Five Learnings from the AMLP 19th Annual UK Forum

Note: Many thanks go to Alexis F. for slimming down by 1800 words to ~800!

The AMLP’s 19th Annual UK AML & Financial Crime Seminar brought together experts from government agencies, financial institutions, and the private sector to discuss the current status of anti-money laundering (AML) and financial crime prevention. There were five key areas that I’ve reflected on since the event and thought worth sharing for those who couldn’t attend.

1: Financial crime challenges of 2023

Sanctions compliance continues to dominate the agendas of compliance teams and is a board level discussion. Monitoring changes in sanctions risk, particularly understanding the nuances of ownership and control demands more and more as sanctions complexity increases. List screening isn’t difficult, but all to often firms are still getting wrong whether that’s being able to go beyond the lists as necessary or in some cases not getting the calibration of tools right and so missing risk due to unnecessary workload created by erring too far on the side of caution. Sectoral (aka “activity based”) sanctions were also cited as a challenge for and the expectations of senior speakers on the various panels was that the complexity and volume in this area will only increase.

Second only to Sanctions risk was the topic of fraud, which attracted discussion throughout the day. Although the UK has become a lot more effective at preventing “unauthorized” fraud through systems, controls, and education, fraudsters have chosen to pursue “authorized” push-payment fraud. The best estimate was that fraud currently costs the UK economy ￡4.3B per annum.

2: Home Office priorities

The Home Office plans to increase efforts to fight financial crime with a Fraud Strategy 2.0 to be published in May 2023. Its focus will be on asset recovery and avoiding state capture and corruption.It also plans to roll out a new Suspicious Activity Reporting (SAR) portal and called on the audience for more early adopters to join those that have already transitioned to it.

Additionally, the UK’s Economic Crime Plan 2 intended to deliver “…real-world outcomes to cut crime, protect our national security, and support the UK's legitimate economic growth and competitiveness”, will include ￡400 million in new funding and with more than 200 skilled investigators being recruited and resourced with the the technology to proactively catch more of the bad actors.

3: FCA business plan 2023/24

The FCA is, of course, always focused on financial crime prevention, but it also prioritizes innovation and increasing market confidence. As part of its ongoing plans for 2023/24, the FCA will continue using synthetic data to “validate and test products” of obliged entities. This is to ensure effectiveness of screening processes for KYC and onboarding programs, without putting the brakes on innovation and go-to-market plans.

The FCA talked to the need for obliged entities to continuously be testing their controls in regardless of any supervisory event and pointed out that having calibration of systems such as screening be too loose and burying compliance teams in false positives was just as bad as missing risk due to overly strict filters. Firms must show a risk based approach and understanding of the tools they use to support their programs.

4: Companies House turns Gatekeeper

There are new powers coming to Companies House (CH), which promises to make a significant difference as it expands its role beyond mere facilitation of company incorporation and takes is empowered to take the responsibilities as the gatekeeper to business setup in the UK.

The biggest change discussed was the introduction of introducing identity verification to entity creation and registration activity and a much stricter framework for formation agents to follow in order to create entities for their customers.

CH is also developing a more sophisticated risk assessment process to help it detect and prevent fraudulent activity and bring more criminal and civil enforcement action to help punish and deter misuse.

5: Risk-based approach to customer due diligence and perpetual KYC

The risk-based approach is fundamental to everything the AML community does, but it was argued that you cannot have a risk-based approach without introducing perpetual KYC. ?Being across the changes in risk as they happen must feed into firms RBA and this is technically possible & operationally possible. The question is – is it politically possible at the C-suite and board level of obliged entities?

For those already working with pKYC or on the journey the use of more and better data signals to pinpoint truly high risk third parties was key. Also, the ability to right-size what pKYC was needed according to the type of customer based (e.g. mass market retail vs. high complexity corporate banking). Ultimately it was argued that pKYC done well can reposition the compliance team as a growth enabler for business, but it will take a lot of commitment from all AML stakeholders to drive that change across their firms.

Conclusion

Sanctions is still where many AML conversations head, but in addition the AMLP event put the spotlight on fraud, and it seems the idea of combining fraud, AML, and sanctions teams has momentum.

However, there remains a focus on getting the basics right e.g., clean data, ownership, control, and a risk-based-approach to AML using the right signals and ideally perpetually monitoring for them.

More legislations, enforcement powers and enforcement action is coming, but the private sector is encouraged to keep driving improvement beyond supervisory events and regulatory pressure.