3 Challenges Australian FinTechs Face When Implementing an Effective AML Program

Over the last few years, the financial services landscape in Australia has seen significant change. The emergence of local FinTech companies and spikes in investor funding has shown a nationwide pivot toward offering financial services in the digital space. However, one constant is the strong emphasis on anti-money laundering and combatting the financing of terrorism (AML/CFT) by the regulators. 

Australian law and regulation set clear requirements concerning a firm’s key obligations, particularly what needs to be in its AML/CTF program. However, when it comes to implementation, there are challenges, which can be grouped into three areas – paper, people, and platforms. 

Paper

When starting a new enterprise, spending time immersed in documentation seems far from enticing. Nonetheless, it is not only mandated by Australian law, but it is of immense practical value to invest time in this effort early on. It is also a foundation for a FinTech’s relationship with independent reviewers and regulators, providing them with visible evidence that the firm understands its responsibilities and is acting on them. If the documents are not there, confidence falls immediately. Without it, they have no benchmark against which to assess the firm’s conduct. 

So what should the “paper” element cover? It should go without saying that there should be documentation for every aspect of the key obligations, which should include the following types of documentation:

• Policies – Set out and codify which obligations are being met. 
• Processes  – Explain what is done to meet the policy requirements in practice, often schematically, including roles and responsibilities, stages of action, and tools and technologies. 
• Procedures – Address how processes are executed by those directly involved. 

People

As a firm grows, more staff will need to be hired to help form the AML/CTF compliance team. How big this team is and how it is structured will depend on the nature of the business at any one time, and it is common for growth to lead to the creation of dedicated teams for each aspect of AML/CTF. 

These teams are commonly structured into what is known as the “Three Lines of Defense.” This includes those dealing with risks on a day-to-day basis as the First Line, those creating the AML/CTF program as the “Second Line,” and those evaluating the results as the “Third Line.” 

Eventually, as this model of a “classic” AML/CTF function shows, it can become a large and extended department. 

Platforms

Technology provides the final key set of practical issues which commonly challenge firms. In any AML/CTF function, even a small one, there are likely to be multiple platforms in use at any one time to collect, maintain and process data, including: 

• Customer Relationship Management (CRM) systems for onboarding, managing client data, client risk assessments, and ongoing relationship management
• Identification & Verification (ID&V) platforms to capture identification material, now often digitally
• Screening tools for sanctions, PEPs, and Adverse Media
• Monitoring tools for transactions
• Case Management Systems (CMS) to manage alert investigation
• Social Network Analysis (SNA) tools to support investigations

Simply having a tool in place is often treated as “good enough” in many less mature firms, especially when that tool has a reputation for being widely used across legacy financial services. There can be an assumption that such platforms have a talismanic quality that will ward off regulatory concerns. But in reality, it is not enough to have a platform in place, even at the early stages of a firm’s growth. To effectively fulfill AML/CTF obligations, those platforms must be appropriate to the firm’s needs.