On March 16th, the Financial Conduct Authority (FCA) issued a “Dear CEO” letter to payments firms authorized or registered under the Payment Services Regulations 2017, and Electronic Money Regulations 2011. 

In it, Matthew Long, the FCA’s Director of Payments and Digital Assets said the regulator remains “concerned that many payments firms do not have sufficiently robust controls and that as a result, some firms present an unacceptable risk of harm to their customers and to financial system integrity. We consider that the risk of customer harm is heightened by the tightening economic conditions and the cost-of-living crisis.”

The letter is framed around three core outcomes payment firms must achieve: 

1. Ensure your customers’ money is safe.
2. Ensure your firm does not compromise financial system integrity.
3. Meet your customers’ needs, including through high-quality products and services, competition and innovation, and robust implementation of the FCA Consumer Duty.

Implications for Fraud and AML Professionals 

Many of the FCA’s points – especially related to objectives two and three – center on issues related to fraud, money laundering, and sanctions. Here, we explore those in more detail and highlight actionable steps firms can take to help ensure they are compliant. 

Priority 1: Money Laundering & Sanctions

The FCA states that “All firms that are subject to the UK’s Money Laundering Regulations must have in place systems and controls to identify, assess, monitor and manage money laundering risk. These must be comprehensive and proportionate to the nature, scale, and complexity of a firm’s activities. With regard to economic and financial sanctions, firms must ensure that they operate effective systems and controls, in order to identify and manage any sanctions exposure and risk, associated with their customers and business activities.”

Common issues identified in the regulator’s work with firms over the last two years focused heavily on issues related to control, governance, record keeping, and the risk-based approach. Specifically, these included:

• Failure to carry out and/or to evidence adequate know your customer (KYC)/due diligence.
• Business-wide risk assessments that are not supported by a robust and effective methodology.
• Failure to regularly review and refresh risk assessments and control frameworks in an evolving threat landscape.
• Policies and procedures that are insufficiently detailed and tailored to firms’ business models.
• Failure to maintain and evolve the control framework, in line with or ahead of business growth.
• Failure to ensure name screening solutions from third-party providers are appropriately and adequately calibrated to meet their business requirements.
• An inability to reasonably justify and/or verify why a sanction screening solution does not generate alerts against certain names on the UK’s Office of Financial Sanctions Implementation list.

The FCA states that it expects firms to: 

• Ensure that anti-money laundering systems and controls are effective and commensurate with the risks in the business, including as it grows over time. 
• Conduct regular reviews to assess compliance with anti-money laundering obligations and sanctions requirements, and to work swiftly to remediate weaknesses identified. 
• Comply with responsibilities under the Proceeds of Crime Act 2002 and Terrorism Act 2000 through accurate and timely submissions of Suspicious Activity Reports (SARs) and regularly review themes from your SARs reporting.

What does this mean for your firm?

During the initial implementation process, we recommend that our clients make a detailed determination, based on their business model and related requirements, of the way they wish to configure their screening solution. Factors to consider include:

• The nature of their customers — For example, are their products offered to businesses or individuals? What geographies are covered for residence or trading activity? Is a customer risk-rating mechanism in place, allowing the firm to direct some, but not all, of their customers through an Enhanced Due Diligence process?
• Consistency and completeness of the data being sent for screening —  Is there consistency and predictability in the formatting of country names, dates of birth, prefixes, etc? Where there is more than one named individual associated with an account, how are several names being bifurcated before submission for screening? How are special characters being processed, etc?

Firms should ensure that the customer names submitted to any screening solution are derived using automated checks against official/state-issued identity documentation, as opposed to user-inputted. Implemented correctly, this can have a significant positive impact on the number of false positives emitted from name screening tools. ComplyAdvantage offers a high degree of configurability via various algorithmic levers which can help support false positive reduction in a structured onboarding process.

Once these steps have been taken, firms should devise tests for their screening solution by running name sets through the solution in a test environment, as part of their wider risk and control assessments. 

Test sets should be formatted to reflect live customer environments as closely as possible, including the variants firms would expect to see as a result of the processes they have put in place in that environment.

Firms should also ask vendors about the speed at which they can update their sanctions lists. In a tense, fragile geopolitical environment, new sanctions are likely to continue to be issued at pace and unpredictably, meaning that receiving updates as close to real-time as possible will be critical to ensure continued compliance with regulatory requirements.

Priority 2: Fraud 

The FCA notes it has seen “elevated fraud rates” in some payment and electronic money institutions. It notes the cost-of-living crisis as a potential driver of additional fraud. As a result, firms must “take action now to address weaknesses in their systems and controls to prevent fraud.” Common issues identified include:

• Insufficient emphasis on mitigating the risk of fraud against customers and insufficient customer education relating to fraud prevention.
• A lack of engagement with industry information-sharing bodies.
• Weaknesses in firms’ anti-fraud systems and controls.
• Backlogs that have led to fraud reports from consumers not being actioned within a reasonable timeframe by relevant staff.
• A high proportion of customer accounts being used to receive the proceeds of fraud.

