Technical Compliance Vs. Effective Compliance

Financial institutions have traditionally been evaluated by supervisory bodies based on the technical compliance of their anti-money laundering (AML) and counter-terrorist financing (CTF) programmes. Increasingly, it is being suggested that a shift is necessary to allow for an equal focus on overall effectiveness – a topic most recently highlighted in the Wolfsberg Group’s Statement on Effectiveness.

By way of context, the Wolfsberg Group is an association of 13 global banks whose aims are to establish and develop frameworks and guidance for the management of financial crime risks. The Group came together in 2000, at the UBS Training Centre based at Château Wolfsberg in north-eastern Switzerland, in the company of representatives from Transparency International. Their intention was to work on drafting AML guidelines, initially for private banking but this later expanded into more mainstream areas of banking as well.

As a consequence, it is not unreasonable for the Wolfsberg Group to be considered amongst the most relevant of bodies to provide guidance in tackling financial crime; similarly it can be expected that they will provide this guidance in a timely and regular manner. Their most recently issued statement, which was the output of a working group, was published in late 2019, driven in no small part by the need to reaffirm that the approach highlighted was one that financial institutions (FIs) should be taking. It is fair to say that adequate time has now elapsed for banks to start to implement some of the guidance and look at improving their policies and procedures.

What does the statement say?

The statement builds on a position introduced by the Financial Action Task Force (FATF) in 2013, making the determination that reasonable legal frameworks alone were no longer sufficient for financial crime prevention. As such, focusing solely on ‘technical compliance’ with the 40 FATF Recommendations was no longer adequate, if indeed it was ever considered ‘adequate’ previously. Instead, an evaluation would be made of the overall ‘effectiveness’ of the AML/CTF regime based on evidence that the outcomes were being achieved.

There was, and possibly to some extent still is, a culture of ‘box ticking’ which the changes were designed to remove and a new focus placed on the desired result i.e. a reduction in the proceeds of financial crime finding their way in to the financial system.

The statement goes on to recommend that “Jurisdictions should adopt the FATF’s focus on effective outcomes and therefore, that an FI’s AML/CTF programme should have three key elements:

  1. Comply with AML/CTF laws and regulations
  2. Provide highly useful information to relevant government agencies in defined priority areas
  3. Establish a reasonable and risk-based set of controls to mitigate the risks of an FI being used to facilitate illicit activity”

It is important to point out that FATF Mutual Evaluations are carried out at a jurisdictional level whereas financial institutions within those jurisdictions face scrutiny from their national regulator(s). As a consequence, it was an event driven change which was designed to improve the AML policies and procedures of banks, albeit indirectly. Clever.

The excuse of “But we’ve always done it like this” certainly can no longer be used unless a FI can be 100% certain that they have never been, and will never be, used to launder money.  At present, a significant amount of time and resource is wasted on actions that do not fulfill any of the above criteria. Not so clever.

The statement talks about a risk-based evaluation which should produce information that is of practical use to government agencies, specifically law enforcement, and a move away from practices that serve no legal or regulatory purpose. This should facilitate resources being employed more efficiently in areas that have increased value from a financial crime risk management perspective and are focused on defined AML/CTF priorities. This sentiment is very much echoed in the guidance provided by the Joint Money Laundering Steering Group (JMLSG) which will be familiar to most, if not all, employed in know your customer (KYC) circles – that all KYC programmes should be cost effective i.e. placing a focus and adequate resource upon the more elevated financial crime risks.

A positive force for change

Is it reasonable to expect financial institutions should shift towards ‘effective compliance’ given regulators still tend to focus on the technical requirements? I believe it is. Is it likely that they will do so? Sadly, I am less positive. Furthermore, should the onus be on regulators or proactive FIs? My experience leads me to conclude that it has to be a combination of efforts on both sides.

The benefits to FIs adopting this approach are clear. More effective utilisation of their resources leading to prevention/earlier detection of financial crimes. Is it simply ‘the right thing to do’? Well, it IS the right thing to do, at least until proven otherwise, however it should also be seen as a positive force for change.

Hear from Hugo

Using the Wolfsberg Group guidance helps organizations understand and potentially mitigate risks. Hear Hugo outline this concept in a short snippet from our recent webinar.