Efficient AML/KYC Compliance During a Recession - Deloitte Reg Tech Lab

Anna Werner and Manfred Wandelt from Deloitte Reg Tech Lab discuss the impact of COVID-19 on AML and KYC compliance in Europe, the challenges faced, and the role of digitalisation in all of this

How did COVID-19 affect AML/ KYC compliance in Europe/Germany; were the companies prepared; what were their challenges; what are best practices; what about their budgets; what can we learn from 2020 to boost compliance in 2021 for FI and regulated entities, etc.

'The four most expensive words in the English language are "This time it’s different".’

Sir John Templeton 

During stressed socioeconomic times, risk and compliance issues can become prominent, making effective compliance management and the prevention of financial crime activity even more important. COVID-19 disrupted organisations at all levels – including fundamental compliance pillars such as the combating of terrorism and Know Your Customer (KYC) principles. Specific challenges arise as compliance leaders adapt their operations to changing regulatory expectations and face new compliance hurdles, presented for instance by a remote workforce. While difficult, these challenges also pose an opportunity to address current threats and bolster an organisation’s ability to adapt and overcome risk in the future.

Compliance measures implemented as a consequence of COVID-19

As the coronavirus continues to spread across the globe, top-down measures are imposed to slow down its effects and minimise potential damages. Countries across the globe are taking diversified approaches to fight against the virus and its implications. Chief compliance officer responsibilities these days include supporting employees as they navigate a new operating environment and business landscape. Even though during the last decade AML (Anti Money Laundering) and KYC compliance were intensively discussed, the profession itself is still relatively new. Probably most of the professionals working in this field today do not have any real recession or economical slow down experience while working in compliance departments. The experience and the internal literature of the organisations concerning money laundering are generally limited to covering the periods of economic boom. It is crucial to take time to reflect on lessons learned; recalibrate risk and compliance management priorities; and reassess associated plans, practices, approaches, capabilities, and resources to appropriately respond in the event of future phases of uncertainty. By considering these courses of action, CCOs can reinforce their value to the organisation and help lay the groundwork for the next unexpected event.

So far, the economic situation in individual jurisdictions appears to have tracked the scale and spread of the virus and the social restrictions that inevitably follow it. Although there has been some success in containment, most regions around the world continue to struggle with the pandemic. This suggests that, for as long as the virus is with us and is not contained, economic troubles will remain. 

Recessions always have consequences for compliance functions and are usually shaped by three contextual themes:

1. Risk Environment - During economic downturns, there is often a rise in criminal activity, much of which will have an impact on the financial system. Volumes of fraud typically rise, as do criminal attempts to launder illicit proceeds through the financial system. 

2. Cost Drivers - Businesses increasingly focus on where they can reduce costs on non-revenue generating activities. Compliance, as a regulatory responsibility, is often a target for financial retrenchment within businesses, leading to potential friction with regulators themselves. 

3. Regulatory Change - Regulators often revisit aspects of regulation, which they believe could have prevented or mitigated the economic crisis. For example, the Global Financial Crisis led to increased consumer protection in financial services in the 2010 Dodd-Frank Act in the US and the UK’s Financial Services (Banking Reform) Act of 2013. In Germany, the BaFin ensures that the companies and persons under its supervision implement any statutory obligations adopted for this purpose. These obligations are derived from the Money Laundering Act (Geldwäschegesetz – GwG), the Banking Act (Kreditwesengesetz – KWG), the Insurance Supervision Act (Versicherungsaufsichtsgesetz – VAG), the Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz – ZAG), or the Investment Code (Kapitalanlagegesetzbuch – KAGB).

The current crisis is having – and will continue to have – effects along these lines too, although shaped by its unique features and wider political contexts. Although some ´traditional´ criminal activities such as face-to-face drugs sales declined, reports from Europol, the EU’s policing agency, FinCEN, and the US Treasury’s Financial Intelligence Unit (FIU) indicate that illicit activity has been on the rise. Criminals can take advantage of health fears, exploit government economic relief packages, or target the vulnerable via cybercrime under the cover of increased online activity that has resulted from lockdowns. As a consequence, the Financial Action Task Force (FATF) has published guidelines on how to prevent illicit financing during COVID-19. The FATF is not only encouraging governments to partner with financial institutions and explore digital identity, but is pushing for the implementation of FATF standards, implementation of digital customer onboarding, and delivery of digital financial services to abide by social distancing requirements.

