As we discussed in our previous blog, automating AML controls is the only way to properly combat money laundering risks and ensure firms can meet their regulatory responsibilities. But undertaking that digital transformation – to get firms from where they are (often reliant on fragmented technologies and complex manual steps) to where they need to be (working off integrated systems and automated processes) – is no easy feat.
Digital transformation best practices
Moving from a manual to a digital, automated AML environment takes change in four key areas.
1) Process
A successful digital transformation requires firms to assess and often redefine their AML processes to fit with an automated workflow. Maintaining the legacy workflows that had been used to complete tasks manually won’t work. The goal should be to eliminate manual steps and move to a self-service model for activities such as investor onboarding and trade placement.
Adapting your ongoing client due diligence processes is similarly vital. Manually checking for any changes in name, address, updates to bank details, etc. is time consuming and risks oversights and mistakes. Software can automatically flag any change in circumstance or suspicious transactions when they happen and prompt a review of the account. Freeing staff from laborious manual processes also allows firms to redirect their resources to more value-adding compliance activities.
To be effective, automated processes must be scalable and easily customisable to keep pace with regulatory changes. A configurable set-up that allows system administrators/users to tune rules on the fly allows firms to stay abreast of AML/KYC developments without requiring constant vendor involvement.
2) Technology
The coronavirus pandemic has accelerated digital transformation across the industry, heightening demand for device-agnostic, web-based software. Moving from on-premise to cloud-based AML solutions is often cheaper, and introduces greater working flexibility and resilience by giving staff access to the applications they need anywhere and at any time.
People working from home and using their own devices creates a technology risk though. Organisations worry about a lack of oversight and potential exposure of sensitive data. Firms will need controls to mitigate such risks.
Digital transformation projects also bring build-versus-buy technology questions to the forefront. In-house systems offer the prospect of greater control and bespoke development. But they often eat up huge resources and suffer from delays.
Vendor systems tend to be quicker and easier to implement, and deliver built-in scalability. Plus dedicated AML vendors have extensive experience of the regulatory environment and will likely employ best-in-class technology.
3) Data
Where data is housed is key to effective anti-money laundering.
Data warehousing is institutions’ holy grail. Investor-related data is often siloed across multiple systems, and may be formatted and stored in different ways across different divisions and jurisdictions. That risks errors, process bottlenecks, and a lack of investor and beneficial owner transparency.
The goal is a central repository of golden source data that can feed consistent information to all parts of the business. Applications sit on top, and query and call the cleansed data they need on demand.
Moving databases into the cloud can help, allowing for a centralised data store with unlimited scalability that can be accessed from anywhere. But location remains a consideration.
Luxembourg laws, for instance, require client data to be held in the country. A private cloud – with the server based in that jurisdiction to house the relevant data – offers one solution.
Another is to employ a hybrid model, where the database is kept in a physical server on site, with the application layer deployed in a public or private cloud. Applications can then retrieve the data and display it to the user without storing it.
4) Culture
AML-related activities once conducted face-to-face, such as account opening, are moving online. Creating the digital infrastructure to support this shift demands buy-in from key stakeholders across the enterprise. Yet organisations are often slow to change, and some parties may be resistant to the transformations needed. Managing these stakeholders and bringing them along is key.
Keeping system implementations agile is similarly vital. Business demands, workflow requirements and regulatory rules may all diverge from the initial project scope. An iterative development approach enables firms to use data and feedback from user pilots to guide the next steps and reach achievable goals. Software that gives users the flexibility to make changes on the fly can also help firms’ meet their evolving AML and KYC responsibilities.
The time has come
Automated AML capabilities have become a must-have. With money laundering schemes becoming ever more sophisticated and regulatory actions stepping up a gear, firms can no longer rely on fragmented, outdated tools. Getting from haphazard manual processes to a robust, automated environment may be a challenge. But it has never been more important.
ABOUT DEEP POOL
At Deep Pool, we are dedicated to helping clients maximise their success. Deep Pool provides the industry-leading compliance software and deep consulting expertise financial institutions need to automate their end-to-end AML/KYC and FATCA/CRS reporting processes. Our team combines compliance experts, business analysts and software engineers to create a unique blend of industry know-how and experience, producing efficiencies, scalability and client servicing benefits that transform users’ businesses.
KURE, our flexible AML/KYC and FATCA/CRS reporting solution suite, supports all types of regulated financial firms, including banks, asset managers and service providers. Deep Pool is headquartered in Dublin, Ireland, with offices in the United States, the Cayman Islands and Slovakia. For more information, visit: www.deep-pool.com.