles, especially culture, make AML and AFC challenging and even daunting, especially when considered in concert. The value of independent and objective review is undeniable, yet many middle managers will appear apprehensive about such a proposition. Some key steps include:

1. To identify any potential weaknesses or areas for improvement with objective measurement. This can be useful for implementing necessary changes to improve the AFC processes' efficiency, accuracy and effectiveness. The measurement is critical to demonstrate the level of improvement achieved and what remains to be completed;
2. An independent review can provide an unbiased assessment of the processes and their maturity, which can help to increase the credibility and trust in the results. Ideally, it should be done at pace and followed by a similar review to measure the level of achievement;
3. The review process should not only measure the current state of processes but also indicate what the regulator expects in terms of a target and what is expected to achieve that target level of maturity.

 

Sources

• Netherlands Public Prosecution Service, “ING pays 775 million due to serious shortcomings in money laundering prevention”, https://www.prosecutionservice.nl/latest/news/2018/09/04/ing-pays-775-million-due-to-serious-shortcomings-in-money-laundering-prevention
• Good, A, “What can we learn from ING’s €3 million AML fine in France?”, Finextra, 26 April 2021, https://www.finextra.com/blogposting/20215/what-can-we-learn-from-ings-3-million-aml-fine-in-france.
• ABN-AMRO, “ABN AMRO accepted settlement offer in the anti-money laundering investigation in the Netherlands”, 19 April 2021, https://www.abnamro.com/en/news/abn-amro-accepted-settlement.