Money laundering is on the rise globally. Between 2016 and 2021, the yearly number of cases brought to the European Union Agency for Criminal Justice Cooperation doubled, bringing the total number of registered cases for that period to 3,000. In Ireland alone, the number of recorded money laundering crimes increased significantly from 86 in 2018 to 701 in 2021.
Simply put, money laundering allows criminals to disguise money gained through illegal activities as funds obtained through legitimate sources. It has extreme and negative effects on nations, societies and individuals. Money laundering has three layers: placement, layering and integration. By introducing dirty money into the financial system (placement) and then moving this money around via multiple financial transactions to disguise its origin (layering), criminals can reintroduce this once dirty money into the legitimate economy (integration) to accumulate further wealth, invest their profits, evade taxes, and avoid scrutiny and prosecution.
Money laundering funds further criminal activity, such as terrorism, illegal arms dealing, drug and human trafficking and other crimes—all of which exploit and harm innocent individuals. When successful, money laundering undermines local economies, increases corruption, discourages foreign investment and threatens the stability of financial systems. By its nature, money laundering is furtive, so measuring the scale of these illicit pursuits is challenging. However, in 2018, the IMF estimated that each year criminals successfully launder as much as five percent of global GDP—approximately $4trillion.
Money laundering jeopardises the integrity of financial institutions, making them vulnerable to unexpected risks. Exploited by criminals, these institutions may participate unknowingly in financial crimes. However, they are still subject to criminal charges for their involvement in these activities, and they can incur financial losses from fraud and illegal transactions.
To prevent criminal activity and safeguard the wellbeing of these institutions, national and international authorities mandate that financial institutions adhere to strict Anti-Money Laundering (AML) regulations, which are enforced by increasingly powerful regulators. Failure to comply with these regulations can result in fines, sanctions, reputational damage and other serious repercussions for these organisations.
The Effect of Evolving Anti-Money Laundering (AML) Regulations
Authorities have spent decades implementing AML regulations, aiming to prevent criminal activities or find and prosecute those involved in executing them. Unfortunately, criminals have become increasingly sophisticated using complex financial instruments and strategies for money laundering, taking advantage of technological innovations, such as cryptocurrencies and digital identification verification methods to evade detection.
In an attempt to keep up with these criminals, authorities and governments continually update AML regulations. In the European Union, all financial institutions had to implement 6th Money Laundering Directive (“AMLD”) by 3 June 2021. However, financial institutions can struggle to stay up to date and remain compliant in an ever-changing regulatory environment.
To avoid business risks and reputational damage, financial institutions need to implement and strengthen their internal AML governance controls, processes and procedures, such as Know Your Customer (KYC) and Customer Due Diligence (CDD).
The Increasing Importance of KYC and CDD Compliance
KYC regulations are an important component of AML frameworks because they ensure that financial institutions verify their customers’ identities and monitor their financial behaviour for suspicious activity. KYC and AML compliance are mandatory procedures, and financial services firms are required by law to ensure they remain complaint.
KYC regulations aim to mitigate the risks of organisations being used as vehicles for financial crime. To combat identity theft and increase security, regulators mandate that financial institutions and companies have robust KYC procedures in place. Organisations that fail to remain compliant expose themselves to the risk of expensive non-compliance fines imposed by regulators as well as potentially becoming victims of financial crime.
Since 2016, Europe has implemented three AML Directives—the 4th, 5th, and 6th Anti-Money Laundering Directives, each of which expanded KYC regulations and CDD requirements. The UK and the US have likewise continued to enhance their AML legislations, expanding the roles of KYC and CDD regulations.
Institutions can stay ahead of these obligations by taking a robust risk-based approach to KYC compliance.
A Risk-based Approach to KYC
In 2012, the Financial Action Task Force encouraged organisations to implement AML frameworks using a risk-based approach. Rather than provide prescriptive criteria for KYC, regulators set guidelines and expect financial organisations to establish compliance by identifying and assessing the money laundering risks to which they are exposed and creating measures necessary to control for said risks.
Thorough CDD procedures are integral to robust KYC policies. From the point of onboarding, financial institutions must obtain information that allows them to identify and verify that their clients are who they say they are.
When it comes to KYC, organisations should have a risk assessment framework based on the regulations of each domiciled investment/ jurisdiction in which they offer services before they begin to implement CDD processes. During the client onboarding authentication process, organisations must determine the money laundering risk associated with each client by assessing multiple factors such as their domicile, expected value of transactions, complexity of investing vehicle and more. A client deemed high-risk customer will require Enhanced Due Diligence (EDD) to ensure that their funds are not affiliated with criminal activities.
Financial institutions are responsible for carrying out periodic due diligence on all clients—the he frequency of which depend on whether the client has been assigned a high, medium or low risk rating. This measure helps to identify any changes to existing clients and ensure that their risk rating has not changed, e.g. that they have not become high risk and now require EDD. At the end of the day, financial institutions are responsible for the conduct of their customers, so they should complete thorough CDD and EDD, keeping records of all due diligence performed.
The benefits of using a risk-based approach to KYC is that it ensures robust regulatory compliance whilst delivering an enhanced client experience unlike an approach that requires a prescriptive list of documents. It also prevents a box-ticking attitude towards compliance.
A risk-based approach reduces the documentation requirement for lower-risk clients, and it is flexible to the extent that if, for whatever reason, a medium- or high-risk client cannot provide a document, a financial institution can act practically and seek an alternative solution that satisfies both the regulatory requirement and their internal risk framework. The financial institution must clearly document the solution and the rational for its use and have the appropriate authority within the institution sign off on this alternative approach.
Risk-based solutions can be customised for the circumstances at hand, but KYC teams need to work closely with their compliance and FinCrime teams to record all decisions made using this approach for consistency and future reference. Ultimately, the risk-based approach creates a positive experience for clients by working with them to satisfy CDD and EDD regulatory requirements.
Contact Us
At Grant Thornton, our financial crime team has extensive experience in managing KYC remediation. Our subject-matter experts are due diligence specialists who providing flexible AML and KYC solutions that will enhance your customers’ experiences while maintaining a robust risk-based approach to compliance. If you would like to discuss your AML/KYC needs, please contact a member of our financial crime compliance team or your usual Grant Thornton contact.
