Uncovering the ML/FT Red Flag Indicators for IFSCA-regulated Entities

Uncovering The ML/FT Red Flag Indicators For IFSCA-Regulated Entities

The regulated entities operating from the GIFT City must follow the IFSCA (Anti-Money Laundering, Counter Terrorist-Financing and Know Your Customer) guidelines, 2022. Chapter X of the Guideline deals with identifying suspicious transactions, and Section 10.2 (a) provides a detailed guidance note on red flags or suspicious indicators concerning a customer or a transaction. This article deals with the Money Laundering (ML) and Financing of Terrorism (FT) red flag indicators for IFSCA-regulated Entities.

What Is ML/FT?

It is best to define ML/FT Risk Appetite as the amount and type of risk an entity is willing to take on in pursuit of its goals and objectives.

Definition Of Money Laundering

Money Laundering is the process of hiding the proceeds of a criminal activity.

Definition Of Terrorism Financing

Terrorism Financing is the process of raising and processing funds to support terrorists and their terrorist activities.

What Is Termed As Red Flags?

Red Flags are indicators that can help identify underlying illegal activities like money laundering or terrorism financing. Red Flags are also known as Suspicion Indicators. They are warning signs for businesses to remain alert for potential money laundering and terrorist financing activities.

Importance Of Understanding The ML/FT Red Flags For IFSCA-Regulated Entities

The knowledge and understanding of ML/FT red flags can save regulated entities from being used as a conduit for money laundering or terrorist financing. The customer-facing staff must know the suspicion indicators, and if they observe any red flags, they must bring such customers to the principal officer’s notice. The back-office staff ensuring compliance and transaction monitoring should know the potential warning signals for ML/TF to counter such activities.

List Of Red Flags Applicable To IFSCA-Regulated Entities

Complex transactions and unusual transactions with no apparent business or lawful purpose
Large transactions with no apparent business or lawful purpose
Unusual patterns of transactions with no apparent business or lawful purpose
The transaction does not match the customer’s profile regarding background, type, source of funds, etc.
Customers behaving unusually
Customers where their ID verification is difficult to perform
Uncooperative customers when asked about their ID Verification, KYC, etc.
Asset management services where customers do not have a clear source of funds, or it does not align with their business activity
Customers hailing from high-risk jurisdictions
Substantial increase in business without any apparent reason
Customers who tried to transfer investment proceeds to apparently unrelated parties

Connection Between Red Flags And AML/CFT Compliance

Red flag indicators help comply with the AML/CFT regulations. The regulated entities must submit a Suspicious Transaction Report (STR) with the FIU, India when they suspect ML/TF.

However, the entities must ensure the confidentiality of the STR and should not tip off the reported customer.

The regulated entities are also expected to keep customer information up-to-date. After observing any suspicion, the entity must check the customer’s business profile, transaction history, customer risk profile, income level, source of income at the time of onboarding, reasons behind conducting a transaction, beneficiary, transaction frequency, transaction size, complexity of transaction, geographies involved, availability of KYC and other documents. Once the regulated entity checks it, it should evaluate if there are any changes in the risks associated with the customer in light of the updated information.

The AML/CFT compliance obligations require entities to state the reasons behind a suspicion clearly, and if they can not establish reasonable grounds behind the suspicion, they must keep monitoring the customer and underlying business relationship.

Further, as per the IFSCA (AML/CFT and KYC) Guidelines, the STR requirement applies to all suspicious transactions, irrespective of the amount. There is no monetary threshold defined for submitting STR.

If the regulated entity fails to obtain customer identification documents, the regulated entity should not enter into a business relationship unless directed in writing by the FIU-IND.

If the customer refuses to provide customer identification documents and the regulated entity finds such a customer suspicious, the attempted transaction must be reported to FIU-IND as a suspicious transaction.

Lawyers, notaries, and accountants are required to submit suspicious transactions when they engage in a financial transaction on behalf of the client for buying and selling real estate, managing client money, security or other assets, management of bank, savings or securities accounts, organisation of contributions for the creation, operation, or management of companies, and creation, operation or management of legal persons or arrangements, and buying and selling of business entities.

FAQs On ML/FT Red Flag Indicators For IFSCA-Regulated Entities

As far as the red flags are concerned, some of them are commonly applicable to all entities, and some vary according to the nature of the reporting entities’ business.

Red flags are generally classified into customers, products/services/transactions, delivery channels, geography, technology, etc.

Yes, a transaction could have more than one red flag indicator.

Suppose a reporting entity identifies red flags in relation to a customer or transaction. In that case, it should try to gather as much information as possible without informing the suspicion to the customer and try to rule out the possibility of ML/TF. If the suspicion persists, it should file a Suspicious Transaction Report with the FIU-IND.

Yes, if the customer refuses to provide proof of ID, it’s a red flag, and such non-cooperative customers must be reported to the FIU in the form of an STR.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article India

Reliance on Third Parties for Customer Due Diligence

The regulated entities operating in the International Financial Services Centres (IFSC) in India are required to comply with the IFSCA (Anti Money Laundering, Counter-Terrorist Financing and Know Your Customer) Guidelines, 2022, including the requirement to identify and assess the money laundering (ML) and terrorist financing (TF) risk the customer pose to the business and apply adequate Customer Due Diligence (CDD) measures to mitigate the same. To comply with this AML requirement, the regulated entity can place reliance on third parties for Customer Due Diligence measures.

In the context of reliance on third parties for CDD, let us understand what Customer Due Diligence is, what the third parties can be relied upon for CDD, and the regulatory conditions prescribed under IFSCA (AML, CFT & KYC) Guidelines.

What Is Customer Due Diligence?

Customer Due Diligence is the process where the regulated entity:

Collects information and identification documents of the customers
Verifies their identity documents and authenticates whether the customers are actually who they claim to be
Enquires about the nature and purpose of the intended business relationship
Identifies the beneficial owners of the corporate customer and verifies their identified
Assesses the potential ML/FT risk such customers may pose to the business

CDD is one of the AML/CFT measures deployed when establishing a business relationship with the customer and on an ongoing basis to manage the risk.

What Are The Third Parties The Regulated Entities Can Rely Upon For CDD?

When the proposed customer of the regulated entity has an existing business relationship with the following third parties, then the regulated entity can use the data available with such third parties for CDD and customer verification of the particular customer:

a financial institution that is subject to and is supervised by a financial regulator; or
the regulated entity’s branches, subsidiaries, parent entity, the branches and subsidiaries of the parent entity, or any other related corporations.

Thus, a ‘third party’ on which the regulated entity can place reliance for Customer Due Diligence would be a regulated financial institution or the regulated entity’s associated entities (part of the same Financial Group) having an existing relationship with the person subject to CDD measures.

What Does It Mean By “Reliance On Third Parties For Customer Due Diligence”?

Reliance on third parties for CDD means that a regulated entity relies upon and uses the CDD information pertaining to a particular person with whom the third party already has an existing client relationship, and such third party has performed necessary CDD processes, including customer identification and identity verification. This is not restricted to just obtaining the name and address of the customer; rather, it would include all the CDD information and documents.

The third party’s relationship with the person is distinct or separate from the business relationship proposed by the customer, with the regulated entity relying on the third party for CDD.

Thus, reliance on a third party for CDD indicates the regulated entity’s reference to the CDD measures applied to the customer the regulated entity is proposing to onboard instead of conducting the checks and verification measures on its own afresh.

What Conditions Must Be Considered Before Relying On A Third Party For CDD?