Digitisation as an enabler for AML/KYC compliance effectiveness in the current crisis

Many regulated industries are in the midst of a historic digital transformation, embedding analytics, AI, and other technologies into their operations, products, and services. Not only can institutions benefit from these technologies during COVID-19 times; also with the industry moving so fast, keeping up with the technological advances is critical to effectively take KYC and AML compliance to a next level.

The most important instruments on the way to digitisation are as follows:

• AI-based technologies include machine learning, computer vision (image recognition), speech recognition, natural language processing, and robotics. Some financial and non-financial institutions already use AI to analyse data and regulatory regulations and provide virtual assistants capable of answering common questions. AI can also augment decision making by parsing through masses of forms and data to determine, for instance, whether a business is eligible for a particular permit and especially for the KYC process and the data needed. 

• Robotic process automation (RPA) software mimics the steps humans would take to complete various tasks such as filling out forms (KYC reports), transferring data between spreadsheets, or accessing multiple databases. Some financial institutions and non-financial institutions are beginning to use RPA to automate repetitive, predictable processes such as KYC reports and application processing. As the use of RPA evolves in the regulatory landscape, institutions can combine it with AI (cognitive automation) to tackle higher-value tasks. For example, an intelligent KYC assistant could interact with other departments seeking a permit by populating the authorisation forms needed for different approvals.

• Big data analytics support the core component of any analytics solution: the underlying data. Most KYC data collection today is conducted with little or no standards. That is why it needs to develop common standards to collect and store data to improve regulatory, internal fulfilment, and oversight.  

The economic fallout from the coronavirus pandemic is likely to force companies to cut their research and development (R&D) spending. However, experience from past recessions shows that innovative companies are significantly more resilient – also in their compliance set-up. The current COVID-19 crisis asks for creative solutions and new services in the regtech space. It requires focus, but also mindfulness to not open up the organisation to other threats such as fraud or cyber attacks, which often become more likely as criminals take advantage of an already bad situation. The latter one, cyber threats, are growing faster than most companies' ability to deal with them in today’s increasingly digital economy. Anything that depends on cyberspace is potentially at risk: personal data, company data, customer data, intellectual property, or critical infrastructure. 

All over, it is currently difficult to forecast the long-term consequences of the COVID-19 crisis, but the pandemic will certainly give digitalisation in compliance functions a major boost. The crisis acted like a ‘burning glass’ on the organisation and made existing weak points transparent. Weak spots include compliance budget restrictions, which were already imposed by many organisations before COVID-19 but have become more prominent now inhibiting the further development of compliance functions. On the other hand, further development of the compliance programme and the associated measures could have come into focus precisely during current digitisation pressures. Today’s exceptional situation offers opportunities and risks that potentially influence and change the activities and best-practices in compliance functions of all industries. The first trends can already be foreseen today. 

Should you be interested in further insights and discussions, feel free to approach us via RegTechLab@deloitte.de. 

This editorial was first published in our Financial Crime and Fraud Report 2021 - How to Fight Fraud and Master KYC, Onboarding & Digital ID, which provides a comprehensive overview of the major trends driving growth in fraud prevention, identity management, digital onboarding and KYC, transaction monitoring, financial crime compliance, regtech, and more.

About Anna Werner

Anna works as a Senior Consultant at Deloitte’s Reg Tech Lab and is operational lead and initiator of the Reg Tech Lab. Through the utilisation of regtech solutions, she tackles Compliance pain-points by combining regulatory and technological expertise.

About Manfred Wandelt

Manfred is a former Senior Manager at Deloitte’s Reg Tech Lab and has more than 20 years of consulting experience working with national and international clients. His expertise lies in regtech subjects and the Anti-Financial Crime field.

About Deloitte 

Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax, and related services; legal advisory services in Germany are provided by Deloitte Legal. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the ‘Deloitte organisation’) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 330,000 people make an impact that matters at www.deloitte.com/de.