5 Changes to Banking Industry Compliance in 2022
By Charles Brown
The third FinCEN leak, the finalisation of Brexit negotiations, and worldwide economic disruption made 2020 a difficult year for the banking industry.1 While 2021 has been a time for recovery, it has also witnessed some of the industry’s most significant compliance shifts to date.
Banking is an evolving industry, impacted by both technological developments and wider social shifts. For example, as many as 97% of millennials now use mobile banking.2 Keeping up with these trends and resultant regulatory change is crucial.
With the Financial Conduct Authority (FCA) updating its stance on legal liability regarding unacted upon risks, it’s clear that increased awareness and improved compliance procedures are required.3 This article considers how compliance in the banking industry is changing, and how financial institutions can keep on top of these notable shifts.
Suggested reading: If you want to learn more, specifically about how anti-money laundering best practices are evolving, check out our report — The AML Investigation Revolution
Change 1: Open source data usage
Open source data (OSD) refers to all publicly available information. For example, census data and other government information sources, corporate reporting, crime statistics, open social media data and more.
The FinCEN leaks revealed how top banks allowed known risk actors to launder large amounts of money. Following this, 6AMLD regulations have now come into force, extending criminal liability to professionals who fail to act on or recognise potential risks.4 Although still speculative, 6AMLD raises interesting questions regarding the use of open source data. The public nature of OSD places possible pressure on financial institutions to use this information because not doing so could be considered a failure to recognise potential risks.
Regardless of compliance considerations, OSD presents significant benefits to investigation best practices, specifically when it comes to AML and KYC. By cross-referencing the vast array of public data, connections can be made regarding individuals, groups and institutions that would simply be missed within investigations solely focused on internal records. The challenge is sorting OSD in order to remain focused on relevant information, which brings us directly to the second change on this list.
Change 2: An intelligence-led shift in investigations
Intelligence is data that has been sorted and analysed to answer specific and relevant questions. An intelligence-led shift refers to the use of intelligence — whether from national risk assessments, government and law enforcement, or data leaks — as triggers for undertaking proactive investigations into potential AML and financial crime risks.
Incorporating an intelligence-led approach into an AML framework allows financial institutions to be more effective at fighting financial crime, as it reduces reliance on transaction monitoring and customer screening as the only approach to identifying potentially suspicious activity. In order to implement an intelligence-led approach, banks need access to more data, and have the ability to make sense of it. Although there are broader implications to this cultural shift, critically, this comes back to the effective use of OSD.
OSINT (Open Source Intelligence) describes the application of structured intelligence processes and technologies to OSD. For example, one critical process is the Intelligence Cycle, which covers five crucial elements of an investigation. These are —
- Direction: A definition of the problem that outlines why intelligence is necessary, who needs it, and how it should be sourced.
- Collection: A plan to source only relevant intelligence in light of existing gaps in understanding/investigatory focus.
- Processing: The evaluation of collected data to validate its relevance to the defined direction.
- Analysis: The process of drawing meaning from the information gathered in order to forward investigatory outcomes.
- Dissemination: The delivery and presentation of these findings to inform precautions and facilitate further investigations.
Following structured processes allows you to organise data in a way that can drive effective decision-making. Taking an intelligence-led approach to investigations may soon become a cornerstone of AML/CTF compliance, and alongside it, the need to make sense of open source data.5
Suggested reading: For more context on intelligence-led best practices, check out our recent article — 5 Advanced Open Source Investigation Techniques.
Change 3: Public-private partnerships
The siloed nature of potentially useful data is an ongoing challenge for financial institutions and law enforcement alike. Particularly in the context of big data impacting anti-money laundering strategies, it’s critical that intelligence is shared between organisations so that key patterns and reoffenders can be identified.
Historically, the need to address these shortcomings has led to calls for public-private partnerships from all corners, including the EU’s Commission for AML unification.6 Anti-financial crime alliances, like the UK’s Joint Money Laundering Intelligence Taskforce, are beginning to demonstrate that closer collaboration between government agencies and FIs can lead to the improved awareness of financial crime threats and risks.7
As more public-private partnerships appear, financial institutions must ensure that they’re able to integrate external and internal data sources in a way that allows them to put shared information to use.