The FCA has a clear sense of urgency around fraud, stating firms must “take immediate action” to protect customers against fraud, and ensure their firm is “not being used to receive the proceeds of fraud.” Firms are instructed to:

• Review internal risk appetite statements, policies, and procedures to ensure that these adequately address the risk of fraud to customers.
• Regularly review fraud prevention systems and controls to ensure that these are effective.
• Maintain appropriate customer due diligence controls at the onboarding stage and on an ongoing basis to identify and prevent accounts from being used to receive proceeds of fraud or financial crime.

What does this mean for your firm?

The combination of the economic downturn and the relentless adoption of new technologies provides fertile ground for new fraud typologies. That makes access to intelligent, real-time fraud detection information critical. It also means anti-fraud technologies that were effective even 12 months ago may now need to be renewed, to ensure they’re sufficiently capable of keeping up with the fast-paced world of fraud. The reality is, fraudsters will be the first adopters of any new technology, and firms need to work with partners who are capable of keeping pace.

At ComplyAdvantage, we approach fraud and AML holistically with our clients. Across both categories, a common challenge we see is a reliance on static rules to detect fraud. A better approach is to deploy a model that dynamically adapts to criminal behavior while, crucially, providing analysts with clear reasons when alerts are created. 

It’s notable that the FCA explicitly called out alert backlogs in its letter. We work with clients to deploy machine learning algorithms that can help them to prioritize alerts based on the risk they present. This enables them to be filtered, sorted and allocated more efficiently. This enhances our clients’ risk-based approach while making sure their analysts’ time is being used effectively. 

Another best practice is to be network-driven. Complex fraud cases are rarely the result of a lone actor, but legacy systems will focus on screening and monitoring individuals. A more effective strategy leverages AI to identify links between accounts – whether related to an individual(s) or an organization(s) – to help clients identify the true scale of the problem. 

We also work with our clients to support emerging payment types and to take advantage of the richer, structured data that ISO 20022 brings with it. It’s set to be introduced into the Clearing House Automated Payments System (CHAPS) on June 19th, 2023. The Bank of England states explicitly that it expects improved fraud and financial crime detection to be a key benefit of this transition. To learn more about how the migration to ISO 2022 can enhance your financial crime risk management, book a meeting with our team here.

But even with the best regtech and compliance team, fighting fraud takes a village. That’s why it is critical firms find ways to share information and knowledge. This could be through participation in data-sharing initiatives like CIFAS, working with technology and data vendors who monitor and respond to emerging criminal typologies, or participating in regulator consultations. 

Finally, we know that it’s next to impossible for compliance officers to keep on top of new developments alongside competing work demands and day-to-day responsibilities. That’s why we regularly publish our analysis and research on key trends and new regulations. We’re also regularly hosting and attending industry events to facilitate discussions between practitioners. You can find all our latest thought leadership content on our website. 

Next Steps

The FCA states that firms should ensure their board or executive committee review and consider which risks apply to them, and take appropriate action. It warns firms it will expect them to “explain the actions it has taken in response to this letter on request.”

Finally, the FCA notes that its wider strategy for 2022-25 has a strong focus on reducing and preventing financial crime, with a key plank of this being a commitment to act “earlier and more assertively in dealing with problem firms.” It notes it will “remove or sanction” organizations that “cannot or will not meet our standards.”

The post FCA Priorities for Payment Firms March 2023: Implications for Fraud and AML Professionals appeared first on ComplyAdvantage.

While all of these are important, one often overlooked factor is implementation. How vendors implement their clients’ AML programs is critical. A slow implementation process risks undermining the customer experience and delaying the roll-out of new products and services. Poor support over time can become a chronic issue weighing compliance teams down if, for example, the ability to add new rules and capabilities is impacted.

So how can firms assess what ‘good’ looks like when it comes to implementation? Here are five top considerations.

Implementation of Anti-Money Laundering Software: Five Top Considerations

1. Pre-built rules and collateral

While onboarding times will vary based on the complexity of the implementation and specific client requirements, there are steps vendors can take to make this smoother. For AML solutions like transaction monitoring and screening, one important feature compliance teams should look for is ‘plug and play’ capabilities that make the set-up process more efficient. Offering a pre-built library of rules and typologies is one good example of this. In addition to demonstrating what a best practice program looks like, these libraries can help teams get set up quickly, without the need to build everything from scratch. 

In addition to pre-built rules, firms should ask vendors about the collateral they provide to support implementation. This may include a rule library, API guide, dummy data for testing, and more. All of these help clients to get started more quickly and mean they can get up-to-speed in their own time.

Vendors should be realistic about the length of the implementation process, though. With cost-effective solutions and the right resources prepared on the client side, implementation times can be as short as two weeks.

2. A personalized approach

‘Out of the box’ features such as a REST API need to be supported by in-house technical and personnel skills to manage complex, customized implementation requests. Some clients will inevitably have bespoke rule sets they need to manage or particular challenges with the structure or quality of their data. This must be considered upfront to ensure the fraud and AML detection system works effectively post-implementation. To manage this complex array of requests, firms should ask vendors how they manage the implementation process. A best practice approach is for each client to have a dedicated implementation consultant who will support them through to go-live, ensuring continuity of service and a speedy response to inevitable questions and challenges. Ideally, this consultant will be flexible about working remotely or on-site with the customer, based on what will enable them to progress more effectively.