A regulated entity can rely on third parties for CDD measures subject to the fulfilment of the following conditions:

The regulated entity should be able to obtain records or information pertaining to the CDD measures carried out by the third party on an immediate basis,
The regulated entity should take adequate steps to ensure that the third party shall provide copies of the identification documents relating to CDD to the regulated entity upon request, without delay,
The third party (not part of the same Financial Group) is adequately regulated, supervised and monitored and has implemented measures for complying with CDD and AML record-keeping requirements as per FATF Recommendations and meeting the provisions of IFSCA (AML, CFT & KYC) Guidelines. When relying on a third party who is part of the same Financial Group, the following conditions must be satisfied:

the Financial Group applies and implements group-wide programmes on CDD that meets standards set out in FATF Recommendations and
implementation of CDD and recordkeeping at the group level are supervised by that country’s financial services regulator or some competent authority.

Here, the regulated entity should document the methodology followed for assessing the third party’s compliance with FATF Recommendations and the outcome of such assessment.

The third party is not located or based in a country or jurisdiction assessed as high-risk.
Reliance on a third party cannot be placed for ongoing monitoring of the business relationship with the customer.
Reliance cannot be placed on third parties explicitly prohibited by the IFSCA from relying upon.

It is important to note that the regulated entity shall ultimately be responsible for CDD measures, including Enhanced Customer Due Diligence measures for high-risk customers.

Other Key Considerations Before Relying On A Third Party For CDD

The regulated entity is not automatically required to obtain certified documents from a third party to carry out CDD. However, the regulated entity should ensure that certified documents are readily available from a third party upon request.
the regulated entity must assess the jurisdictional or geographical ML/FT associated with the third party, considering the outcome of the FATF publications, mutual evaluation reports, political stability, etc.
the regulated entity should not rely upon the third party located in the country, which prevents access to CDD data due to secrecy or data protection laws of such country.
When regulated entities are not satisfied with the CDD measures applied by the third party or the CDD measures are found deficient, the regulated entity shall immediately apply the CDD measures necessary to remediate the deficiencies.
The regulated entity’s AML/CFT Policy and overall framework must provide for placing reliance on third parties, the extent to which the entity shall rely on such CDD data and the measures the regulated entity shall perform on its own.
For smooth compliance, the regulated entity must enter into an agreement with the third party when placing reliance on such a party for CDD.

What Are The Benefits Of Relying On A Third Party For CDD?

Sr. No.	Parameter	Benefits
1	Experience	A third party’s experience can be used to enhance the adequacy and quality of CDD measures applied.
2	Time & Cost	Relying on a third party helps the regulated entity save time and thus increase cost-effectiveness.
3	Independent Perspective	CDD measures applied by the third party offer an unbiased view (bias related to onboarding the customer for financial benefit could be avoided).

Conclusion

The process of conducting CDD to identify the customer and verify their identity is a major legal obligation of a regulated entity. In this context, the IFSCA (AML, CFT, & KYC) Guidelines, 2022, permits the regulated entity to place reliance on specified third parties for CDD, subject to certain conditions.

Let Niyeahma assist you with defining your code or policy around reliance on third parties for CDD and ensure compliance with the conditions mentioned in the IFSCA (AML, CFT, and KYC) Guidelines.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article India

Money Laundering risk associated with nominee shareholders and directors

There is a significant Money Laundering risk involved with Nominee Shareholders and Directors as they are misused by criminals to conceal the true identity of the beneficial owners.

What is Nominee Shareholder/Director?

To conceal the identity of the true beneficial owner or the controlling interest, the entities get into an arrangement wherein a nominee shareholder or director is appointed. A nominee shareholder is a person whose name the shares are registered, however, for the benefit of some other person. At the same time, a nominee director is appointed to the entity’s board to represent somebody else’s interests. In most cases related to the nominee arrangement, the person appointed as shareholder or director is just for the namesake. At the same time, the actual beneficiary or the controlling party is different, and a contract governs the entire arrangement.

Various professional service providers, such as Trust & Company Service Providers, Lawyers and Accountants, offer formal nominee services by allowing their name to be used as nominee shareholder or director against professional fees.

Sometimes, informal nominee arrangements are used to hide the beneficial ownership through families and friends.

Why is the Nominee Shareholder/Director arrangement used?

Some of the nominee arrangements are backed by law, wherein the law mandates the presence of a legal representative in the country of operations, different from the country of the beneficial owner. However, the primary purpose of the nominee arrangement is to hide the identity of the beneficial owners by creating a false layer of ownership or management structure.

Such nominee shareholders and directors are vulnerable to being exploited by financial criminals to administer and control the entity to conduct money laundering or terrorism financing (ML/FT) activities without being disclosed as beneficial owners owning or operating the entire nominee structure.

Red flags associated with nominee shareholders and directors

When the public filings about the entity happen in the name of the registered shareholder or director, who is acting on behalf of someone else, then the actual controlling parties hide behind the veil of nominee arrangement.

The money laundering and terrorist financing potential risk indicators associated with nominee arrangement include the following:

Ultimate Beneficial Owner (UBO) declared for the entity is also listed as UBO of the other registered business entities, and UBO is a professional corporate Service provider,
The reason for the nominee arrangement is not apparent or does not make business sense,
Family members acting as nominee shareholders or directors without any business rationale,
When the actual controlling person is a Politically Exposed Person (PEP) or an individual having negative media reports,
The nominee shareholder or the director is not able to explain the entity’s business activities and corporate history,
The nominee shareholder or the director refuses to provide the necessary information and documents required for registration,
The name of the entity does not match the business activities of the entity.

Mitigating the Money Laundering risk associated with nominee shareholders and directors

To combat the money laundering and terrorism financing risks posed by the nominee arrangement, the UAE authorities have implemented various regulations mandating the nominee shareholders and directors to self-declare such nominee arrangements to promote transparency around the ownership structure.

In one of the documents issued by the Ministry of Economy, named “Nominee Shareholder/Director – formal or informal”, the Ministry requires the Company Registrars to apply enhancing controls for monitoring and regulating the nominee arrangements in the UAE to ensure transparency around beneficial ownership. The Registrar must obtain the details from the registered shareholder about their status as nominee and, if so, information about the actual controlling person operating the transactions.

The document issued by the Ministry of Economy recommends Registrar to apply the below-mentioned additional measures to mitigate the ML/FT associated with nominee arrangements:

Obtain and review the nominee agreement,
Understand the name of the nominee arrangement and the legitimacy of the purpose of the same,
Classify all the entities with nominee arrangements as “high risk” from ML/FT perceptive,
Apply Enhanced Due Diligence measures,
Ensure that all UBOs are declared, and their identity is verified.

How can Niyeahma assist you?

Though the primary responsibility lies on the Registrar to apply enhanced due diligence measures on entities having nominee arraignment, it is recommended that all regulated entities – Financial Institutions, Designated Non-Financial Businesses and Professions and Virtual Asset Service Providers apply due measures when dealing with such nominee shareholders or directors and mitigating the associated ML/FT risks.

Niyeahma is one of the leading AML Compliance service providers in the UAE, offering end-to-end support to regulated organizations to manage their AML Compliance and safeguard their business. Let’s together fight the exploitation of the nominee arrangement from being used as a vehicle for conducting money laundering and terrorism financing by customizing our policies, procedures and controls.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article India

Avoiding AML Compliance Mistakes: Senior Management Edition

Avoiding AML Compliance Mistakes: Senior Management Edition

As the senior management of a regulated entity, you must avoid AML compliance mistakes to abide by the law and counter Money Laundering and Terrorist Financing risks effectively.

