Innovation in the Ever-Evolving AFC Industry

Anti-financial crime (AFC) professionals had little idea of how vastly the fight against money laundering, terrorist financing and financial crime would develop domestically and internationally in the years following the 9/11 terrorist attack. Since then, the world has seen a plethora of updates in compliance and legislation, the expansion of financial crimes into the cyber world, the issuance of sanctions and restrictions, among other changes. As we look to the future of AFC, it is important to remember all the lessons that professionals have learned in the last 20 years. ACAMS Today Editorial interviewed both veteran and emerging professionals in the AFC field about the past and future of the AFC industry.

ACAMS Today chatted with the following veteran voices in the AFC industry across the globe.

David Clark, CAMS, Financial Crime SME at ING N.V., has extensive global financial crime risk mitigation experience with banks (including ABN Amro, Barclays, GE & Standard Chartered) and previously, government customs agencies.

Marcy Forman, CAMS, CGSS, is the managing director for the Global Financial Crimes Investigations and Intelligence Unit at Citigroup. Forman’s expertise ranges from global investigations, including anti-money laundering (AML), sanctions, terrorist finance, anti-bribery and corruption, as well as other illicit activity.

Sandro García Rojas Castillo, CAMS, is the vice president of supervision and preventive processes at the Mexican National Banking and Securities Commission. Rojas Castillo is a lawyer and university professor specializing in the prevention and detection of money laundering, risk management and more.

Rick A. Small, CAMS, is the executive vice president and director of the Financial Crimes Program at Truist Financial. Small has over 35 years of experience in the private and public sectors, including several positions with the U.S. government.

ACAMS Today (AT): What was the most impactful development in AFC during the last 20 years?

Many people globally are committed to fighting financial crime from within FIs and can forge a meaningful and rewarding career in this space

David Clark (DC): Aside from specific pieces of legislation, regulation and guidance (e.g., EU AML Directives [since 1991], the USA PATRIOT Act [2001], the Financial Action Task Force 40 Recommendations [2004] and the emergence of the Wolfsberg Group [founded in 2000]); financial institutions (FIs) are held accountable and fined for money laundering through the financial system, which has had a massive impact in the AFC community. Billions of dollars in fines have been levied on FIs globally for financial crime-related compliance breaches in the last 20 years. While the numbers are eyewatering, the true internal costs to institutions—including the costs of monitoring activity—have been exponentially higher. The positive outcome has been stronger AFC processes and procedures, making it harder for criminals to abuse the financial systems through mainstream FIs. On the negative side, it has left outliers—perceived higher risk customers—struggling to be banked; and driven criminal activity into either the lighter regulated/unregulated sector or using intermediaries to launder their proceeds. Another positive by-product of the focus on financial crime by regulators has been financial crime compliance evolving into a standalone profession. Many people globally are committed to fighting financial crime from within FIs and can forge a meaningful and rewarding career in this space. Upskilling and networking have allowed this community to come together into a force for good that makes a real difference.

Marcy Forman (MF): The enactment of the USA PATRIOT Act in 2001 was the most impactful legislation passed to combat money laundering and terrorist financing. The U.S. government and the private sector were provided with the authority and laws that did not exist prior to 9/11. The most notable of these laws were sections 314(a) and 314(b), respectively—which allow law enforcement (LE) to submit requests related to subject accounts to FIs through the Financial Crimes Enforcement Network (FinCEN)—prior to issuing a subpoena. In addition, these allow FIs to share and request information from other institutions to support AML cases. Also worth recognizing is the importance and impact of the public-private partnerships that have been adopted and formed around the world. Whether these are localized relationships or formally established groups such as the Joint Money Laundering Intelligence Teams (JMLIT), the ability to share typologies and other relevant information allows both banks and LE to target their resources on the highest risks that result in effective outcomes.

Sandro García Rojas Castillo (SGRC): Undoubtedly, there are two important issues that have emerged over the last 20 years. The first is integrating reliable data that can provide information to assess risk. The second is compliance—not solely complying technically—but complying with effective measures. In my opinion, risk-based approach and reliable data are the most significant developments in AFC in the last 20 years worldwide.

Rick Small (RS): While the events of 9/11 were horrific, the aftermath led to the passage of the USA PATRIOT Act. The PATRIOT Act was a defining moment in AML compliance. The provisions of the PATRIOT Act, which have been codified in the Bank Secrecy Act, added comprehensive requirements covering a range of areas, including the customer identification program. Information sharing between FIs and the government on significant money laundering and terrorist financing matters and information sharing between FIs, as well as enhanced due diligence requirements for certain customers and transactions, have endured for almost 20 years and have defined AML controls for FIs.

AT: Please predict what will be the top concerns for the AFC industry in the next 20 years.

DC: The outcome of the tussle between data privacy and data sharing to counter financial crime is a concern and is critical to the success of AFC efforts. Whichever figure you subscribe to for the number of financial crime proceeds laundered annually, the sad truth is that the number of meaningful convictions of significant criminal actors and the amount of assets forfeited by criminals is disappointingly low. The only way to disrupt those criminal networks is for FIs and LE to work together more efficiently and more effectively. The continued evolution of public-private partnerships is key to this. There are good early examples of success in this regard, and it can only be hoped that in the next 20 years, this will become the global norm.