TransferMate, one of the world’s leading B2B payments infrastructure-as-a-service companies, enables individuals to make seamless, cost-effective cross-border payments. But operating across more than 201 countries and 141 currencies means the risks and typologies their team must monitor for are not always captured by pre-built rule sets. During its implementation process with ComplyAdvantage, the two teams communicated almost daily. Alex Clements, Global Head of Financial Investigations and Monitoring at ComplyAdvantage, described this as a “one team, two organizations” approach. The company worked with ComplyAdvantage implementation consultants to define its data model and scope out the bespoke rules it wanted to build for transaction risk management. ComplyAdvantage used its industry expertise to help TransferMate achieve its goals, sharing ideas and best practices.

3. Strong industry knowledge

Some regtech vendors will also specialize in supporting certain markets like digital banking or payments. Others have a broad suite of clients, with implementation and customer success teams dedicated to each. While both approaches can make for a successful business, firms should ensure their vendor has experience with relevant firms in their space. This will enable greater out-of-the-box thinking when solving inevitable challenges and roadblocks. This also empowers implementation teams to be proactive, offering creative solutions that can help firms get to their intended solution more quickly or efficiently than they had anticipated.

Hampshire Trust Bank (HTB), a specialist bank based in the UK that provides business finance, mortgage, and development finance solutions, has compliance challenges unique to its business model. By working with an experienced implementation team at ComplyAdvantage, the bank is able to, for example, look at how to optimize the application of its transaction monitoring rules for specific customer segments that may operate in particular ways.

4. Sandboxing and an iterative mindset

From day one of implementation, the best vendors will have a ‘test and iterate’ mindset. This should begin with a sandbox, enabling integration to start immediately. A sandbox approach also means implementation can be phased, with deliverables that are ready starting immediately while work on other areas of the solution is ongoing.

The intersection of implementation and customer success is also critical. Customer success managers will be their clients’ front-line representatives when explaining and working through the roll-out of new vendor features, or when managing client requests for new capabilities. A knowledgeable and engaged customer success manager can also proactively recommend optimizations based on their experience working with other similar clients. As Robin Jeffrey, Head of Transformation at HTB explained about working with ComplyAdvantage: “Other products we reviewed on the market were more rigid. ComplyAdvantage enables us to focus on continual improvement, adapting the platform as we learn and as the world evolves.”

5. Agile to changing risks

It’s also important for firms to remember that implementation is not a ‘one-and-done’ process. Compliance decision-makers should evaluate firms’ ability to support changes over time as new risks emerge. Look for a firm that offers features like the ability to build new rules quickly without the need to raise a time-consuming support ticket. Waiting for a vendor’s IT team to implement a change to risk thresholds based, for example, on new information from law enforcement could lead to criminal behavior going undetected for weeks, or even months.

Overseas payments and foreign exchange provider Lumon found itself needing to react quickly in the early stages of the pandemic when it saw a sudden increase in COVID-related investment fraud. “ Within 48 hours of identifying this, Lumon developed and deployed new rule sets to combat the threat and prevent more customers from falling victim to scams” explains Alessio Giorgi, the firm’s Head of Compliance and MLRO.

The post Anti-Money Laundering Program: Why Good Software Implementation Is Critical appeared first on ComplyAdvantage.

In the paper, the Australian Treasury explains that everyone who invests in cryptocurrency must include their assets in their tax returns. It also sets out the basis of a “token mapping framework” to help explain how various cryptoassets might fit into existing regulatory frameworks. 

The consultation period for this paper is open until March 3, 2023. The full list of consultation questions can be found in Annexure 4 on pages 52 and 53. 

Token mapping framework

In August’s joint statement, token mapping was highlighted as the “first step in a reform agenda,” as it would help the government identify how crypto assets and related services should be regulated. In the paper, “tokens,” “token system,” and “functions” are defined as follows:

• Tokens are physical or digital units of information that have a role in a token system
• A token system is a collection of steps involved in performing a function 
• A function can be any benefit ensured or facilitated by the token system to the token holder

This token mapping framework will be used to define the development of a custody and licensing framework, which the government is due to propose for public comment by mid-2023. 

According to our 2023 global compliance survey, these regulatory reforms are coming at an important time for Australian firms. When asked what crypto-based services they would offer in the future, 70 percent told us a trading or exchange service, 54 percent said crypto as a payment method or rail, and 51 percent a custodian or wallet service. 

Australia’s functional approach

The paper also discusses the concept of a “functional perimeter,” which would set Australia apart from other jurisdictions by adopting a broad “functional” definition of a financial product. This approach follows the policy adopted after the Wallis Inquiry recommended that the law adopt a broad definition of “financial product” so that “functionally-equivalent” products can be treated equivalently.

According to the paper, other jurisdictions have created an exhaustive list of regulated products and are often guided by risk-based approaches when updating the list to include novel financial products. The Hong Kong Securities and Futures Commission (SFC), for example, announced in January that it will propose a subset of tokens permitted for retail investors’ trading. According to the CEO of the SFC Julia Leung, only “highly liquid” assets will be on the list. 