A lot of places where the senior management can go wrong in complying with the AML compliance requirements. Here is the list:

Not understanding the significance of preventing ML/FT threats for your business
Unable to create an AML culture in your entity
Not implementing the right AML policies for your business
Failure to prepare employees for the change

The senior management must avoid these mistakes to ensure that the entity complies with AML regulations. The blog here focuses on senior management’s mistakes in AML compliance. Before that, let’s explore their critical responsibilities in the Indian AML context.

Critical Responsibilities Of Senior Management In Ensuring An Effective AML Compliance

The senior management’s responsibilities include:

Supervise the company-wide assessment of risks from business, customers, locations, and other factors.
Oversee the execution of KYC, CDD, and EDD to verify customers’ identities and build risk profiles.
Strategize a risk-based approach to develop an AML framework in alignment with requirements.
Ensure the implementation of relevant AML policies, procedures, and controls based on global best practices.
Ensure an effective transaction monitoring system is implemented to detect suspicious transactions.
Ensure record-keeping of KYC, CDD, and related records.
Support and oversee the appointment of an expert AML/CFT principal officer and compliance team.
Create enterprise-wide AML compliance culture by promoting awareness and training programs.

Top 7 Mistakes To Avoid By Senior Management In AML Compliance

AML compliance is everyone’s responsibility in a regulated entity. All the employees in their specific roles and positions must contribute to it. The senior management must ensure that these contributions are happening in the entity. The senior management needs to oversee that respective employees are performing their duties that add to fulfilling AML requirements as an organisation.

Lack Of Awareness Of The Latest AML Guidelines And Laws

Senior management must stay up-to-date with the latest guidelines issued by authorities. By this, you will know what requirements to follow and what deliverables to submit. Based on this, you can prepare the plan or strategy for AML compliance execution.

Also, these guidelines become your direction for the road ahead. They help you list the submissions, compliances, and duties to follow for the year. You are also better aware of expectations from the senior management in AML compliance.

Such awareness also enables you to understand the significance of AML compliance. Compliance becomes smoother only once you understand how AML can benefit the business journey.

You might miss compliance if deprived of such knowledge, leading to penalties. Also, your compliance efforts will be half-baked, exposing you to money laundering threats. So, have enough awareness and knowledge of your AML rules, guidelines, and notifications.

Absence Of A Positive AML Culture In The Entity

Is AML compliance a cost centre? Some entities believe that.

No, this is a wrong philosophy. It is not a cost centre but a way to become a legally compliant entity. The fact that it involves costs is true, but it saves you from the threats of financial crimes. It improves customers’ trust in you, boosts your business reputation, and protects the financial system and economy from risks.

So, the entity must commit to preventing, managing, or mitigating ML/TF risks. It must align this commitment to achieve AML compliance. When everyone in the entity, from top to bottom, is ready for this, it creates an AML culture.

To create such a positive AML culture, the senior management must:

Create risk appetite and risk tolerance statements for the entity. These statements let the employees know the entity’s expectations about AML. Senior management must consistently promote this message in their actions across the entity.
Have all the correct answers to the questions posed by employees on AML. For all your employees’ doubts or confusion, give simplified responses to them.
Understand the why, what, and how of AML compliance initiatives. Only when you comprehend these clearly can you answer to other stakeholders. Clarity on the value that AML compliance generates is essential.

Create a risk-rewards program for your employees. You can do this by incentivising employees to support a positive AML culture.
Lead by example by displaying your non-tolerance of AML non-compliance. You must behave ethically in decision-making and maintain the integrity of operations.

By employing these tactics, you can ensure that the entire entity works towards achieving AML compliance. You must believe in the spirit of AML compliance and create a solid, positive AML culture. With enough effort for it, you can ensure efficient AML compliance.

If you don’t have such an AML culture or if it is poor, you are bound to experience failures in your AML efforts. Your efforts lack the lustre and do not result in the expected outcomes. So, a positive AML culture is essential for success.

Neglecting Constant Communication On AML Status And Actions Taken

Just building a strong AML culture is not enough. The employees and other stakeholders must know the entity’s AML compliance status. So, communication is a crucial ingredient. The communication that is generally needed is from top to bottom.

The leadership of the entity is responsible for AML compliance. You need to make decisions and take action to follow the PMLA, 2002 and IFSCA (Anti Money Laundering, Counter-Terrorist Financing and Know Your Customer) Guidelines, 2022. You must have all the necessary data points and information for these decisions. You will get these points from the employees who face customers and work on processes. So, the information flow from bottom to top exists.

In the case of AML compliance, the information flow from top to bottom is also essential. You must communicate the compliance status, identify loopholes, and take corrective actions. It would be best if you informed the following to employees:

The inputs and outputs of compliance testing
What is working and what is not
List of risks your business faces
Risk mitigation and management measures implemented
Risk-based approach and decisions taken for AML compliance
Appropriate governance structures established for AML
Risk parameters, restrictions, and boundary conditions
Red flags related to ML/TF

If you maintain such a quick and smooth communication flow, you are sure to achieve compliance with AML laws.

Moreover, a communicative and collaborative relationship with regulatory authorities is also essential. With this, you can stay up-to-date on upcoming changes and act faster. Also, you can give prompt responses to inquiries or examinations.

No Integration Of AML Requirements With Business Processes

AML compliance is one of your business objectives. It helps you achieve your goals of a revenue-generating and legally compliant entity. But this business goal must be ingrained well into the business.

It cannot be separated from your other objectives. It holds as much importance as any other goal. You need to be AML-compliant to attract customers and have a good reputation in the market.

So, make AML compliance procedures and controls a part of your business operations. For example, you must conduct KYC before onboarding a new customer. So, the customer acquisition team will be responsible for this task. Before conducting a transaction, engage in KYT and transaction monitoring. When you spot a suspicious transaction, investigate it further and submit a Suspicious Transactions Report (STR).

Thus, integrate the AML procedures into your routine, day-to-day business operations. These must work in a flow with no distraction to regular business. Such “business as usual” feature of AML processes ensures better outcomes for your entity.

Not Allocating Enough Budget, Time, And Resources To AML Compliance Policies

What do you need to adhere to AML regulations in India?

Enough budget. Time to comply. Skilled resources.

The senior management is responsible for ensuring these three aspects. Without them, you cannot expect to complete your risk assessments, transaction monitoring, due diligence, and implementation of AML controls.

So, keep a separate budget for AML activities. Break your budget into different aspects of AML compliance activities for clarity. A part of the budget is also spent on technology solutions for these AML initiatives. Entities use technological systems for:

Conducting risk assessment
Monitoring transactions
Conducting KYC, KYB, and KYT
Screening customers against sanctions, watchlists, and bans
Executing due diligence measures

You spend a lot of money on these solutions, but they make your work easier. You save time, reduce human errors, and ease the process.

Also, you must hire skilled personnel for the AML jobs. To save money there, you can train existing employees on AML skills. Thus, with expert personnel working on AML activities through technology, you save time and have quality results. But ensure that timelines are set for each deliverable so that employees commit to them.

If you miss doing so, you might not achieve the desired future state of compliance. Consider long-term objectives while focusing on these three factors: time, money, and resources. Your AML requirements, customers, and transactions will increase when you scale and grow. So, you will need to address more of everything.

Missing Framing Of The AML Monitoring And Auditing Framework

The AML compliance officer will create the AML framework, including policies, procedures, and controls. In a senior management position, you will approve this AML framework. Also, you will ensure that the team executes this framework across the entity.

But what after execution? What about its performance? You can’t ignore that.

An often-ignored aspect of AML compliance is the performance measurement of your AML framework. For this, you must ensure its frequent monitoring. Constant monitoring can ensure that the framework satisfies the requirements and helps you achieve AML compliance.

