Client Alert: To the Banks That Fail to Adopt Tech in Financial Crime Compliance, APAC Regulators Ask, “Why Not?”
As more Asia Pacific (APAC) regulators recognize the power of technology in the fight against financial crime, there is a growing expectation and even assumption that financial institutions are deploying advanced capabilities throughout their compliance programs.
During this year’s Hong Kong Fintech Week, Michael Saadat, Executive Director of Financial Services at the Australian Securities and Investments Commission (ASIC), said for those financial institutions that have not deployed RegTech in their financial crime compliance, the regulator will ask “why not?”
Australian Regulators Raise the Bar for RegTech
Implementation Saadat’s comments echo the sentiments of an expanding number of regulators across the region.
Wayne Byres, Chair of the Australian Prudential Regulation Authority (APRA), stated in a speech earlier this year before the Risk Management Association that advanced technological capabilities, on behalf of the industry, regulators and the criminals they seek to block, demand a more forceful approach to cooperation and coordination.
“We will be firmly stepping into our expanded mandate, and acting more forcefully than we have done in the past,” he said. “We certainly hope to still have an open and cooperative relationship with regulated entities…but will have little patience when that is not reciprocated. Be it governance and culture, financial stability, superannuation or cyber-related risks, our standards and expectations in the future are likely to be more prescriptive and demanding, and our enforcement of them will undoubtedly be firmer and more insistent.”
AUSTRAC’s Approach to Regulation recognizes the “consequences of poor AML/CTF systems and controls can be very serious.” When deciding whether enforcement action is appropriate, AUSTRAC says it considers financial institutions’ “willingness and effort to comply,” including “compliance history…level of engagement with AUSTRAC and…demonstrated efforts to identify, mitigate and manage [money laundering and terrorist financing] risks.”
Adopting RegTech to support a more robust and responsive compliance program may help financial institutions better meet the expectations of regulators in the region. The Australian Transaction Reports and Analysis Centre (AUSTRAC) 2018 – 2022 Corporate Plan highlights the significance of recent innovations in RegTech in meeting the challenge of modern financial crime compliance. Citing open data, digital identity and artificial intelligence, AUSTRAC says RegTech creates “opportunities for the generation of greater insights into risks across the financial sector.”
At the second Australian Digital Government Summit, Leanne Fry, Chief Innovation Officer at AUSTRAC, said that her agency is using AI and machine learning to “better analyze more data, to catch more bad guys.”
Australian regulators are aligned in this regulatory approach. APRA and the Australian Securities and Investments Commission (ASIC) recently published an updated memorandum of understanding to facilitate improved industry data collection and sharing.
APAC Regulators Fostering a Collaborative Approach to AML/CTF
In October, during the International Compliance Association Annual APAC Conference, Monetary Authority of Singapore (MAS) Assistant Managing Director Loo Siew Yee said as the agency itself invests in new technologies to combat financial crime, it also “encourage[s] and expect[s] financial institutions to adopt new methods and technology to improve their anti-money laundering (AML)/counter terrorist financing (CFT) detection and risk mitigation capabilities.”
Indeed, APAC regulators are proactively looking to financial institutions as partners in building and supporting a robust compliance infrastructure to meet the challenge of increasingly sophisticated criminal activity.
“Banks and financial institutions are not law enforcement and can never replace the police and other agencies, but they are nevertheless playing a frontline role in our anti-money laundering regime since their data, technology and know-how has the opportunity like never before to detect and disrupt criminal activity,” said Carmen Chu, Executive Director of Enforcement and AML for the Hong Kong Monetary Authority (HKMA).
AUSTRAC is working with technology providers and financial institutions to raise the standard of financial crime compliance and enhance collaboration, risk identification and reporting. “New and emerging technologies also have the potential to deliver significant cost reductions into operational areas of Australia’s financial institutions, alongside significant enhancement of money laundering and terrorism financing (ML/TF) prevention and intelligence capability,” AUSTRAC’s current Corporate Plan states.
Regulators Tout Operational Benefits of RegTech
Many APAC regulators note that in addition to the benefits to the larger regulatory and law enforcement mission, RegTech provides financial institutions opportunities to increase operational efficiency and reduce regulatory compliance costs.
MAS has recognized the success of financial institutions using machine learning to enhance risk-score transaction monitoring. “This helps to prioritize higher risk alerts for closer and more timely review,” said Yee. MAS has also commended the use of network analysis to identify linkages between related parties or transaction patterns that help detect illicit networks. HKMA suggests the financial institutions that adopt RegTech in customer onboarding and customer screening enjoy reduced false positives as well as enhanced operational efficiency and effectiveness.
Megan Butler, Executive Director of Supervision at the Financial Conduct Authority (FCA), in October before the Royal United Services Institute, confirmed, “Used to the right ends, these technologies can be game changers in the fight against financial crime - both for the industry and the regulator.”
While regulators understand financial institutions may fall somewhere within a spectrum of maturity – some mixing manual and machine processes, some automating existing processes to “keep on top of volume and reduce false positives,” according to Butler, and some “going even further” – the defenses for those that have failed to adopt any RegTech in financial crime compliance are quickly dwindling.
To avoid the “if not, why not” question, it’s imperative late RegTech adopters take immediate steps to bring their compliance programs up to date with the expectations of regulators in 2020.