Crypto scam concerns

These regulatory reforms come in light of rising concern regarding the increasing number of scams involving crypto. According to the Australian Securities and Investments Commission (ASIC), Australians caught up in cryptocurrency scams lost $701 million in 2021, representing a 135 percent increase from 2020. ASIC Deputy Chair Sarah Court said the main driver of this increase was crypto investment scams, where losses increased by 270 percent. The Australian Competition & Consumer Commission (ACCC) has also advised that crypto scam losses increased further in 2022.

In April 2022, AUSTRAC and the Australian Prudential Regulation Authority (APRA) released reports warning about the scale and risk management related to crypto assets. In particular, AUSTRAC included a list of financial and behavioral indicators linked to specific types of crime involving cryptocurrencies, such as illicit activity via darknet marketplaces, terrorism financing, scams, and tax evasion. Key red flags for compliance staff to note include:

• The customer’s wallet addresses show exposure to high-risk conversion services or darknet marketplaces
• An account receives multiple small deposits, which are immediately transferred to private wallets
• Public information or blockchain analysis tools indicate a customer has transacted with websites or wallet addresses considered to be high risk for terrorism activities or proliferation financing
• The use of services that do not make commercial or economic sense. For example, a business moving earnings through mixers or an individual converting a digital currency multiple times before cashing out, incurring additional conversion fees

Key takeaways

With new regulations coming in 2023, firms of all sizes need to devise a strategy for staying ahead of the latest developments. Three key steps to take include:

• Horizon scanning – firms should stay ahead of the curve by ensuring their compliance teams have adequate budgeting approved by senior management to address changes and that the right level of resourcing has been allocated to address regulatory changes

• Understand new requirements and impact – take the time to fully understand new requirements and the possible impact on operations, as new regulations may require adding a technology layer or developing a strategy to exit a pool of clients who are suddenly deemed to be breaking the law

• Contribute to regulatory consultations – this will help to ensure that laws are being developed that do not stifle innovation or lead to the development of regulations that could have a serious negative impact on the industry

The post Australian Government Begins Crypto Regulation Reform appeared first on ComplyAdvantage.

Following the Economic Crime (Transparency and Enforcement) Act passed in March 2022, the Bill is designed to tackle the growing problem of dirty money flowing into the UK. It is currently progressing through its second reading in the House of Lords and its next sitting is on February 8, 2023. 

“Failure to prevent”

The “failure to prevent” measures are largely aimed at commercial organizations and their senior managers that do not currently have reasonable measures in place to prevent money laundering, fraud, and false accounting. 

Under current law, corporate criminal liability is generally determined according to the “identification doctrine,” meaning prosecutors must prove the most senior officers of the company had the requisite criminal intent. However, during the debate, Sir Robert Buckland MP said, “These new offenses, which I have recommended, will make it easier to prosecute organizations for crimes because prosecutors will only need to prove that the organization lacked ‘reasonable’ or ‘adequate’ controls to prevent the crime.”

Security Minister Tom Tugendhat confirmed to the House that the government will “address the need for a ‘failure to prevent’ offense” when the Bill goes to the House of Lords.

Part 4 and part 5 amendments 

Additional amendments have been agreed relating to parts four and five of the Bill. While the first three parts deal with Companies House reforms, part four covers the seizure of cryptoassets, and the fifth deals with money laundering and other economic crime. As of January 30, the following amendments have been approved regarding the seizure of cryptoassets:

• Removing the requirement in the Proceeds of Crime Act 2002 (POCA) for a suspect to have been arrested before powers are used to search for and seize property concerning cryptoassets
• Creating new powers in POCA to search for and seize or freeze cryptoassets suspected of having been obtained through unlawful conduct 
• Amending the Anti-Terrorism Crime and Security Act 2001 (ATCSA) to insert powers to seize or freeze cryptoassets suspected to be used for terrorism

Additionally, the government has highlighted the following revisions to part five of the Bill:

• New exemptions will be created from key money laundering offenses, so firms subject to anti-money laundering (AML) duties can carry out certain acts on behalf of their customers without seeking consent in advance from the National Crime Agency (NCA)
• Law enforcement powers in POCA and the Terrorism Act 2000 (TACT) will be expanded to seek information from the regulated sector to tackle money laundering or terrorist financing
• Certain businesses will be enabled to share information to tackle economic crime, without incurring civil liability – including for breach of confidence
• Pre-investigation powers of the Serious Fraud Office will be expanded by removing a restriction in the Criminal Justice Act 1987 that applies certain powers only to cases of international bribery and corruption

Key takeaways 

While the Bill has been introduced to Parliament, compliance teams should note that its content remains subject to change in parliamentary debates and committee reviews. As a result, firms should be aware of possible changes to the Bill over the coming months and ensure they take note of upcoming readings and their outcomes. 

The post New Amendments Proposed to the UK Economic Crime and Corporate Transparency Bill appeared first on ComplyAdvantage.

