9th July 2020
Digital Banking AML Regulatory Compliance
AML Regulatory Compliance
As banks and other financial institutions embrace advances in financial technology, the digital banking sector has grown dramatically. That growth trend has been reinforced by the coronavirus crisis, which saw a 200% increase in mobile banking registrations in April 2020. Unfortunately, as digital banking services become more sophisticated, so do the criminal methodologies associated with them.
In a changing financial sector, firms must prioritize compliance for their digital banking services to ensure that they are able to detect and prevent money laundering activities and continue to deliver regulatory compliance.
Digital banking service providers face both conventional money laundering risks and those that have emerged as a result of fintech advances. Those emergent risks may derive from new methodologies, such as phishing emails or malicious software applications, or exploit relatively unregulated technology, such as virtual currencies, to launder money within the digital financial system. Digital banking services are popular with money launderers because of the relative anonymity they offer and the lack of fintech regulation in territories around the world.
Global financial authorities are reacting to those threats, and the gap in regulation, by introducing legislation with a specific focus on digital banking services. In the United States, for example, the Financial Crimes Enforcement Network (FinCEN) has issued guidance for firms dealing with virtual currencies, while the EU’s Fifth Anti-Money Laundering Directive (5AMLD) sets out a range of AML measures for cryptocurrency service providers. Similarly, the Financial Action Task Force (FATF) has also released its own guidance on digital identification within AML/CFT frameworks.
Banks and financial institutions must ensure that they provide digital services in compliance with the AML/CFT regulations applicable within their jurisdiction. Under FATF policy, most financial services firms must take a risk-based approach to AML, implementing an internal compliance program featuring:
- Customer due diligence (CDD) measures in order to accurately verify the identities of their digital banking customers or the beneficial ownership of customer firms. Under the risk-based approach, customers that present a higher risk of money laundering should be subject to enhanced due diligence (EDD) measures.
- Monitoring measures in order to detect suspicious customer activity during digital banking transactions. This might include unusual transaction patterns, transactions above a reporting threshold or transactions with high-risk countries.
- Screening and monitoring for politically exposed persons (PEPs), international sanctions lists and customer involvement in adverse media stories.
Some jurisdictions require financial institutions to obtain licenses for certain digital services, such as cryptocurrency trading or the provision of digital wallets. FATF policy also requires firms to implement a training schedule for compliance employees and appoint a compliance officer to oversee the AML program. Since compliance officers must have the expertise and authority to carry out their role effectively, their skillset should reflect the demands of a digital banking environment.
To manage their new AML risks, digital banking service providers must take new approaches to regulatory compliance. In practice, this means that firms should change the ways in which they collect and analyze customer data in a digital landscape, from performing CDD, transaction monitoring and screening to submitting suspicious activity reports (SARs) to the authorities. Potentially effective components of a digital AML solution include:
Digital identification: Digital ID systems include biometric technology like fingerprint and face scanners or the secure online storage of similar identifying information. Combined with the connectivity and ubiquity of internet-enabled smart devices, both customers and banks may use those systems to interact with digital banking services and so build digital identity profiles. Digital identities can facilitate more accurate, efficient and reliable CDD and monitoring measures at onboarding and throughout the business relationship.
Artificial intelligence: AI technology offers a variety of opportunities for firms to streamline their AML/CFT responses, helping them to prioritize data collection and analysis during CDD and transaction monitoring or to quickly recognize high- and low-risk customers. AI also has the potential to add value to the reporting process by learning the characteristics of false-positive suspicious activity alerts and, subsequently, reducing the amount of time and resources spent remediating them.
Cloud computing: When performing CDD and other screening and monitoring processes related to digital banking services, AML teams need to quickly and securely access disparate data sources and interact with a potentially large number of storage systems. Cloud computing offers a way for firms to centralize that data and move away from the more traditional siloed approach, which can introduce inefficiencies and errors to the AML/CFT process.
Blockchain: As cryptocurrency usage becomes more widespread, blockchain technology may allow firms to address specific money laundering risks associated with digital banking. A public distribution ledger, blockchain allows firms to record and independently verify transactions: the technology could be used to store and encrypt customers’ identifying information as a secure “block” of information, which could then be referenced when they engage in subsequent transactions and business relationships. Use of blockchain technology within AML frameworks would help to address the anonymity challenges associated with cryptocurrency and digital banking.