Current observations in the Financial Crime Prevention Area by FCP expert Jonas Karlsson
AML-expert and former justice Jonas Karlsson re-joins Advisense and shares his most recent observations in the financial crime prevention area. Jonas Karlsson moves from a role as Deputy Head of Group Financial Crime Prevention at Handelsbanken to Director at Advisenses growing AML-team based in Stockholm.
Substantial investments are made in AML development and transformation programs. What do you see are keys to succeed?
One key is to understand that there are many sub-processes when building and maintaining an efficient FCP risk management process. This includes systems and departments, which all have to be coordinated and in synch. Having said this, it is a common mistake to break up the AML-area into silos or “streams” and lose sight of the overall goal. In my opinion, organizations should start by establishing the overarching objective, or vision if you like, and make sure this is communicated and accepted by the staff tasked to drive the transformation. The vision should ideally be operationalized and broken down into sub-goals to guide all decisions big and small, which should translate into an alignment of all sub-processes.
In addition to the importance of having a clear goal or vision, another key is to realize that all the pieces in the AML-puzzle such as customer due diligence, customer risk rating and transaction monitoring are just different mechanisms to alert the organization to situations of potential high risks that must be assessed and managed as either acceptable or un-acceptable.
Jonas Karlsson
Going forward, I think or at least hope we will see less of a division between back-office organizations working with “KYC” and “TM-alert management” in terms of processes, ways of working and outcomes. In essence, we need to understand that all this is about risk management.
Last but not least, no transformation is possible without a very good understanding of the financial crime risks and how they could materialize in the business.
We have recently seen an increased focus on model governance and validation within anti-money laundering. What is your take on this topic?
I’m surprised that models risk management procedures and validations have not enjoyed more attention, given that model documentation, evaluation and validation are very important ways to demonstrate to internal and external stakeholders that the models are performing as intended.
Coming back to the keys to success in FCP risk management, it is clear that firms are heavily reliant on different kinds of models to alert the organization to situations of potential high risk. But it is far from only a compliance issue; I am convinced that many customer risk rating models and transaction monitoring scenarios in use today are underperforming, failing to capture material risks. This is partly due to a lack of model documentation that serves to frame a logic from risk to actual output. To put it simply, if a model cannot be properly described in writing, or its purpose is debatable, you probably should not have deployed it in the first place.
ESG and the role and responsibility of financial companies in society at large is very much in focus. How do you see that this affects how companies address AML/FCP?
To me, and probably to most AML-professionals out there, it’s obvious that preventing financial crime is not only an important contribution, but even a crucial aspect to social sustainability. Money laundering in one form or another is the means to use the gains from tax evasion, corruption, fraud and other economic crimes that are detrimental to all societies. On the back of this complex and increasingly infected challenge, is organized crime.
So yes, I think that the increased focus on ESG in general is highly beneficial to the FCP discourse and professionals in this field, and helps to put FCP-work into a more positive context than what is frequently the case. Without this context, there is a risk that people from the business side or senior management view FCP as just a cost-driving issue which may hinder customer acquisition and business development.
Furthermore, I also expect to see greater attention to FCP excellence highlighted in what companies communicate in their annual sustainability reporting. This is obviously a quality issue and therefore also a competitive edge that should be materialized.
Looking into the future, what does FCP look like in five years?
That is a really hard question, since the regulatory framework is currently being re-drafted on EU-level. Based on the initial proposal and the prospect of a large number of technical standards from the new EU-authority (AMLA), I believe that we will be looking at a more rule-based approach by that time. To a certain extent I can understand this development, since enforcement actions in the EU tells us that many banks have not earned the trust of being “free” to apply a risk-based approach in this area.
Despite this, I hope to see a more flexible regulation that focuses on the outcomes of the process, i.e. proper risk management, rather than a regulation that projects a one size fits all solution on the inputs to the process and all the steps to be taken. But regardless of the new regulation, I’m sure that we’ll see continued development of KYC-systems, TM-systems and similar support-systems to increase automation where possible. This will in turn require even greater focus on access to correct and updated data. The logic here is simple, the output of AML-systems is directly proportional to the quality of data that is put into the systems. To date, this remains a significant challenge for many companies out there.
It is difficult to keep up with the changing regulatory requirements, the changing methods of the criminals and the technical and organizational development in the area. We as dedicated specialist consultants can make your company more efficient in the work against financial crime with our extensive experience of implementing proactive risk management and methods.