When asked which area of their compliance function would be at risk in an audit, 48 percent – the highest proportion – told us it would be their knowledge of regulations. This blog explores the evolving anti-money laundering regulatory landscape, examining several global trends and themes in major economies. Be sure to download our regulatory trends report to explore in more detail!

The Financial Action Task Force (FATF)

Singapore took over the FATF Presidency on July 1, 2022, establishing the global AML/CFT standard setter’s priorities for the next two years. These include:

• Strengthening asset recovery – As less than one percent of illicit assets are recovered, FATF will seek to enhance collaborative frameworks and focus on cyber-enabled crimes such as fraud, scams, and ransomware using data analytics and enhanced work through public-private partnerships. The first FATF-INTERPOL Roundtable Engagement (FIRE) was held in Singapore in September.
• Countering illicit finance associated with cyber-enabled crime – A new initiative will look to understand the money laundering and terrorist financing related to online fraud, ransomware, phishing attacks & scams and document best practices.
• Increasing the effectiveness of global AML measures – The FATF will organize thematic sharing sessions and focus on identifying new ML/TF risks linked to VASPs and sharing best practices, completing guidance on the beneficial ownership of legal persons, and amending FATF regulation 25 on beneficial ownership of trusts and legal arrangements by February 2023. It will also encourage the adoption of data analytics for better AML/CFT outcomes and work to develop a regular review of TF risks with Al Qaeda, ISIL & affiliates. Finally, it will aim to generate awareness of the ML/TF risks related to environmental crime, the international wildlife trade, and grand corruption.
• Reinforcing FATF Partnerships with FATF-style regional bodies (FSRBs) – The FATF will look to build capabilities and capacity to strengthen the Global Network to more effectively tackle money laundering, terrorist financing & proliferation financing.

The United States 

Under the Biden administration, the US will continue focusing on three core themes:

1. Strengthening laws and regulations to tackle illicit financial flows 
2. Modernizing, building, and enhancing regulatory and enforcement frameworks, particularly in the crypto space
3. Targeting wrongdoers who seek access to the US financial system to launder the proceeds of crime

The US published its 2022 National Illicit Finance Strategy, providing a roadmap to “close loopholes exploited by criminals and illicit actors.” This is designed to address threats and vulnerabilities identified in its National Risk Assessment (NRA) that have resulted from increased levels of fraud, corruption, and the digitization of finance. Particular emphasis was placed on addressing Russian aggression in Ukraine and the global network of corrupt Russian elites.

The strategy set four priority recommendations. These are listed below and include 14 supporting actions.

• Priority One: Increased Transparency & Close Legal and Regulatory Gaps 
• Priority Two: Make the AML/CFT Regulatory Framework for Financial Institutions More Efficient and Effective
• Priority Three: Enhance Operational Effectiveness in Combating Illicit Finance
• Priority Four: Support Technological Innovation and Harness Technology to Mitigate Illicit Finance Risks

Following an Executive Order from President Biden on Ensuring Responsible Development of Digital Assets and the proposed Lummis-Gillibrand bill, expect to see much more about crypto regulation. Given the size of the US market and the clear benefits of regulatory alignment, firms should expect other countries to study the US proposals as a template for their own markets. 

The European Union

Progress will continue with the overhaul of the EU’s AML/CFT regulations as the AML package moves through the EU governance process. The proposal was launched in 2021 and consisted of four separate pieces of legislation, including:

• Regulation to establish a supranational Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA)
• A new AML/CFT Directive, the “new” 6AMLD* for countries to implement domestic AML/CFT frameworks
• Regulation establishing a single AML/CFT rulebook with greater clarity and guidance for firms required to meet AML/CFT obligations (‘obliged entities’) 
• Updated transfer of funds regulation to cover changes to processing transaction requirements and bring into scope virtual assets service providers (VASPs)/crypto asset service providers (CASPs)

The European Commission will also continue to name countries that have not yet fully complied with the transposition of 6AMLD, which sets out predicate offenses for money laundering. In February 2022, it launched infringement proceedings against Latvia, Lithuania, Malta & Portugal for not sufficiently explaining how they have defined predicate offenses in domestic legislation. 6AMLD became effective on December 3, 2020, and needed to be implemented by regulated entities by June 3, 2021. 

Additional initiatives from the European Union will include new measures targeting environmental crime, a strategy to address de-risking, and action on rising numbers of cross-border money laundering cases. 

*A note on definitions: The EU Directive 2018/1673, issued in November 2018, created a new foundation for the EU’s criminal law on money laundering. EU member states were required to transpose it into national law by 3 December 2020, with the private sector required to make any necessary changes by 3 June 2022. This directive is widely known in the financial services industry as the 6th Anti-Money Laundering Directive (6AMLD). However, the European Commission now sees this directive as a standalone regulation. As a result, we are calling the proposed directive referenced here the “new” 6AMLD. 

