Ask the AFC Guru: Patricia Kordesch—A European Perspective

Ask the AFC Guru: Patricia Kordesch—A European Perspective

Our latest anti-financial crime (AFC) guru, Patricia Kordesch, CAMS, has three decades of experience in the areas of governance, risk management, control frameworks and internal audit, with a focus on anti-money laundering (AML) and change management. She held leadership positions in Europe, APAC and the U.S. across a global financial institution as well as global designated non-financial businesses and professions (hospitality and retail). Kordesch is currently associated with the German Financial Intelligence Unit (FIU), where she has been leading operational analyses and international cooperation. She has been actively engaged in the Egmont Group of FIUs as regional representative of the European Union (EU)-based FIUs and as project lead. She has contributed to EU Commission projects on beneficial ownership and correspondent banking.

Question 1: How can the new AML package overcome the limitations of directives that vary with legal frameworks based on the sovereignty of each member state?

Patricia Kordesch (PK): In the past, EU directives, which constitute a legislative act defining an objective that each EU member state will need to transpose into their own legislation, led to the unwanted consequence of diverging approaches, varying standards or delayed implementation across the EU.

In response, the proposal to overhaul and strengthen the EU AML/counter-terrorist financing (CTF) rules has been aiming at closing loopholes and creating a much more consistent framework.

The so-called AML package, adopted by the EU Parliament on April 24, 2024, comprises the Sixth AML Directive, and “regulations,” which are binding legislative acts that are directly applicable across the EU.

The new AML regulation covers key elements, such as customer due diligence (CDD), beneficial ownership, new groups of obliged entities, suspicious transaction report/suspicious activity report submissions, cash transactions and targeted financial sanctions. The related rules from 2027 onwards will be applied in a consistent approach across member states, creating a level playing field in order to prevent regulatory arbitrage and to close loopholes.

Furthermore, the AML Authority (AMLA) Regulation establishing the AMLA will pave the way toward a harmonized, integrated supervisory process. As an independent authority, AMLA will monitor, coordinate and support the implementation of the new regulations across the EU, including the coordination of risk assessments.

Question 2: In your opinion, has the new EU politically exposed person (PEP) list created more problems than solutions when it comes to identifying PEPs across member states?

PK: The concept of a PEP as a person in a prominent public function is well established, yet the interpretation of the PEP status differs across member states. Thus, the new EU PEP list is a logical step to harmonize rules across member states. It provides obliged entities in all member states with a consistent set of criteria.

The list is complex, very broad and very detailed. It comprises all members of the executive, legislative and judicial branches at the EU level, on the member state level and comparable persons in third countries. It ranges across all levels, from head of state and member of the Supreme Court to actors on the community level and includes decision-makers in publicly controlled entities, family members and close associates of PEPs.

In my opinion, the list will have consequences for all stakeholders. It could be expected that the number of PEPs across member states would increase. Obliged entities would need to align internal procedures and revisit their current client portfolio to adjust client classifications as needed. At the start, if in doubt, a client will be classified as a PEP. The provisions for close associates can only be complied with once entries in national beneficial ownership registers are accurate and complete. The industry will need to develop a common understanding of various details, among them the PEP status in publicly controlled entities.

While both principle-based and rules-based regulation have pros and cons, this new list is a valid, yet complex starting point on the way toward PEP consistency.

Question 3: What recommendations do you have for retraining staff on best CDD practices?

PK: Any CDD training program should be tailored to the target group, whether new employees or retraining of staff, whether agents or distributors, with focus on the following: Awareness of the “why” of CDD is of utmost importance to achieve the expected quality outcome. CDD is not just a tick-box approach to fulfill a regulatory requirement or avoid a fine. CDD means business risk and regulatory risk. Each staff member has to translate this understanding into daily operations.

The specific regulatory requirements need to be known and understood in detail. This holds especially true in times when more stringent requirements are enacted or new industries become obliged entities and with this subject to CDD requirements, such as crypto-asset service providers (CASPs), crowd-funding platforms and professional football clubs, among others.

Timely training, covering the changes and discussing related practical implications will be most suited. Moreover, lessons learned from past mistakes in CDD appears to be a value-adding training element. Internal partners such as control functions, AML/compliance and internal audit should be invited to share their perspectives.

Personal skills are a key success factor in any client relationship. For CDD, the ability to connect with the client and to build trust is the needed “icing on the cake.” A trusted relationship manager will be able to collect valuable information that, together with the CDD information “on file,” will provide a current and comprehensive view of the client and allow for an accurate risk assessment.

Question 4: What are some of the impending challenges posed by AI in the area of CDD?

PK: Recent developments in artificial intelligence (AI), from natural language processing to text-to-video sequences, and the speed of technological advancements are creating high risks for the CDD process.

CDD means, in a nutshell, knowing and understanding your client, which aims well beyond static data to include economic context, expected transactional behavior and updates thereof. With decreasing face-to-face interaction and an increasing portion of CDD information being generated via virtual means, the “reality” presented by your client might be less real than expected and need to be challenged.

The CDD process is complex and resource intensive. AI could provide an opportunity to raise process efficiencies when applied in a controlled environment.

Imagine this:

A property or assets in a client’s warehouse, to be considered within CDD, were presented via a virtual “live” walk-though but would exist as AI-generated fake video only.

The security features for account opening, for digital identity or transaction approval would be jeopardized by deepfakes and AI-generated voices.

A “client” phone call would instead be held with a chatbot enriched by “affective computing,” with responsiveness and emotions well imitating an interaction with the real client.

A client would present balance sheets and tax returns for some years, cohesive and consistent with industry results, which were invented by AI at quality levels that complicate detection.

The AI applied in the CDD process would develop biased or ethically questionable algorithms, impacting client risk assessments and collaborative CDD.

Such potential risks would affect all stakeholders to various degrees. A public-private partnership could provide a forum to discuss such risks.

Question 5: What developments do you see on the horizon related to beneficial ownership?

PK: Information on beneficial ownership has been an area of focus, specifically when related to complex corporate structures with the importance of beneficial ownership information (BOI) having been proven in connection with targeted financial sanctions.

The EU approach could provide a blueprint like the General Data Protection Regulation, leading the way toward elevated beneficial ownership standards and procedures in other countries. Why?

The EU AML package provides detailed rules to identify beneficial ownership, thus ensuring a harmonization in the interpretation and implementation of the beneficial ownership concept across member states. Beneficial ownership rules are applicable to the widest possible range of legal structures. Moreover, the package reflects the importance of national beneficial ownership registers for FIUs, law enforcement agencies and society at large:

Completeness—The scope for registration has been extended to include legal entities incorporated outside the EU upon entering into a business relationship within the EU. Likewise, acquisition of real estate in the EU (from January 1, 2014, onwards) and of high value goods like cars, noncommercial planes and/or boats requires beneficial ownership registration.

Enhanced data quality—First and foremost, beneficial ownership registers are required to be accurate, adequate and up-to-date. The measures introduced to enhance the reliability of BOI comprise the requirement to update the register and obliging entities to report noted discrepancies back to the register. The entities in charge of the register can request, inspect and enforce information. These concerted efforts will, over time, enhance data quality.

Extended transparency—Needless to say, competent authorities involved in the AML/CTF regime will have access to beneficial ownership registers. Furthermore, access for obliged entities will support their CDD process. Society at large will benefit as people who can demonstrate legitimate interest, such as investigative journalists, will have access to necessary information.

Patricia Kordesch, head of international cooperation, FIU Germany,

Leave a Reply