How to manage AML supply chain risk in 2023

In our 2022 survey of global compliance professionals, 45 percent of financial institutions said supply chain risk is the area their organization is most focused on improving. Much of this concern is likely driven by the intersection of complex supply chains with a volatile economic environment. The instability this has caused – for example, through the need for firms to seek new suppliers at short notice due to the scarcity of certain goods – poses clear money laundering risks. With regulators sharpening their focus on operational resilience, what steps can financial compliance professionals take to build comprehensive anti-money laundering processes into their supply chains? 

Three steps to supply chain risk management 

Iain Armstrong, Global Regulatory Affairs Practice Lead at ComplyAdvantage, shared three key risk management insights in light of the evolving supply chain landscape.

1. Comprehensive due diligence

As international sanctions continue to develop, the risk of violations is high. Even early on, Russian sanctions hit the global supply chain hard, and the program’s global effects will continue as enforcement becomes more stringent. 

However, Armstrong argues that tensions with Russia are the tip of the iceberg. “With tensions still high with China – a much bigger part of global supply chains than Russia – firms will need to consider a blanket approach to enhanced due diligence for relationships with even a tangential nexus to those jurisdictions.” With sanctions evaders taking ever more creative steps to try and stay ahead of regulators, firms should take a structured and comprehensive view of their supply chain risks.

Enhanced due diligence (EDD) processes can help firms to achieve this. Therefore, firms seeking to establish a robust supply chain EDD framework should integrate it into a comprehensive, risk-based due diligence program. Requirements may include:

• Supply chain risk assessment – Ensure risk assessments and risk appetite evaluations are up-to-date. Assessments should consider evolving customer relationships, important new sectors or activities, and particular risks they may pose.

• Ultimate beneficial ownership (UBO) – High-risk individuals associated with a business account can indicate a need for EDD. Processes must be able to efficiently identify UBOs and key decision-makers.

• Adverse media – A prospect’s association with sanctions, negative news, and other adverse media can trigger additional due diligence. Screening suppliers and third parties against this data can also alert firms to modern slavery risks such as human trafficking. For accuracy, sync screening processes with live negative news data.

• Up-to-date sanctions data – Coordinate know your business (KYB) processes with live sanctions information. Even a proximate association with sanctioned activity, entities, or locations may call for EDD.

• Identifying at-risk customers – Supply chain customers associated with high-risk locations and activity – even tangentially – may require enhanced due diligence. 

2. Sharpened focus on know your business

A robust approach to supply chain EDD involves an enhanced focus on know your business (KYB). Firms must pay special attention to at-risk business partners – including how they relate to the whole chain. A business partner appearing to be low-risk in isolation may have ties to risky entities. 

In December 2022, for example, the Biden administration announced plans to blacklist Yangtze Memory Technologies (YMTC) and 30 other Chinese technology companies after months of pressure from lawmakers. The US also seeks to enter an accord with the Netherlands and Japan, preventing companies under all three jurisdictions from exporting chipmaking supplies to China.

“To refer again to the significance of KYB,” Armstrong notes, “firms with corporate customers will need to pay attention to any potential ties those customers may have to supply chains involving the fabrication of semiconductors, silicon wafers, and related technologies.” In our compliance survey, 34 percent of respondents said they planned to replace or upgrade their KYB solutions in 2023. And in 2021, Fatpos Global projected a market increase in electronic KYB from around $150 million in 2020 to over $533 million by 2030. 

To strengthen KYB processes, firms should evaluate whether existing CDD procedures include tailored processes for business customers. Key considerations may include:

• Business-specific supply chain risks will depend on up-to-date risk assessments that recognize key differences between individual and business entity risks.
• Compliance vendor risks – Even vendors offering compliance and KYB solutions should be thoroughly vetted. Though they help firms mitigate supply chain risk, they are also supply chain members and should be screened accordingly. 

3. Robust process resilience

“In addition to understanding the current nature of supply chains,” Armstrong concludes, “firms also need to assess the potential impact of sudden changes and ensure they have as much resilience built into their processes as possible.” Indeed, disruptions can generate ripple effects across multiple industries in sectors where the supply chain is complex. These effects come from economic pressures, rising financial crime trends, and evolving regulatory requirements.

To support supply chain resilience in a rapidly changing ecosystem, firms should establish transparent collaboration with customers. In light of disruptions exacerbated by the pandemic, there has been an international push for collaboration and transparency in the supply chain. When countries and suppliers collaborate internationally, sharing critical data on possible risks and disruptions, greater resilience is built into supply chains, making upheavals and adjustments less disruptive for everyone. Collaborative data can also boost effective supply chain AML/CFT risk management.

Using technology to mitigate supply chain risk

Firms seeking to improve their supply chain risk management must balance this with natural business constraints. For example, the need to make KYB more risk-effective stands in tension with the need to streamline onboarding for legitimate customers. But a rise in tailored vendor offerings powered by next-generation tech can help address many of these pressing industry problems. 

How might firms leverage this technology to enhance their solutions? Technologies such as artificial intelligence, biometrics, and REST APIs allow businesses to streamline and integrate risk management services. APIs, in particular, enable firms to layer approaches like ID verification, digital forensics, behavioral analytics, and identity clustering to ensure powerful, specific risk management. New and evolving technologies such as those offered by machine learning, through an ability to ingest and manipulate a greater volume of data in more sophisticated ways, are rapidly changing the ability to detect trade-based money laundering.

Known as orchestration, this multifaceted approach allows firms to target bad actors more effectively while making processes smoother for legitimate customers. These high-tech solutions’ flexibility and scalability also allow for greater agility, supporting more resilient supply chain relationships. Partnered with newer, more affordable, and robust solutions, firms are in a position to tackle supply chain risks more efficiently.