The long-awaited Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) has finally arrived.
The rationale for the new rules is clear, with the National Crime Agency (NCA) recently stating their belief that tens of billions of pounds are laundered through the UK economy each year (for example, £24bn estimated as the cost of serious and organised crime). Furthermore, a 2013 study by the UN (referenced in the impact assessment of MLR 2017) found that 1 in 5 grand corruption cases used UK corporate vehicles to launder money.
There’s no doubt that the global appetite to ‘do the right thing’ and prevent financial crime from impacting customers and firms has never been so high.
MLR 2017 requires that firms have policies, controls and procedures to mitigate and manage the risks of money laundering and terrorist financing. The Government asserts that firms will be in a better position when they understand their anti-money laundering (AML) risks and have a proportionate approach in place for tacking them.
The challenge for most firms is not necessarily ‘what’ the new regulations are, but ‘how’ they should implement such a change. Most firms realise the cost of crime and how it can undermine their stability and integrity. However, in November 2016, the Head of Financial Crime at the FCA, Rob Gruppetta, stated that:
“in some firms, [the FCA] found serious deficiencies and required substantial changes to be made. We often found a culture of wanting to do the right thing, but struggling to translate this into effective execution.”
So how do firms ‘effectively execute’ changes that are proportionate within a risk-based approach?
Look outside of process
Firms should not solely focus on ‘tick-box’ processes, that is; how a current process ‘X’ must be changed to meet new regulation ‘Y’. As well as having robust processes, firms must be able to make effective judgments on what is specifically required for their business using a risk-based approach and their deep understanding of their own business.
Senior members of a firm will now be well aware of the risk-based approach and what it theoretically entails, but is the rest of the business? If not, how can staff be expected to contribute effectively to the proportionate management of risk?
The principle of regulation is to ‘do the right thing’, but doing the right thing as a business is dependent on both executing AML regulation and providing staff with the ‘bigger picture’ around what regulation is actually trying to achieve. Understanding this bigger picture greatly assists decision making throughout the organisation, and encourages a proportionate approach.
Regulation will not achieve its aims if firms do not implement the changes effectively, and the obligation is on firms to set their stall out appropriately in terms of risk.
An overly risk-averse approach can be costly and disrupt genuine customers, conversely, an overly accepting risk approach may leave areas to be exploited by criminals. Firms need the right compliance expertise and leadership to drive a culture of AML and calibrate the business to the risks it faces.
The regulatory change of MLR 2017 is not necessarily the challenge. The challenge is fostering the right mindset across your firm by embedding a culture that embraces what needs to be reviewed, assessed and implemented in terms of AML. Is your firm involving its people in finding the solutions to the challenges posed by AML regulation?
Some considerations for applying the new changes
- How will your firm influence its staff in light of MLR 2017?
- How will you create a written risk assessment that covers your customers, geographical area, products and services, transactions and delivery channels that is tailored to your sector and specific business? Do you have sufficient capacity and expertise to produce truly meaningful management information that reflects the business’s current state? Is proportionate internal challenge around AML risk from frontline staff embraced in your firm?
- How will you ensure that staff comply with the more prescriptive customer due diligence (CDD) rules? Automatic simplified due diligence of a defined list no longer exists in MLR 2017. Staff now need to consider each case by considering a range of risks, i.e. geographical location and customer type
- How will you apply the new changes to your policies, controls and procedures, then communicate these to your staff in a way that will resonate with them? Promoting an AML ‘culture’ can make your firm more resilient, but context around proportionality is also important to ensure you don’t create unnecessary work
- How can you implement a robust but cost-effective system to address Politically Exposed Persons (PEPs)? PEP screening in large organisations can present a challenge for firms in balancing customer experience with resilience against money laundering. MLR 2017 now expands the requirements for PEPs to include domestic PEPs, adding further challenges
Driving change as one team
Financial crime is an upward trend, and expanding through new technology in the form of cybercrime. Change may be introduced fairly constantly as regulation develops to tackle new criminal methodologies. Scanning the horizon for laws and regulations is a smart business strategy, however, we must remember that regulations do not implement change; people do.
A top-level response to change management that leads and inspires the whole organisation through the evolving regulatory landscape will assist firms in embedding compliance requirements at all levels. The FCA’s intention is for firms to meet the technical requirements while also empowering staff to apply a risk-based approach and understand their regulatory obligations.
A firm that focuses on people development and business improvement can adapt more easily to changes. To this end, firms should look to:
- Assess their current ‘AML culture’ and whether it is conducive to embedding AML regulation
- Roll-out bespoke training programmes on AML, including the context for new changes
- Measure effectiveness through the use of robust, AML-specific MI
- Communicate the new rules and changes to their staff at a level of detail that suits their role and risk exposure
- Gain ongoing assurance over the effectiveness of the firm’s culture
MLR 2017 is a necessary requirement but, more importantly, it is an opportunity to inspire and empower your people, through greater understanding, to execute AML requirements effectively.