China

China has issued a “Three-Year Action Plan for Combating Money Laundering Violations and Crimes (2022-2024)” to clamp down on money laundering, which runs from January 2022 until December 2024. The plan was drafted to “truly safeguard national security, social stability, economic development, and the interests of the people.” It was issued by 11 Chinese authorities and obliged them to:

• Increase publicity and training
• Amend the Anti-Money Laundering Law and legal interpretations related to handling criminal money laundering cases
• Strengthen intelligence-led research for judgment and cases 
• Improve the analysis of money laundering typologies and anti-money laundering investigations
• Boost the ability of obliged firms to prevent and control money laundering risks

China also amended its rules to strengthen the ability of firms to fight money laundering. The rules define CDD requirements, including how regulated firms should store identity and trading data. The requirements were also extended to non-bank payment companies and wealth management firms. 

In November 2022, the FATF issued an update on progress made by China to address identified deficiencies in its 2019 MER. China remains non-compliant with requirements around DFNBPs, including effective supervision and the need to carry out due diligence. It is also deficient in measures, including submitting suspicious activity reports, transparency, and beneficial ownership of legal arrangements. 

Australia

Designated Non-Financial Businesses & Professions (DNFBPs) regulation and enforcement will continue to be a major inflection point in Australia. The Legal and Constitutional Affairs References Committee published its report in March 2022 at the request of the Senate on the effectiveness of the AML/CFT regime in Australia. The report focuses on the failure to bring DNFBPs, such as lawyers, real estate agents, casinos, and other gambling service providers, auditors, and dealers in precious metals and stones, into the scope of AML regulation. Loopholes in Australia’s AML/CFT regime have been blamed for allowing billions of dollars to be laundered through Australia’s real estate sector and for “serious and systemic non-compliance” by casino operators. In 2021, out of AUS$187m in assets seized, AUS$116m accounted for real estate assets. AUSTRAC estimated that in 2020, AUS$ 1 billion was laundered by Chinese interests via Australian real estate.

The Senate report provides an overview of the regulation of gatekeepers, current and emerging challenges in AML, and various recommendations for improvement. These include regulating DNFBPs and making improvements to the AML/CFT framework, such as:

• Simplifying AML/CFT rules
• Supporting the use of technologies to meet KYC obligations
• Applying a risk-based approach to regulation
• Increasing penalties for ML/TF
• Boosting resourcing in AUSTRAC 

The report further found that delays in implementing Tranche 2 reforms continue to expose Australia to economic harm and risk its credibility as it is one of only 3 FATF countries that does not have DNFBPs in the scope of AML/CFT legislation. The committee also recommended establishing a beneficial ownership registry.

Explore more by downloading our Regional Regulatory Trends report today

The post How Will Anti-Money Laundering Regulations Evolve in 2023? appeared first on ComplyAdvantage.

Pursuant to President Biden’s Executive Order (EO) 14067 on Digital Assets, the Treasury’s report took the form of a roadmap detailing how the government will bring greater transparency to the digital asset sector. Along with eight other reports from federal agencies, the Treasury’s action plan informed a new framework, published by the White House in September 2022, for the responsible development of digital assets.  

The comment period for the Treasury’s Action Plan ended on November 3. 

Regulatory Clarity and Public-Private Engagement

Speaking at the Crypto Council for Innovation, Rosenberg highlighted two specific issues repeatedly appearing in the report’s comment letters. Regarding the desire for further regulatory clarity, industry commenters asked questions about decentralized finance (DeFi) and being subject to sanctions obligations and regulatory anti-money laundering and combatting the financing of terrorism (AML/CFT) frameworks.

To ensure the DeFi industry has a clear understanding of its AML/CFT and sanctions obligations, the Treasury will review the specific issues the sector identified in the comments and explore how current questions and uncertainty should be addressed. Rosenberg noted that thought would be given to whether additional regulatory guidance will take the form of advice, outreach, or regulation. 

Second, Rosenberg commented on the industry commenters’ requests for more public-private engagement between the government and the virtual assets industry. Recognizing the industry has unique insight into illicit finance threats, Rosenberg said, “Stronger two-way dialogue can […] strengthen the US government’s understanding of technological innovations and changes, as well as create greater opportunities for industry to identify areas where these innovations may result in regulatory uncertainty.” 

Questions Around Privacy for Virtual Asset Transfers

Rosenberg also commented on some policy questions from industry commenters surrounding the Treasury’s approach to mixers following the designations of Blender.io and Tornado Cash. 

In May 2022, cryptocurrency mixer service Blender.io was sanctioned by the US after it was used in a heist backed by the Democratic People’s Republic of Korea (DPRK) to fund the country’s nuclear weapons and missile programs. Following this designation, in August 2022, another mixing service, Tornado Cash, was sanctioned for enabling cybercriminals to launder USD 7 billion in crypto since 2019. 

Rosenberg noted that while virtual assets can provide helpful insight into financial activities through public blockchains, which can be used to support AML/CFT compliance, some virtual asset users may desire privacy when conducting transactions. 

“Our goal and intention is not to deter the development of technologies that provide privacy for virtual asset transfers,” said Rosenberg. “We welcome opportunities to further engage with [the] industry on how these technologies can both promote privacy while also mitigating illicit finance risks and complying with regulatory and sanctions obligations.”

Further information on illicit financing risks associated with anonymity-enhancing technologies in the virtual asset ecosystem can be found in the 2022 National Money Laundering Risk Assessment. 

