Balancing technology and talent
Along with technology, talent is the other major consideration for organizations formulating an AML strategy. While there are more people moving into the field, the demand for risk and compliance specialists in Asia continues to outstrip supply.
In many countries, executives involved in AML and KYC reporting can be held accountable if regulators conclude that they have failed in their duty to flag suspicious activity, opening the door to possible job loss, personal fines or even prison terms. The fact that the role may come with some risk of personal liability naturally deters many talented executives from seeking a long-term or senior career in the field.
Regulators and law enforcement authorities need to be conscious of this reality as they task financial institutions with expanding their AML resources. Setting a relatively high bar for personal liability, and effectively distinguishing institutional and individual responsibility in AML violation cases, should provide some encouragement to future generations of compliance professionals.
Despite tightened regulations, humans are fallible. There is always a risk of individuals within financial institutions being compromised, or even bribed to act on behalf of dubious customers.
This is another reason why technology must form the backbone of any AML program. Firms need to ensure that they have automated systems in place that consistently identify suspicious and high value transactions according to defined standards, and not only report them through to compliance management, but require signoffs from senior operational personnel. While personnel have a vital role to play, only fully automated systems and processes can guarantee stable and proper oversight. So a mix of human and technological oversight, with a degree of flexibility to respond to institutional and regulatory change, is key.
As for AML training, institutions will have to develop a tailored training regimen based upon the type of risks incurred in the course of its operations, taking into account the regulatory context of the markets in which it operates, and incorporating the processes and procedures it has already established.
Training should also not stop with the compliance department. KYC must be seen as an institution-wide responsibility, and employees throughout the firm should have an understanding of AML policies and be on high alert for potential violations.
In addition, the approach to AML should extend beyond the organization to encompass consistent engagement with regulators. Institutions that open the door to regular dialogue with authorities are more likely to be attuned to any changes in the regulatory regime and to be seen as committed to a culture of compliance.
It is safe to say that regulatory engagement reduces the risk of sanctions, and worth noting that some regional regulators are making an effort to build bridges with the private sector to provide 'safe zones' for industry experimentation. In Singapore, for example, the MAS has issued proposed guidelines on a 'regulatory sandbox' that will enable companies to test 'solutions in a more relaxed governance environment.
Sign up for CIO Asia eNewsletters.