As the banking landscape changes in the next 20 years with digitization, new actors in the financial services ecosystems and faster payments, the concern is whether legislation, regulators and financial crime compliance staff will be able to keep up with the criminals looking to exploit these changes. The key to this will be the maintenance of the principle that the same risk means the same regulation, so there is a level playing field for FIs.

MF: The top concern(s) for the AML industry will most likely focus on fintech, payment intermediaries and virtual assets. Furthermore, with the surge of cybercrime and ransomware demands, the ability and skills needed to address this ever-growing threat will continue to pose challenges. The demand of traditional FIs to keep up with the latest innovations posed by these industries and the challenges posed by the lack of transactional transparency and the quickness in which funds move through this space will be at the forefront of what the industry will have to tackle. There will be a growing need for these industries to conform to a regulatory environment that banks and other nonfinancial institutions are currently subject to. Other concerns will be the enhanced scrutiny on environmental crimes such as illegal wildlife trade, fisheries, mining and logging pose, as well as the continued rise of domestic terrorism and hate crimes around the globe.

SGRC: A top concern will be the speed in which crimes are committed because this means that in order to combat financial crime, supervising and assessing information would need to be done as quickly as possible. Certainly, technology should be prioritized. Technology is now a challenge because we need to decide how to manage and process information. Another important concern for the next 20 years is going to be supervising and assessing risk in real-time. This information needs to become a common language of understanding among financial institutions, authorities and countries. We need to establish a common understanding of risk to be able to mitigate those risks.

RS: Technology will be a top concern and priority. As a concern, technology is providing criminals with the ability to rapidly move illicit funds, such as cryptocurrencies, along with the ability to create new individual and legal entities with unprecedented precision and speed to hide the true nature and purpose of illicit money. While technology is being used to facilitate illicit activities, FIs have never been better placed to take advantage of the rapidly changing technology landscape to develop and implement new and innovative risk management controls and applications to identify criminals and their illicit funds.

Chris Bagnall, CAMS-FCI, has 15 years of AFC experience primarily in the mid-size bank space and is currently working with FIs, technology companies and the government in support of innovation, collaboration and transparency.

Kelly Cooper, CAMS, is an associate vice president and internal audit manager at the Industrial and Commercial Bank of China. Cooper is a regulatory and AML consultant for FIs with vast experience in the AFC field.

Melissa Strait, CAMS, is a chief compliance officer at Coinbase. Strait has 15 years of experience in payments, AML compliance, global due diligence and investigations.

AT: Currently, what is the most prominent hurdle facing the AFC industry?

Chris Bagnall (CB): The transition from focusing on “check-the-box” compliance and inefficient technology to threat-focused programs leveraging advanced technologies that support efficient AFC programs and getting effective information into the hands of LE is my choice. Having spent most of my career in banking, I’ve had the opportunity to interact with many AFC technologies, learned from brilliant/innovative AFC professionals and directly impacted the trajectory of a few AFC programs. However, there have been countless moments of frustration because the tools needed to be more effective and efficient weren’t accessible or just didn’t work.

Fast forward to 2022 and there are countless advanced, well-intentioned AFC technologies. While a cause for celebration, it’s also a reason to pause. Frustrations are abounding due to an oversaturation of options, a continued one-size-fits-all mentality, high cost, promises to fix everything and a lack of access. These AFC technologies, such as artificial intelligence to counter money laundering, also lack sufficient explainability and the transition is difficult, if not nearly impossible for most FIs.

So how does the industry overcome this hurdle? Below are some ideas.

Vendors need to listen and allow AFC professionals to drive the technology design.
The competitive nature between vendors who trade clients like baseball cards is not working. Stopping financial crimes is not a competition. No vendor will have every FI as a client, nor will they share client information with competitors, ultimately limiting collaboration and information sharing between FIs and FIs and between FIs and LE.
Access to advanced technologies needs to be easier and more cost-effective for FIs of all sizes.
Individuals with technical, regulatory or AFC expertise need to upskill and gain more knowledge in each of these areas.

While all equally important, upskilling will be critical. AFC professionals proficient or at least knowledgeable enough in each skillset are few and far between. Upskilling will make the transition easier and allow the AFC industry to stay ahead of the convergence of technology, innovation, regulatory compliance and collaboration.

Kelly Cooper (KC): The Anti-Money Laundering Act of 2020 (AMLA) requires risks (specifically those related to national priorities) to become the focus of AML programs. While the concept of the risk-based approach has been a central theme to AML for many years, our programs have historically been centered on regulatory compliance risks. Technical compliance has been the focus of review by regulatory agencies and is referenced in large-scale regulatory actions taken against many global FIs.