Key Takeaways

While the Treasury’s report is likely to play a significant role in shaping the future development of digital assets in the US, regulations will continue to be an ongoing and iterative process. Firms should stay up-to-date with the additional regulatory guidance and expanded engagement efforts the Treasury has committed to providing. 

For further reading, compliance staff should also familiarize themselves with the additional reports from federal agencies that highlight “a clear framework for responsible digital asset development and pave the way for further action at home and abroad.” The two other reports published by the Treasury in September 2022, include:

• The Future of Money and Payments
• Crypto-Assets: Implications for Consumers, Investors, and Businesses

The post US Treasury Follows Up On Action Plan to Mitigate the Illicit Finance Risks of Digital Assets appeared first on ComplyAdvantage.

The new guidance builds on an earlier draft, with the addition of questions to consider when developing source of funds (SoF) and source of wealth (SoW) processes and a reminder of reporting entities’ obligations under the Privacy Act.

Developing SoF and SoW Processes

When developing SoF and SoW processes, AUSTRAC recommends firms ask the following questions to ensure all procedures align with their risk appetite: 

• Can the customer’s (or beneficial owner’s) SoF or SoF be easily explained, such as through their occupation, investments, or inheritance?
• Is the customer’s background consistent with their former, current, or planned business activity and turnover?
• Do the SoF and SoW explanations corroborate the information obtained through enhanced due diligence, including open-source checks?
• Do high-risk customers require the same verification level to establish the SoF and SoW?
• Should higher thresholds for “reasonable measures” be determined when a foreign PEP is the customer or the customer’s beneficial owner?

According to AUSTRAC, “reasonable measures” means what is practical and necessary in line with the firm’s identified money laundering and terrorist financing risks.

The Privacy Act

In the guidance, AUSTRAC reminds reporting entities that the Privacy Act covers all personal information collected and verified about a person’s identity. Since this type of information can be considered “sensitive,” firms should consider storing the data with a higher level of privacy protection per the Australian Privacy Principles.  

Chapter 11 of the Australian Privacy Principles details the reasonable steps reporting entities should take to ensure the security of personal information obtained throughout the KYC process, including SoF and SoW checks. These include:

• Implementing a culture of data governance and maintaining it through regular training
• Employing data handling practices, procedures, and systems across business models
• Ensuring robust IT and access security
• Developing internal strategies in case of data breaches
• Identifying a process for the destruction and de-identification in certain circumstances

AUSTRAC Enforcement Investigation

The new guidance follows AUSTRAC’s ongoing investigation of Star Entertainment Group, where concerns had been raised regarding the casino’s customer due diligence and compliance with anti-money laundering and counter-terrorism laws.

Earlier this year, the group’s Chief Financial Crime Officer, Skye Arnott, revealed that the company provided fake SoF letters to the Bank of China to make deposits by high-net-worth individuals appear to have been earned by gambling. During the inquiry, Arnott acknowledged that providing fake SoF letters raised “very significant concerns” regarding anti-money laundering compliance.

While AUSTRAC’s enforcement investigations into the Star Group are ongoing, the recent revelations are a strong reminder of reporting entities’ obligation to maintain accurate SoF and SoW documentation. More information from AUSTRAC on record-keeping best practices can be found here.

Key Takeaways

Identifying the SoF and SoW are key elements of an effective risk management framework. Compliance staff should ensure these procedures and processes are accurately documented and applied consistently and in accordance with the firm’s risk appetite. The systems and controls that identify the SoF and SoW must also be subject to regular independent review. 

When conducting the checks, reporting entities must also avoid the common misconception that funds from a bank can be presumed clean. Further action may still be required to prove the funds are not derived from criminal proceeds. 

For more information, the compliance team should consult the frequently asked questions on SoF and SoW issued by The Wolfsberg Group. 

The post AUSTRAC Issues Updated Guidance on Source of Funds and Source of Wealth Checks appeared first on ComplyAdvantage.

While MiCA broadly applies to cryptoasset service providers (CASPs) providing crypto services to EU residents, some areas fall outside of MiCA’s scope. These include crypto-assets that:

• Are unique and not fungible with other crypto-assets, such as digital art and collectibles
• Qualify as financial instruments as defined under Directive 2014/65/EU, such as security tokens
• Represent services or physical assets that are unique and not fungible, including real estate or product guarantees
• Are offered for free, or are automatically created

Classification of crypto-assets

The MiCA bill introduces three sub-categories of crypto-assets based on whether an asset seeks to stabilize its value in relation to other assets. These include asset-reference tokens, e-money tokens, and other crypto-assets.

Asset-reference tokens are assets that maintain a stable value by referencing several currencies, one or several crypto-assets, one or more commodities, or a combination of such assets. Contrastingly, e-money tokens are assets that aim to stabilize their value by referencing only one official currency, such as stablecoins. All other crypto-assets that do not fall into either of the aforementioned groups make up MiCA’s third sub-category. 