The monitoring framework must be such that you can:

Identify the loopholes with the AML initiatives in the entity
Improve your procedures and policies to prevent the threats of financial crimes
Maintain the effective parts of the existing AML framework
Avoid complacency or lackadaisical attitude towards AML culture
Take decisions based on the performance measures

It is your defence action in times of crisis. You can identify AML breaches or ML/FT incidents with such a monitoring framework. You can respond to this crisis immediately and improve your AML framework. Thus, you are ready for emerging risks as well as developments in the industry.

You can appoint an external independent auditor to ensure compliance with AML/CFT regulations. You can also have an internal team performing the health check of your AML compliance.

You must communicate this performance monitoring framework to the AML compliance team. Ensure its execution on priority to keep tracking your performance and improving.

Ignoring The Background Check Of People In Senior Positions In The Compliance Team

The senior management must participate in the recruitment process of the AML compliance team and the AML compliance officer. Your involvement is necessary to ensure you have ethical people managing AML compliance.

You cannot have people compromising their ethics and moral values for more rewards. Such people might approve high-risk customers for higher incentives. They might add lucrative markets to the list of feasible places to do business despite those countries being sanctioned or having weak AML regimes. They might even support illegitimate transactions. So, stay wary of them.

Onboard ethical people with a history of maintaining a good balance of risks and rewards. They must measure the rewards of a business relationship against the risk tolerance. If the risk is high, don’t form a relationship. Put in place proper controls and governance policies for effective consideration of each business case.

Employ ethical people with the right mindset of risk-reward balance. If you miss doing so, your exposure to money laundering and other threats increases. It will deteriorate your business reputation, and customers will lose trust in you.

How Can Niyeahma Help You?

Senior management professionals, you know the mistakes you must avoid in AML compliance. Pay attention to the points mentioned in this blog. If you still need help or want to shift the burden of AML compliance to an expert, we are here.

Niyeahma is a prominent provider of AML compliance services in India. By associating with us, you need not worry about AML compliance. Our AML professionals and consultants take care of every activity for you. Be it transaction monitoring, KYC and CDD, training, or risk assessment, we handle all. We create a customised AML framework for your business and ensure its successful execution.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 22 years of experience in compliance management, Anti-Money Laundering, tax consultancy, risk management, accounting, system audits, IT consultancy, and digital marketing.

He has extensive knowledge of local and international Anti-Money Laundering rules and regulations. He helps companies with end-to-end AML compliance services, from understanding the AML business-specific risk to implementing the robust AML Compliance framework.

Article India

10 Mistakes To Avoid In Defining Risk Appetite For A Solid Risk-Based Approach

In the world of Anti-Money Laundering, risk appetite is the amount of Money Laundering (ML), Terrorism Financing (TF), and other financial crime risk you are willing to take as a part of your business strategy. Businesses adopt a risk-based approach to counter ML/TF risks and prioritise resources. The article highlights the top 10 mistakes to avoid in defining risk appetite for a solid risk-based approach.

The business world is dynamic. It changes every moment. There are new opportunities to explore. And there are emerging risks that you need to be wary of.

Similarly, criminals are exploring new ways of committing financial crimes. There are new avenues for money laundering, terrorism financing, and similar crimes. It requires you to prepare your business to prevent, manage, or eliminate these risks. You can do this when you know your risk appetite.

There is no universal standard of ML/TF risk appetite. It differs from entity to entity. Also, the risk appetite can change at different stages of an entity’s lifecycle.

Defining ML/TF risk appetite is crucial for risk identification, assessment, and management. Once you know how much risk you are willing to take, you can determine the strategies to tackle it. So, identify your risk appetite in a clear, comprehensive way. Avoid the most common mistakes businesses make while doing so.

If you take too many risks, you might compromise compliance requirements. If you play too safe, your growth might stagnate. So, it would be best to strike a fine balance between the two to decide your risk appetite.

We list the common missteps businesses in India take while identifying their risk appetite. You must dodge these pitfalls to enable a successful risk management framework. But before this, we give you more details on why risk appetite is significant for any entity in India.

What Is Risk Appetite

It is best to define ML/FT Risk Appetite as the amount and type of risk an entity is willing to take on in pursuit of its goals and objectives.

Difference Between Risk Appetite And Risk Tolerance

Risk Appetite differs from risk tolerance in the sense that it’s an umbrella term defining the philosophy behind the overall risk management efforts. In contrast, risk tolerance is the level of risk that an entity is willing to take per individual risk.

The Importance Of Defining Risk Appetite Statement

Risk appetite is the amount of risk you are prepared to accept to realise your objectives. It is your risk-taking philosophy. It displays your attitude and outlook on risk-taking. It is the uncertainty that you are ready to bear pursuing your business goals.

The risk appetite statement defines your willingness to accept risk. It determines the various risks you are ready to take and the ones you don’t accept. It helps you adopt the risk-based approach.

By defining your risk appetite, you guide your risk management process. You can understand, manage, and mitigate money laundering risks properly. Thus, you can limit the scope of financial crimes and illegal activities in your business.

Risk Appetite Statement is the formal way to communicate the entity’s stand on accepting risks. You can determine what opportunities to explore despite the risk and what prospects to reject owing to higher risks. This means risk appetite gives you a solid base to analyse trade-off decisions. Thus, your strategic discussions, decisions, and actions get a better direction.

It is also a great way to manage resource allocation. Moreover, you can determine your business’s technology needs based on the risk appetite statement. Thus, it helps you plan for your business’s future requirements.

Your AML control measures depend on your risk appetite definition. It structures your brainstorming and discussions on AML programs. As a result, you have more information while designing the AML framework, leading to greater efficacy.

10 Critical Lapses While Defining Risk Appetite Of The Entity

While identifying and defining your business’s risk appetite, avoid making the following mistakes:

1. Making It A Theoretical Exercise And Ignoring The Practical Implication

You understand the importance of identifying risk appetite. It is crucial for your risk management and AML policy development.

So, do not make the mistake of treating it only as a theoretical exercise. It is not a bureaucratic process. Use it where necessary. It is a critical part of your AML journey, so you must analyse its practical implications. You must consider all the aspects of your business and identify your risk appetite.

Your risk appetite definition must be a part of your risk management planning. It must feature in your plans for defining AML procedures, policies, and controls. So, you must take it seriously and focus completely on it.

2. Focusing Only On The Qualitative Or Quantitative Aspects Of Risk Appetite

For some of you, defining risk appetite means writing a statement and abiding by it. It says that you are ready to accept these various risks and avert the other risks. Qualitatively, it sounds straightforward.

For some other businesses, it is a quantitative exercise. You list the various risks and the percentage of acceptability. Yes, it takes time and requires calculation and analysis. Also, it is challenging to get accurate numbers or percentages.

No one is wrong here. Both are correct. You must have qualitative and quantitative definitions for better understanding across the organisation. Take a holistic approach to defining risk in words and numbers to better understand the risk appetite.

3. Lack Of 360-Degree View In The Identification Of Risk Appetite

It’s essential to consider every team’s viewpoint before defining risk appetite. Whether you are the top management executive, risk manager, or AML compliance officer, only one person’s outlook is insufficient to define risk appetite. You must discuss with the internal stakeholders, understand and define their perspective.

The top management’s view is needed to understand the company’s long-term goals; they know the strategic plans, actions to take, and yearly goals. They can assess what objectives are necessary to achieve while managing the risks.

An AML compliance officer’s perspective is essential to understand the money laundering scenario. They can comprehend the legal requirements, AML trends, emerging risks, and your business’s possible AML controls. They know better what risks are acceptable and what are not bearable in your AML journey.

