Having attended the 15th European ACAMS conference last week, I’d like to share a few key discussion points and thoughts that I found most interesting over the three-day event.

The discussion which struck me the most centred around how outdated the current concepts are and the fact that the financial services sector cannot remain stuck with 1989 rules that were drafted when the FATF was formed – we live in a very different world and many of those standards are now redundant; in other words, policymakers need to re-think AML/CFT controls and make them more effective. In truth, if we had to ask ourselves a very basic question – why do we do KYC? – most of us would agree that the main purpose would be regulatory compliance. Surely, however, KYC controls should be in place to prevent criminals from using our systems and to allow traceability of the flow of funds. As transactions become more complex, KYC measures at on-boarding become less relevant in comparison to transaction monitoring, which should take centre stage. Whilst knowing who your customer is and understanding his business activities is important to formulate your transaction monitoring parameters, dwelling too much on technicalities (such as a certified passport, a recent utility bill, etc) contributes little value; rather, it just contributes to the frustration of your ‘good’ customers because of the ingrained culture across the financial services sector of treating all customers as criminals at the outset in an effort to achieve (close to) 100% regulatory compliance. In other words, just like a restaurant cannot be run for the benefit of the health inspector, a bank cannot be focussed exclusively on pleasing the regulator.

Some other useful take-away points which are worth thinking about included the following:

  • AI and similar machine-learning technologies are being over-sold as the silver bullet solution to all our problems; yet they aren’t – or at least they cannot function in isolation. Indeed, for technology to be effective and produce the desired outcomes, the organisation needs to have reached an adequate level of maturity in order to understand what risks it is facing and what the technology should be looking for; otherwise, the results will be skewed and mostly unhelpful. More importantly, although regulators are pressuring financial institutions into adopting technological solutions to tackle financial crime, they do not seem to fully appreciate that this will need to come at a cost and that human and financial resources are finite, i.e. banks cannot be expected to pursue remediation exercises whilst also seeking to invest in new technologies – something has to give, choices need to be made and risks need to be taken, even by regulators and law enforcement agencies.
  • Sanctions practices are being increasingly put under the spotlight and, in particular, one should not underestimate the importance of knowing your customer’s customers and the widespread implications of secondary sections on non-US persons/jurisdictions.
  • Up until last year, AML/CFT concerns would win over privacy rights hands-down; this is no longer the case and they are presently at par which each other in importance. This clearly presents a challenge for financial institutions – at some point, a decision needs to be made by senior management as to which law will they disregard to comply with another conflicting regime for the benefit of their customers and their business.