CASP requirements

Under MiCA, potential retail holders of crypto-assets must be informed about the characteristics, functions, and risks of the crypto-assets they intend to purchase. Therefore, CASPs will be required to compile a whitepaper containing general information on the

• Issuer and offerer
• Rights and obligations attached to the crypto-assets
• Underlying technology used for such assets
• Related risks

Prior approval for marketing communications will also be required for asset-reference and e-money tokens. All advertising messages and marketing materials should be fair, clear, not misleading, and aligned with the information provided in the crypto-asset whitepaper. 

Further requirements for asset-reference tokens and e-money tokens include regulatory approval before launching new services and vetting key management personnel. Regarding management, the bill notes that issuers of asset-referenced tokens should have robust governance arrangements, including a clear organizational structure and effective processes to identify, manage, monitor, and report the risks to which they are or might be exposed.

More information on the key takeaways for CASPs can be found here.

Next steps

The MiCA bill points to a more comprehensive, strategic view of crypto assets being adopted by the EU and a greater understanding of how they integrate into the broader financial services ecosystem. 

Before the act can be signed into the Official Journal, it must be voted on at a European Parliament plenary session, possibly in November. If no amendments are made, the bill will move on and be signed into law during December’s plenary session. From then, crypto firms will have up to 18 months to prepare themselves for the changes, with the bill likely coming into effect in 2024.  

The post EU Lawmakers Approve MiCA Bill to Regulate Crypto appeared first on ComplyAdvantage.

Led by the Treasury and developed by a working group consisting of the Council of Financial Regulators, AUSTRAC, the Australian Competition and Consumer Commission (ACCC), and the Attorney-General’s Department, the report outlines four policy recommendations, including:

• Collecting de-banking data
• Introducing transparency and fairness measures
• Advising the government on the risk tolerances of the four major banks
• Investing in improving banking capabilities provided to digital currency exchanges, FinTechs, and remittance providers

Policy recommendations

The report proposes collecting data from the “Big Four” banks on “the extent and nature of the debanking problem.” A two-phased approach is suggested, with the initial data collection exercise being voluntary before introducing a more formal and regular data collection process under the Financial Sector (Collection of Data) Act 2001. The staggered approach is to confirm the process provides valuable insights before implementing a permanent requirement.

The Treasury also recommends banks apply five measures “designed to increase transparency, consistency, and fairness to individual and small business customers regarding all debanking decisions.” These transparency measures include:

• Documenting reasons for de-banking a customer
• Providing de-banked customers with the bank’s reasoning
• Ensuring de-banked customers have access to Internal Dispute Resolution procedures
• Providing a minimum of 30 days’ notice before closing a customer’s existing core banking services
• Self-certifying adherence to the above measures

The report’s third recommendation suggests banks publish guidance on risk tolerance and compliance requirements for high-risk banking businesses. By outlining the banks’ expectations and standards for maintaining a banking relationship, existing and potential customers in the high-risk sectors will be granted greater clarity on how to meet the banks’ expectations.

Fourthly, the Treasury recommends that consideration be given by the government to fund targeted education, outreach, and guidance to the FinTech, digital currency exchange, and remittance sectors. The report highlights that such an investment would increase the capabilities of each high-risk sector and “enhance compliance outcomes and reduce compliance risk.” 

De-banking concerns 

De-banking is defined by the Financial Action Task Force (FATF) as situations where financial institutions restrict or terminate business relationships with clients, sectors, or even entire countries to avoid risk. 

In September 2021, the CEO of FinTech Australia told the Senate committee that approximately 150 of her organization’s members had been de-banked by financial institutions, with no reason provided or ability to appeal the decision. 

In November 2021, AUSTRAC issued guidance around de-banking, urging financial institutions to take a risk-based, case-by-case approach to managing anti-money laundering and combatting terrorism financing (AML/CTF) challenges rather than simply closing accounts. AUSTRAC’s chief executive, Nicole Rose, also raised concerns that such measures could increase the risk of money laundering by pushing criminals underground where regulators would have less visibility. 

The Treasury reemphasizes Rose’s concerns throughout the report, noting that de-banking could have a “devastating impact” on businesses, individuals, market competition, and innovation in emerging sectors. 

In a statement released on Monday, October 3, Australian Treasurer Jim Chalmers welcomed the report’s recommendations, noting that “the government is committed to promoting innovation and competition in the financial services sector and will continue to work with affected customers.”

Key takeaways

From regulatory sandboxes allowing license-free testing for up to two years to the Banking Royal Commission opening the door to innovation in 2019, Australia’s pro-competition and pro-innovation outlook tee up further legislative and regulatory support for the FinTech industry. 

To stay on top of Australia’s evolving regulatory landscape, compliance staff in high-risk sectors should ensure they are familiar with AUSTRAC’s current guidance: 

• Preventing the criminal abuse of digital currencies
• Detecting and stopping ransomware payments
• Digital currency exchange risk management methodology fact sheet
• Independent remittance dealers in Australia risk assessment 2022
• A guide to preparing and implementing an AML/CTF program for your digital currency exchange business
• SMR and digital currency exchange provider webinar recording

The post De-Banking Policy Advice: Australian Government Pledges Response appeared first on ComplyAdvantage.