Also, you need inputs from all teams to get a 360-degree of the risk appetite. The risk appetite might be partial and incomplete without such a holistic view. It won’t serve the purpose of risk management, making you more susceptible to money laundering threats.

4. Copying Risk Appetite From A Peer Organisation Or A Competitor

Give risk appetite the importance it deserves. For this, stop thinking of your risk appetite as the same as a similar company’s in the market. That’s not possible. Even if two entities are similar in size, sector, products/services, and business model, their risk appetites aren’t.

A one-size-fits-all approach does not work in the case of risk appetite. It is specific and unique for every entity. So do not copy-paste the risk appetite from another entity. If you make a general risk appetite statement, your employees will not accept it. So, customise it to ensure the possible management, mitigation, and prevention of risks.

Conduct your own research. Interview your internal stakeholders. Understand your business model, growth trajectory, and objectives. Based on this analysis, identify how much risks you are willing to take for your business’s journey.

5. Too Technical, Inconsistent Language, Or Complex Words

You are defining the risk appetite for your organisation. Your employees, team members, and management will need to refer to it for their decisions and strategies. So, try to write the risk appetite statement in entity-fitting language. This means the language commonly used in your business operations.

Don’t make it too jargonish. Too many technical words will not be comprehensible for some of the employees. Also, the use of acronyms will make it incoherent. So, make it simple, unambiguous, and less technical. All your employees must be able to interpret it easily for use in decision-making.

Also, keep the terminology for risk appetite and related measures consistent. You must use similar language in risk management programs, AML policies, and due diligence measures. Such consistency enables better understanding and clarity of the entity’s risk philosophy.

6. Neglecting Negatives Over Positives Or Vice Versa While Defining Risk Appetite

Risk appetite covers your risk philosophy. And it will include both – the positives and the negatives. But if you ignore one over the other or forget to include both aspects, your risk appetite definition is incomplete.

It means you must consider the opportunities that risk-taking offers. Obviously, when you accept some risks, you will get returns. You can explore more business prospects, expand to new markets, acquire new customer segments, or take any other action.

You must also not ignore the downside risks, which means the threats. Analyse the effects of such potential threats before defining the risk appetite. So, keep a fine balance between the two to ensure you do not suffer later.

7. A Static, Rigid Approach To Risk Appetite Identification

Industries are evolving. The world and Indian economies are changing. So, the risks are also fluctuating and new risks are coming up. Even organisations’ regulatory landscape is transforming.

Amid all these changes, your risk appetite definition must also change. You can’t keep it as before. It must reflect the changes in the following factors:

Macroeconomic environment
Regulations
Stakeholders’ feedback
Emerging risks
Trends in business verticals
Delivery Channels
New business opportunities
Demand-supply in market
Geographies
Products/Services offered
Type of customers served

So, you must review your risk appetite at regular intervals. You must go through it to see if it reflects the changes in the business context. If not, update it. You can set it as an annual exercise to evaluate it so that you can incorporate changes based on internal and external business evolution.

8. Absence Of Acceptability Of The Risk Appetite By The Internal Stakeholders

If new employees join your company, but their thoughts are not aligned with your vision/goals, their efforts will be questionable. Similarly, implementation would be challenging if the internal stakeholders do not align with the risk appetite statement.

So, get the acceptability of all internal stakeholders on the risk appetite. They must accept it. The employees must be ready to undergo training on managing this risk appetite. They must know how the risk appetite affects decision-making and the best actions to take.

Also, the senior management must set the tone. This means it must ensure that employees accept the risk appetite and work with it to achieve business objectives. That is why it is crucial to identify risk appetite in coordination with all departments. The senior management must ensure an appropriate risk culture is set and acted upon.

9. Disregarding Risk Exposure, Priorities, And Tolerance

You cannot ignore risk probability while determining risk appetite. You can determine the exposure once you know the likelihood of various risks. Risk exposure knowledge helps you analyse the impact of various risks. You can determine your risk priorities based on this information on risk exposure and impact.

You must also know your risk tolerance (how much extra risk you are ready to take after your risk appetite). These cultural factors of your business help you better understand your risk appetite.

Now, since you know your boundaries, priorities, and tolerance levels, you can define the risk appetite. Thus, ignoring any one factor can lead to incorrect definitions. And correct identification of risk appetite enables you to achieve your long-term strategic goals.

10. Not Integrating Risk Appetite With Decision-Making

So, you define your risk appetite in simple words. It is a result of qualitative + quantitative exercise. It considers all your business aspects and is acceptable to all internal stakeholders. This means you avoid all the above mistakes and are happy with your risk appetite.

But, then? What if your decisions still lack risk consideration? What if you make strategies without deliberating over your risk appetite? This means it is not serving the purpose.

Use it in your decision-making. For example, when analysing whether to “go or no go” for an alternative, consider your risk appetite. When deciding whether to onboard a high-risk customer, consider your risk appetite. Evaluate what option is within your risk appetite and what you can handle. Ignore the option that is out of your risk appetite limits. Thus, it can be a point of comparison between various decision alternatives.

Conclusion

Thus, these common lapses can occur when identifying and defining risk appetite. You must be extra cautious to avoid falling into such traps. Try to avoid these errors to have a clear, comprehensive risk appetite statement. Once you have this, you can expect a smooth risk management and mitigation ride.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article India

Best Practices for Selecting a Name Screening Software

Developers use augmented reality dashboard icons with responsive

Best Practices for Selecting a Name Screening Software

As a regulatory requirement, regulated entities in India must perform screening of their existing and potential customers. The customers are screened for sanctions, watchlists, PEP databases, and adverse media. For these needs, a standard technology solution across countries is the name screening software. It helps identify such individuals and entities matching these lists. The article outlines the best practices for selecting name screening software.

Significance Of The Name Screening Software

Generally, entities use local and international-level watchlists from relevant authorities to match their customers. By this, you can identify risky customers, employees, and transactions. These lists include PEPs (Politically Exposed Persons), Sanctions, Terrorists, Drug traffickers, Weapons proliferators, and other financial criminals.

News sources and media sites are also excellent tools for news about your customers. You can sift through this news to search for the negative connotations.

By identifying criminals, you can stop transacting with them if they are existing customers. If potential, then you can avoid forming a business relationship with them.Thus, you can prevent money laundering and terrorism financing threats to your business. Also, you can ensure AML compliance and prevent AML penalty imposition on your business.

Besides, with a name screening tool, you can ensure result accuracy due to the absence of human errors. You also screen the names against updated lists, improving the preciseness of your results. Also, such tools can screen massive datasets, saving time and money. With the rise in your customers and transactions, the system can handle huge workloads without compromising the quality.

Having such software shows your commitment to enabling secure transactions and business. Identifying a robust and effective name screening software is a critical activity. Since it is crucial for your AML compliance, you can make mistakes in the selection process. So, we bring you a list of best practices to adopt while selecting a name screening software.

Name Screening Software Features

Ensure that the Name Screening Software supports the following features:

Reliable, comprehensive, and up-to-date data sources
Easy use navigation
Due diligence workflows
Batch screening
Global coverage
API integration

When you have these features, you get the guarantee of accurate and on-time results. You can identify risky customers, avoid them, and prevent financial crimes.

Name Screening Software Selection Best Practices

Your name screening software must be accurate and up to date. Customisation for your business needs and goals makes it more efficient and effective. Also, it must be easy to use and understand for the users. To have these features and make it useful for your business, you must follow the following best practices:

Keep In Mind The Evolving AML Regulatory Needs

The name screening solution must be able to check your customers’ names in any of the watchlists. If they appear in the list, you will not transact with them. If not, you can identify them as genuine and unrelated to financial crimes. In such cases, you can form business relations with them. Thus, it is a medium to keep you away from money laundering threats.