Change 4: Impact of current affairs on regulatory requirements
1st January 2021 saw the end of EU law across Britain, meaning not only that financial institutions in the UK lost the right to trade in the EU, but that financial regulations largely outlined by EU law were no longer applicable. It remains unclear exactly what the outcome of this will be. However, there are two prominent schools of thought —
- The negative impact of Brexit: If EU regulations are not replaced with similar or improved requirements, the UK could become a sanctuary for financial crime. This is particularly true in the context of proposed freeports, and other programmes aimed at increasing trade through reduced regulations.
- The positive impact of Brexit: EU legislation often ends up diluted by the requirements of individual countries. Leaving the EU frees the UK to develop new and improved finance regulations, without worrying about European-wide consensus.
Regardless of how Brexit eventually impacts the trajectory of UK financial regulatory requirements, there are changes that are already having an impact, three of which include —
- Changes in cross-border payments between the EU and UK: EU-based payment service providers must now supply more information regarding cross-border payments, including transaction identifiers and personal details such as name, address, and date of birth, all of which must be sourced ahead of transfer.
- Access to bank accounts in the UK and protection of deposits: Deposits held for EU consumers by UK financial institutions are no longer protected by the FSCS deposit protection scheme unless EU authorisation has been granted.8 Banking institutions are therefore required to develop new deposit handling and protection frameworks.
- Consumers to seek more information from their financial institutions: The EBA has called on all financial institutions affected by Brexit to provide comprehensive and timely information for clients regarding regulatory changes, as well as outlining consumer rights in light of the cessation of any services.9
Informed changes to compliance frameworks effectively call for a more proactive approach to protections and consumer onboarding, requiring not only wider access to relevant information but also the ability to disseminate those insights on a justifiable consumer level.
Change 5: Cryptocurrency and new types of financial crime
Cryptocurrencies are digital currencies most often transferred through peer-to-peer transactions. The lack of regulation surrounding crypto-asset transmission has led to a widespread perception that they carry a high degree of risk.10 However, with cryptocurrency ownership spanning across 9.8 million Britons, sidestepping this shift is no longer an option.11
The need to meet this trend head-on has resulted in regulatory change. Particular risk factors being addressed by regulators include —
- The need for harmonisation in global travel rules for digital assets: The Financial Crimes Enforcement Network (FinCEN) extended travel rules to include digital assets over $3,000 in 2019, but uncoordinated regulations have so far compounded security risks rather than addressing them.12 Harmonious regulation is the only way for clearer parameters to be drawn, and for inclusive, reliable protections to be finally put in place.
- Control over cryptocurrency ‘tumbling’: ‘Tumbling’ involves a complex process of transfers through dark web wallets, and has made crypto-based financial crimes increasingly difficult to track. To meet this challenge, the 5AMLD extended AML and anti-terrorist regulatory actions to virtual currency platforms. Banking institutions trading in cryptocurrencies must now adhere to stringent due diligence processes, and have an obligation to report any suspicious activity.13
- Addressing immunity to blockchain forensics: Blockchain transactions are inherently challenging to trace. Cybercriminals can use either dark web markets or the obfuscation of destinations and funds to make analysis even harder. This limits true understanding of crypto crime, and is an area that regulators are particularly focused on addressing. Although still uncertain, this could mean required utilisation of dark web data, and other open source information, to improve the transparency of transactions.
The inevitability of crypto increases means that understanding and adherence to these new regulations is the only way for banks to continue to compete and comply.
Keeping up-to-date is the secret of compliance
The only certainty in banking compliance right now is change. Fortunately, the industry has the tools at its disposal to gain the oversight required to prevent compliance slip-ups, one of which is OSD. With the help of sophisticated OSINT solutions, actionable insights can be extracted from OSD, helping to maintain high levels of compliance and improving investigatory best practices simultaneously.
At Blackdot, we’re actively working to bring open source investigation capabilities to the financial sector. Our tool, Videris, makes this a reality. Originally developed for military and government usage, Videris is now helping with regulatory compliance across the private sector thanks to the use of —
- Intelligent automation: Automate repetitive and mundane data processing tasks to maximise the decision-making capabilities of your experienced investigators.
- Targeted searches: A faster way to simultaneously search across multiple data sets and identify the most relevant information.
- Network mapping: Visualisations of network structures that make it easier to identify important connections.
- Security: A solution that anonymises the investigator, preventing them from tipping off criminals or exposing their organisation to risks, even when analysing dark web data.
- Multiple applications: The ability to apply technology to different types of investigations, including AML, anti-terrorist financing, and insider trading.
Fundamentally, you need a tool that helps you to adapt to changes and remain compliant. To see first-hand how Videris could work for you, book a demo with us today.