Jane Jee, CEO at Kompli-Global, has some strong views on the current challenges facing the RegTech industry, and what the regulators themselves could do to fix them. Here, she speaks candidly to RegTech Insight about her views on building a robust RegTech industry in a post-4MLD/5MLD (EU Money Laundering Directive) world.
What do you consider to be the current key challenges in the AML space that RegTech needs to solve for firms?
In terms of key challenges, reducing compliance costs is my number one. But having said that, in the short term, RegTech is going to increase compliance costs because it needs to be tested, and because firms probably need to change or review, significantly review, the processes they use if they’re going to enable technology to function properly.
Another key challenge is where do firms find the relevant adverse information to check people, both individual customers and beneficial owners. Firms need to not breach data protection, so how much information is too much, and can there ever be too much if the AML team do a really thorough search. If the objective is to prevent financial crime, then arguably, the way to do that is to do consistently thorough searches.
Number three is managing cross-border and multi-jurisdictional AML compliance. We don’t have a global regulator, so how do firms make sure that if they are both, they manage all the cross-border, multi-jurisdictional requirements which aren’t necessarily consistent with each other and vary from country to country? Regulatory change has been accelerating since the global financial crash. It’s not slowed down. This lack of global hard and fast rules is a real challenge – there is the Financial Action Task Force (FATF), but you don’t have any global enforcement and you’ve got very little global consistency between the regulators. And there has been increased regulatory activity. There’s been more fines and sanctions, some of which have been stopping a business altogether from functioning.
Next, how do firms identify beneficial ownership both initially and on an ongoing basis? That’s quite a significant task for compliance teams. There is a lack of skilled personnel. So, even if a bank wants to adopt a RegTech solution, they do find it hard to recruit the staff with the right knowledge and skills. Getting staff with an in-depth knowledge of AML can be very expense. So, high on-boarding timelines and costs and attrition are other factors that hopefully RegTech solutions can help resolve.
What types of emerging RegTech approaches appear to be the most promising for meeting these challenges?
The trouble is that artificial intelligence is the generic term which really embraces lots of subcategories like data analytics, machine learning, and blockchain. All these RegTech approaches could solve some of those challenges.
One of the things we’ve seen is the emergence of end to end onboarding platforms. And I think that’s something that will be adopted increasingly. But I’d like to draw your attention to a report the FATF produced last year which was about the challenges in beneficial ownership and the fact that many companies conceal their beneficial owners. An extract from that report says that there’s lots of third-party service providers who will give firms identity verification and CDD, but they’re not thorough enough and the banks have pointed that out. FATF wondered whether the information stored by certain parties is sometimes deficient. They weren’t quite sure why. They said it’s not up to date and it’s not complete and whilst the advent of virtual identities could improve that, there may be opportunities for this information resource to be improved now.
Are there current challenges on which RegTech has yet to make a real impact?
I think that the actual level of RegTech adoption is actually quite low. I’m a lawyer by training and I’ve been very disappointed, although I absolutely understand why, the UK Financial Conduct Authority (FCA) have continually said that they support RegTech but they can’t endorse any particular solution because they’ve got the competitive mandate, which means they have to promote competition. If they were to adopt any particular company or any particular solution, that would be directly against one of their three key objectives. But the RegTech industry could do with more detailed guidance on some issues and it could do with better enforcement.
I actually think the FCA has very poor AML expertise. They’ve got really good RegTech, they’re really excited about technology, they love it, they have sandboxes, tech sprints, it’s all good PR. But actually, does it deliver less financial crime would be my question, and I’m not sure that it does.
Also, the fact that RegTech isn’t regulated is the biggest issue. If there were standards, if there were some sort of framework which RegTech companies had to operate to, it would make everybody’s life that much easier.
How will AML regulation and programs need to evolve to continue the battle against financial crime within the ecosystems that these new technologies create?
I wish that would enforce the guidance we have got, quite a lot of Joint Money Laundering Steering Group (JMLSG) guidance is not enforced. If you were a bank and you use an AML information provider, I think that the FCA just tick a box, so the irony is that they’re telling banks they can’t tick boxes themselves. They can’t tick boxes but the FCA do tick boxes. That’s because they don’t have a great sense of what could we do rather than just using these conventional providers. What should a bank be doing?
So, in some cases, more explicit guidance is needed. They need to go a bit further. It’s all very well saying this is based on risk, but if I don’t ask them enough questions, if I don’t get the right information of the right quality, then I’m going to let people in that I shouldn’t let in.
In what ways do you anticipate RegTech around AML evolving to meet the challenges of this new ecosystem?
I think that Cloud-based real time software as a service (SaaS) will become the norm. And there will be a framework for its use. So, we’ll have responsibility and liability being defined. I think the banks are terrified of adopting this at the moment because they have no guidance. If they do use technology, they’re still liable. They can have contractual lability falling back on the supplier but that’s not going to help them vis-a-vis the regulator.
In that vein, I think RegTech companies will become certified or regulated and that will enable them to gain wider acceptance. I think that’s an important development which we have yet to see. I think Innovate Finance has a group that’s putting forward some sort of certification system.
All of this can seem overwhelming – in what ways should an MLRO and their AML team think about all of this in a risk-based way?
Documenting risk is key because they’ve got to document, they’ve got to look at the national risk assessment. They’ve got to have a risk assessment of their client. I think it’s really important that this process is a team effort, not delegated to one or two people. People in the team have to understand how that framework is arrived at and if I were a money laundering reporting officer (MLRO), I would make sure that my board signed that off too.
Firms also need to determine how risk is going to be implied and ensure that the tech they’re going to use matches their risk appetite. Firms can’t build in their risk appetite because, as I’ve said, they’ve got to have human judgment at the end, but they can make sure that the technology is consistent with the way in which they’ve built up that risk approach. And I’ve said, firms need to do a skills analysis of their team, hire some staff with some strong computer skills because the banks haven’t got enough people with the right skills.
The above interview was based on a recently co-authored by Jane Jee within “The REGTECH Book: The Financial Technology Handbook for Investors, Entrepreneurs and Visionaries in Regulation.”