You can follow AML regulations with it. That is why you must consider the evolving nature of India’s AML regulations. The solution must stay updated to include all relevant AML regulations. Also, it must comply with the global sanctions, watchlists, and regulations. Complying with industry-specific requirements can be a significant value addition.

User Interface And Experience Must Be Top-Class

The effectiveness of a technological solution depends on its user interface and experience. A similar case is the case with a name screening solution. It must be easy to learn, understand, train, use, and navigate.

So, while selecting sanctions screening software, ensure it has these capabilities. The user interface must be intuitive to make its use smoother and understandable. This feature results in efficient performance of the solution and user satisfaction.

Ensure That The Solution Is Scalable

In future, your business will grow. You will have more customers, employees, and transactions. This will lead to an increase in data volumes. So, it would help to have a solution that can handle large datasets.

While selecting a name screening software, ensure that the system is scalable. It must be able to adjust to the rise in data volumes. Even if your data increases, it must be able to match with the watchlists and generate results for your business. Thus, you do not need to change the software even when your company grows.

Accurate Results Must Be The Prime Feature Of The Solution

What is the first feature you will look for in name screening software?

Accurate results. Preciseness.

So, while selecting the solution, please pay attention to its accuracy. Research on the algorithms used for building the solution. Understand the parameters based on which the solution defines rules to generate results.

Since it is a name screening system, it should eliminate false positives to reduce your time and effort. So, try to reduce the number of false positives and false negatives. This is possible only if the parameters, factors, and rules are correctly set. You can expect higher accuracy if these are defined per industry needs and local and global watchlists.

Name screening becomes challenging when the customers belong to countries that do not use the Latin alphabet. Conversion of these names has a higher chance of inaccuracies. So, ensure that the screening algorithm does not only focus on the full name. It must include the parameters of acronyms, aliases, spelling variations, nicknames, and other minor differences.

Report Creation Must Be Possible In The Sanctions Screening Software

Choose a solution that also produces reports on the generated results. Reports are the proof of the results generated by the name screening solution.

You will need these reports to submit to your senior management and authorities. It will help you determine which customers are sanctioned individuals/entities and which are not. Your management can decide whether to start or continue the business relationship. The authorities may need these reports as proof of matches with the watchlists and as a regulatory record-keeping requirement.

Customisation Is The Key Differentiator

If you are required to comply with AML regulations in India, you must be one of the following:

Financial institutions
Virtual asset service providers
Participants of the securities market
DNFBPs (casinos, CA, CS, legal professionals, jewellers, real estate agents, etc.)

Despite the same regulations, risks, transactions, customers, business models, and processes differ. Due to these distinctive features, the AML frameworks, policies, procedures, and controls will be unique.

Also, the unique business needs of an entity make it different from other entities in the same or different industry sectors. That is why the solution you select for name screening needs customisation per your preferences.

In the AML scenario, your risk appetite and tolerance differ from other players. This factor also impacts the customisation you need in the name screening system. You will have rules, thresholds, and criteria for matching customers with watchlists.

There is also a difference in the sensitivity of transactions for different customers. So, consider all these factors while deciding the matching thresholds of the solution. For all these reasons, it is crucial for you to look for customisation while selecting the name screening solution.

Data Security And Privacy Of The Solution Is A Priority

Your name screening software has loads of information on your customers. You need this information to match with the watchlists. But you cannot compromise on the confidentiality of this data.

So, you must select a solution that keeps the data secure and private. It must enable encryption of data and secured data transmission to avoid security lapses. Also, the solution must follow the data protection rules in India. Thus, you must ensure that the data remains confidential and secure.

Aligned With EWRA And AML/CFT Program

The name screening software must fulfil the regulatory compliance requirements and ensure alignment with the Enterprise-Wide Risk Assessment (EWRA) and the AML/CFT program implemented by the entity. The name screening software must be configurable for fuzzy matches and approval workflows in line with the AML/CFT framework.

Integration With Existing Systems

Integration with the existing systems makes your work smoother. It becomes easy for you to run the name screening process in alignment with other workflows. Your processes become efficient and faster.

For example, integration with the system you are using for KYC and CDD can work out best. Since these solutions handle customers, they have a shared database of customers’ information. With one database, an integrated solution can generate results for KYC, due diligence, and name screening.

Employee Training Is A Requisite For A Successful Run Of The Software

What will happen if you install a name screening solution and your employees do not know how to operate it? No ROI of such a solution. Therefore, you must train your employees on the new solution to generate quality results.

Besides training on using the name screening system, you must also explain the purpose of doing this process. Points like:

Necessity of AML screening
Process of conducting it
Regulatory compliance requirements

Once they understand these, they can better contribute to the name screening process. Moreover, they must know the latest regulations to incorporate them into the parameters, rules, and thresholds.

Selection Of The Right Vendor Providing The Name Screening Software Is A Game Changer

Above are the key features and capabilities you must have in your name screening solution. But you need to find a vendor who will provide such a solution, along with support services. So, selecting the right vendor is crucial for your AML screening process.

You must look for the right vendor to provide a solution that meets your needs. You must assess the following factors while finalising a vendor:

Willingness to customise the solution per your needs
Training and support services
Customer testimonials of successful solutions and services
Frequency and regularity of software update
Up-to-date watchlist database
A dedicated team to handle your project
Integration services

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article India

Staying cautious while appointing an AML Principal Officer in India

AML regulations in India, whether it is the Prevention of Money Laundering Act, 2002 (PMLA) or the IFSCA (AML, CFT, and KYC) Guidelines, 2022, obligates the regulated entities to create and implement a strict AML/CFT program. The program includes:

Enterprise-Wide Risk Assessment
Putting in place AML and CTF controls and procedures
Compliance with AML regulations and identify the risk while onboarding the customers
Ongoing monitoring to spot the red flags
Timely reporting the suspicious transactions

Appointing an AML Principal Officer is necessary to manage and supervise these activities. An AML Principal Officer, also known as the compliance officer, is essential to ensure the development and enforcement of the AML framework. So, the entity must appoint an appropriate, skillful, competent, and knowledgeable person for this role.

However, regulated entities tend to make mistakes while engaging in the recruitment of AML Principal Officers. These mistakes can cause non-compliance with regulatory requirements, financial losses, reputational damage, or team demotivation. So, the entity must stay cautious and avoid these errors as much as possible.

To help the entities dodge these errors, we have listed them in this article to ensure that the regulated entities take the necessary care and ensure the right person is managing the AML function.

Vital Responsibilities Of An AML Principal Officer

An AML Principal Officer ensures compliance with the country’s AML rules and regulations applicable to the business. Specifically, even the PMLA and the IFSCA AML Guidelines provide the duties of an AML Principal Officer, which include:

Develop comprehensive AML policies, controls, and procedures for the business
Periodically review the implemented measures and make required changes therein
Study and assess the financial crime risks to the business from different aspects
Monitor the transactions, activities, and customers to identify the risks from them
Ensure timely implementation of adequate due diligence measures to prevent suspicious clients and activities
Identify the suspicious transactions and promptly report the same to the FIU
Create awareness around AML and train the staff, empowering them to perform the necessary AML/CFT tasks
Identify the best technology solution to help in the entity’s risk mitigation and AML compliance
Update the management about the entity’s AML initiates, gaps identified, and seek inputs

Thus, in tandem with the authorities, senior management and internal employees, the AML Principal Officer manages all the AML compliance-related responsibilities.