The expectation to place financial crime risks at the heart of AML programs and allocate resources according to the assessment of these risks will be a fundamental change. Most notably, there will likely be a period during which FIs will have to implement new requirements while also answering to legacy expectations of bank examiners. Until FIs have full supervisory support to reallocate program resources to address the approach codified by the AMLA, they will have to continue to devote significant resources to managing technical compliance expectations while also implementing the effectiveness concept within the AMLA.

Melissa Strait (MS): The most prominent hurdle is the ability to hire top talent. The financial ecosystem is no longer what it was. Technology has fundamentally changed the nature of financial services. Customers expect completely frictionless online experiences where transactions happen in milliseconds, not days or weeks, and with the advent of cryptocurrency, the financial markets now operate around the clock. To adapt to this reality, the compliance profession must also change. We need to develop compliance experts who deeply understand new financial services and technology, who can identify inefficiencies and pain points in traditional processes and have the critical thinking skills to come up with better solutions. This means investing in people with more qualitative skillsets, like the ability to execute structured query language (SQL) searches and more complex data analysis. Increasingly, a career in compliance will hinge on the ability to run at the speed of technology, and our industry needs to make a substantial pivot to keep up with this reality.

I have a fundamental concern that much of compliance today is still focused on a talent base that executes operational processes using very traditional methods, with substantial reliance on paper documentation and human review. This simply will not scale with the rate of change within the financial system. Furthermore, these processes have in many ways worked to exclude good actors from utilizing traditional financial services by relying on heavy, official documentation that many small businesses and un- or underbanked individuals simply cannot provide.

We can—and must—do better as an industry to challenge the status quo, including identifying new compliance professionals who are excited by that vision.

AT: In your opinion, what will be the top concern(s) for the AFC industry in the next 20 years?

CB: Being fully on board with collaboration, I reached out to some AFC professionals whose voices I respect to predict some concerns collectively:

While progress has been made in AML reforms, most regulations are archaic and not designed to keep up with innovation. While every year, or every few years, U.S. AML regulations will be updated; in response, innovation and criminals will continue to stay a step ahead without regulations being innovative themselves.
Combating financial crimes through advanced payment solutions that will continue to grow in velocity and frequently provide limited visibility.
Cryptocurrencies are becoming more plentiful and cryptic, making something difficult to monitor and screen even more opaque.
Knowledgeable resource costs and costs to keep up with and/or stay ahead of the evolution within cyber security.
The future of brick-and-mortar banking in relation to know your customer (KYC) means more customers moving to online financial services leading to not only digital IDs but virtual identities. There is no government-wide standard or widely accepted digital identity parameters. Digital identity is coming, and not only the AML regulations but government-wide structures must evolve.
Private-public information sharing is not becoming what is expected fast enough. Long-time barriers need to be broken down as well as the avenue to make it happen safely and securely.
Automation, smart transaction monitoring and data-driven compliance utilized to fight financial crimes will drive down compliance costs and further reduce criminals’ ability to commit crimes. Adoption will be slow while criminals move ahead much faster.

Over the next 20-years, AFC professionals will need to advance their knowledge and skillsets, collaborate, as well as close the gap between regulatory compliance and the torrid pace of innovation.

KC: As the concept of “effectiveness” becomes further embedded into the operations of an AML program, information sharing will become increasingly important. The sharing of information related to financial crimes risks can be conducted through public-private partnerships, leveraging legal provisions such as 314(b) that enable private-private information sharing, or even processes that allow for information to be shared between foreign branches, subsidiaries and affiliates, as permitted through the FinCEN pilot required by the AMLA.

The U.S. government is currently emphasizing the risk management value obtained through the sharing of information to build a more comprehensive picture of trending typologies, criminal networks and transaction flows. While we see this encouragement on paper through documents like the AMLA and the Advanced Notice of Proposed Rulemaking (ANPRM) on AML program effectiveness, FIs may encounter legal and regulatory hurdles due to data privacy concerns. This will likely be an increasing issue for FIs that operate in countries outside the U.S. that do not have information-sharing allowances built into the legal frameworks.

MS: The financial services landscape is changing incredibly quickly. While fintech seemed like a novelty 10 years ago, we now have cryptocurrency and decentralized finance (DeFi), which have seen an explosive growth in just the past year. Despite their best efforts to keep up, governments and regulators are falling behind in terms of their ability to provide oversight of these markets. Similarly, the biggest challenge for the AFC industry in the next 20 years will be keeping up with the pace of change (and keeping ahead of bad actors trying to exploit new technologies), but also doing so while regulations are rapidly evolving.¹

In addition, cryptocurrency and DeFi are here to stay. While many FIs still prohibit or restrict these businesses, consumers are increasingly interested in cryptocurrency and related products, like nonfungible tokens. FIs will be progressively penalized by their customers for failing to allow or offer these types of products, and as such, AFC programs will need to adapt to accommodate them. This means investing in the right people and technology to modernize their compliance programs. While this will be a challenge for the industry, it will be increasingly necessary to ensure that firms are not incentivized to find low-regulation, offshore jurisdictions from which to offer their products.

Interviewed by ACAMS Today Editorial, ACAMS, USA, editor@acams.org