With the primary responsibility for AML compliance entrusted to the Principal Officer, the entities must exercise extreme caution while conducting the recruitment process.

Top Mistakes The Entity Makes While Recruiting An AML Principal Officer

The entity must have an effective recruitment process to get candidates with adequate skills to fulfill the AML duties. But there are possible mistakes during this recruitment process, which must be avoided to save costs and effort. These mistakes are:

Failure To Create A Clear, Structured Recruitment Strategy

AML compliance requirements are forever to stay. The entity must adhere to its rules annually, all year long. So, it is a must to have a long-term AML compliance strategy, its requirements, and what the entity plans to do. Also, how an AML Principal Officer would contribute to achieving these goals must be clear.

Only with such clarity can the entity move ahead with recruiting the proper AML officer.

For a clear recruitment strategy, it is important to define the following:

Job description
Key responsibilities
Qualification required
Skills and competencies to have
Attitude and Characteristics
Any prior experience

Additionally, define the steps of the recruitment procedure. The vital steps are initial screening, shortlisting, assessment test, final interview, etc. It gives clear direction to the entity on how to move forward and what aspects of the candidate must be assessed at each stage. If required, the entity can create a flowchart to keep track of every step and note the result of each step.

The absence of such a strategy will lead to a complicated, chaotic process. This may result in the hiring of an ill-fitting candidate, reducing the efficiency of the AML function while increasing the risk exposure and wastage of resources. If the candidate cannot diligently perform the AML compliance responsibilities, the entity might have to repeat the process.

Lack Of Alignment With The Business’s AML Requirements

The entity needs to understand clearly what AML provisions apply to its business. The entity must also know the present status of its compliance. Awareness of the following is critical:

All compliance requirements that the entity needs to fulfil to avoid regulatory penalties.
The various potential money laundering risks the business can be exposed to.

Knowledge of these two aspects clarifies how the candidate must be. The entity can accurately judge the candidate and test their knowledge in these aspects.

The absence of such alignment with the AML requirements of the business might lead to the hiring of the wrong candidate. This may lead to a loss of money and time while adversely impacting the effectiveness of the AML function. So, these mistakes must be avoided.

No Proper Marketing And Promotion Technique

An AML Principal Officer is a critical position in any regulated entity. It is not a short-term role but a long-term association with the business. The candidate must lead from the front, manage the team, and take an interest in all things related to ensuring AML compliance across the organization. So, the entity must attract suitable candidates for this job.

It is possible only if the entity focuses on the job ads. The crucial factors are how the job ads are posted, where it is posted, and what is included in it. The job descriptions must be inclusive and transparent and describe the ideal candidate profile.

The entity must not make the mistake of posting the job ad everywhere or anywhere. Proper promotion is needed for any job position. The candidate pool will be the same if the entity keeps posting at the same place. The ad might not reach suitable candidates if posted only at one or two places. So, it is recommended to use the company’s website, social media pages, and recruitment portals for job postings.

Another crucial point is to look for the right candidate, even internally. There might be employees with more skills and the right attitude to take up responsibilities of AML compliance. They already fit the company culture. Even if some grooming and AML training are essential, an internal candidate is better than an external candidate.

Absence Of Qualification, Certification, And Experience

As mentioned, the entity must be very careful in recruiting an AML Principal Officer. It is a pivotal position, and the entity cannot go wrong with it. So, the entity must carefully check and verify the qualifications, certifications, and past experiences.

The candidate must have relevant qualifications and certifications. These must be specialization courses from credible global institutions. Also, the candidates’ knowledge in these courses must be tested.

AML compliance for a company requires management from an expert individual. An individual without experience will be unable to contribute much to the role. They must understand and experience handling each of the AML tasks – however big or small it is. The absence of such an experience will lead to a chaotic situation or non-compliance. It might lead to non-compliance penalties or reputational damage later.

So, please pay full attention to the incoming candidates’ experience and knowledge.

Ignoring Background Checks

AML Principal Officers reduce the threat of financial crimes for the regulated entities. They develop and execute policies to protect the business from money laundering and terrorism financing risks. When they have this role of protectors, they cannot be a part of financial crimes.

Therefore, background checks must be essential to the entity’s recruitment process. For general jobs, companies also conduct these checks. AML Principal Officer is a critical responsibility, so it becomes mandatory to check a candidate’s association with any financial crime.

If the entity misses these checks and later finds the individual to be a part of a crime, questions on integrity might arise. It might also affect the business’s reputation in the market.

Not Conducting Enough Training And Development

Training and development are essential for any position in a company. Adequate training must be conducted even when selecting an AML Principal Officer.

Relevant training leads to brushing up on the existing knowledge of AML compliance. It keeps them up-to-date and eliminates any skill gaps. Such training programs help the officer know more about the industry, learn new AML technologies, and study global best practices in AML compliance.

Omission Of Judgment Based On Soft Skills

If the entity has no metric for judging the soft skills of incoming candidates, then the entity is in for significant damage. A candidate with all the qualifications and experience but no attitude and personality to lead the business’s AML compliance function is detrimental to the business’s growth and reputation. So, start paying attention to the soft skills.

These soft skills include:

Teamwork
Analytical mindset
Positive attitude
Attention to detail
Drive to fulfil responsibilities
Alignment with the business’s core values
Ethical and law-abiding
Problem-solving attitude
Communication skills
Critical thinking
Conflict resolution

The entity must consider these soft skills while recruiting an AML Principal Officer.

Rushing Through The Process Or Taking It Too Slow

If the entity has a swift hiring process, it might recruit an unfitting candidate. Or, if it takes too slowly, the applicants might move to another organization. So, be careful of the duration of the hiring process. It must be neither too fast nor too slow.

Pushing the recruitment process too rapidly may lead to missing applications from some deserving candidates. By the time they apply, the entity might have already recruited a less deserving candidate. This can affect the efficacy of the AML compliance efforts.

While, if the entity is sluggish in the hiring process, the shortlisted candidates might move to another organization by the time they are called for the next round or offered the position. So, the entity must improve the candidate selection and analysis process’s speed.

Overlooking Underqualified Or Overqualified Candidates

A common problem in the hiring process is neglecting over-skilled or under-skilled candidates. Suppose the entity finds some resumes and feels like “they are too qualified to take up this job”. Or some applicants do not have the qualifications per the job description.

It is recommended that such resumes for the AML compliance profile must not be ignored. Since the candidate has applied despite knowing their overqualification or underqualification, the entity must judge them based on interviews. The entity may get to know their skills, personality, aptitude, and attitude while talking to them. The overqualified candidate might want to get back to the basic tasks of this job. Or the underqualified candidate is a talented and fast learner.

In both cases, it would be a win-win situation for the entity. So, before throwing the resumes, interact with them.

These are the common mistakes recruiters make in hiring an AML Principal Officer. The regulated entities must consider these points while recruiting an AML Principal Officer.

How Can We Help The Regulated With AML Compliance?

We at AML India help regulated entities with AML compliance; it is a requirement under the PMLA 2002 and IFSCA AML guidelines. Our services include policy documentation, enterprise-wide risk assessment, training the staff and the AML Principal Officer and AML health check.

We also help you set up an AML compliance department and hire a fitting AML Principal Officer. Our consultants analyze your business’s AML requirements before providing services. Such an assessment gives us a better idea of your company’s AML obligations. We help you conduct the hiring process, promote it, and select the right candidate.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article India

Strengthening the KYC process by averting these 12 common mistakes

Strengthening The KYC Process By Averting These 12 Common Mistakes

With the rise in financial crimes, Know Your Customer (KYC) has become a critical part of the anti-money laundering (AML) strategy for regulated entities, including financial institutions, Designated Non-Financial Businesses and Professions and IFSCA-regulated entities.

The Prevention of Money Laundering Act, 2002 (PMLA) and IFSCA (AML, CFT, and KYC) Guidelines, 2022 require regulated entities to undertake relevant AML measures, including Customer Due Diligence to prevent money laundering. As a key component of Customer Due Diligence, KYC helps regulated entities identify suspicious customers.

KYC is about identifying the customer, the beneficial owners and the beneficiaries and verifying their identities before establishing a business relationship. In the course of KYC, the regulated entities get to know the customers’ true identities, based on which the entity can decide whether to work with them or not. Thus, with KYC, the regulated entities can shield the business from the financial criminals and the ill effects of money laundering and terrorism financing.

The KYC process is not as straightforward as it looks. KYC must be attended with full attention to avoid the common mistakes. It is a critical function to help optimize the AML compliance efforts.

So, let’s dive into the common mistakes necessary to avoid the same to strengthen the KYC process and implement it as an invaluable foundation of AML compliance.

Top KYC Blunders To Avoid

Concerning the AML regulatory provisions for India, the regulated entities must implement and carry out KYC for all their customers, suppliers and associated business partners. The regulated entity must follow the key best practices to avert these common mistakes. If not, the reporting entity might be vulnerable to financial crime, making it a costly and time-consuming affair to mitigate and manage risks. These standard errors around KYC are:

Risk Arising From The Nature Of The Customer

Yes, KYC is essential for AML compliance. The entity must identify and verify its customers to determine their risk profiles. But generally, it has been observed that the entities consider it as an administrative task. KYC is perceived as a task that hinders routine business operations. A costly task. A regulatory burden to carry.

But that won’t be a wise standpoint.

The KYC process is more than a compliance requirement. With KYC, the entities can identify the customers and collate the necessary information to determine the customer’s risk profile. It can help the entity reduce risks and protect the revenues and business operations from money laundering threats.

Thus, the entities can save the brand reputation from going awry. To enjoy these benefits, viewing KYC as a strategic initiative is essential. A value-adding exercise for the business, not just restricted to compliance needs. A way to allow honest customers to use the products and services and block the dishonest and illegal ones.

Losing Sight Of The Changes In AML And KYC Regulations

In the current dynamic times, regulations evolve now and then. As and when new threats arise, regulators make changes in AML regulations. So, the provisions become tighter. These evolving laws can lead to amendments in KYC requirements.

The regulated entity must keep track of these changes. If the entity misses the changes, the KYC procedures will be incomplete and ineffective. The KYC procedures must align or adjust to local laws and industry standards. Ignoring them can lead to blunders in the KYC, leading to non-compliance, fines, and other problems like engagement with criminals.

Absence Of A Proper Plan For Conducting The KYC Process

KYC is a cumbersome process. It consumes a lot of time. It can be tiresome for teams and customers. KYC requires the collection of many data points on each customer and managing the customer onboarding process. Whatever it may require, it is essential and critical for AML compliance. So, having a proper plan for KYC is a must.

Before engaging in routine KYC tasks, the entity must make a plan with details on information points, processes, resources responsible, and timelines, i.e., a detailed KYC Program. The entity must define the workflow for KYC. It includes coordination points between compliance, business, and technical teams. The reporting entity can have a successful execution of KYC processes only when a sturdy KYC plan exists.

A Shortage Of Budget For KYC

KYC is essential for reporting entities to achieve AML compliance. The entities must continuously conduct the KYC as and when new customers are onboarded or there are changes in the existing customers’ details. Thus, constant monitoring of all existing customers is also critical.

All these activities need a proper amount of time and money investment. Investment in terms of technology, skilled human resources, and employee hours. So, the regulated entity must make a proper budget allocation for KYC. It is an expensive exercise, but it can keep the business safe from financial crime threats.

Inadequate, Outdated, Or Incomplete Data On Customers

The KYC process involves identifying and verifying customers before forming a business relationship. It is essential to avoid the threats of money laundering and terrorism financing. So, the entity must be cautious in its execution.

The KYC process is incomplete if data points are missed, or the entity forgets to collect a few details on a customer. Also, outdated data will lead to outdated results. The data gaps can mar the entity’s compliance efforts.

Data quality ensures detailed and insightful customer risk assessment. If any details are missed, the customer might prove risky even though the entity may have put them on a no-risk or low-risk list. This impacts the business operations. So, it’s better to ensure data security, integrity, accuracy, and quality. Such quality data ensures a comprehensive assessment of each customer during the complete Customer Due Diligence process.

No Use Of Technology For The KYC Process

The KYC process requires the regulated entity to collect and analyse customer data. The entity must verify the data with identity documents and other reliable, independent sources.

If this process is managed manually, errors, duplication, or missing data are possible, resulting in flaws in the KYC process. It affects the business, exposing it to higher threats of money laundering and other financial crimes.

One of the recommended solutions is to use technological systems for KYC. Such technology automates the process around customer data collection, organization, cleansing, categorization, or analysis. Thus, it saves time, costs, and effort, increasing efficiency and effectiveness in the KYC process.

Engaging Unskilled And Untrained Employees In KYC Exercise

High-tech people are committing financial crimes. They identify loopholes in processes or technologies and use them to their advantage. They find innovative ways to launder money and commit fraud. If the fraudsters are proficient and capable in their work, how can an unskilled worker be expected to identify such crimes?

So, the regulated entity must engage knowledgeable, experienced, and skilled people for AML activities. Similarly, the engagement of well-trained and qualified persons to carry out the KYC process is also necessary. They must understand different red flags that may be observed during the customer identification or verification process, including risk indicators related to customer behaviour. They must undergo training around details and documents to be verified to conclude the KYC process better.

Not Using Multiple, Credible Data Sources

The regulated entities should rely on more than one source to verify the customers’ identities. Some of the examples of credible data sources include:

Ministry of Corporate Affairs’ list of businesses
List of GST taxpayers
Industry associations’ list of firms
List of corporate taxpayers
List of PEPs
Sanction lists
Credit reports of companies
Global watchlists

Checking and verifying the customer’s identity on multiple reliable sources boosts the confidence that the entity is dealing with the right customers.

Lack Of Communication And Coordination Between Departments And Teams Handling KYC

The regulated entity may have a dedicated team to handle the KYC process, with different sub-teams working on different tasks. For example, one team collects data while the other verifies the collected information.

The entity must ensure communication among the team members and data sharing for a smooth process. The entity can also create a shared database of customers with accessibility permissions so that team members work on the same data sets. They must coordinate with each other to build the customer’s risk profile.

A small communication gap might ruin all the AML efforts, affecting the quality of the KYC process.

Asking For Too Much Or Too Little Information

Keep the KYC forms in optimum sizes. The entity cannot keep it so long that potential customers lose interest in forming a business relationship. Also, it cannot be too short that the form does not serve informational purposes, necessary to identify the customer and assess the customer risk. So, try to have all the necessary questions in it. Also, ask for necessary proof and documents to verify the information provided.

If necessary, information is excluded, and the regulated entity cannot create a risk profile. The available information will be insufficient to know whether the client is risky or not. If too many unnecessary data points are included, irrelevant as AML measures, clients will find it a prolonged, tedious exercise. This will demotivate the customer, resulting in business loss.

The mandatory compliance needs and the good-to-have details necessary for understanding the risk posed by the business relationship must be included in the KYC form.

Ignoring Customer Experience For KYC

We all know how tiresome and time-consuming exercise KYC is! No one would like to fill out lengthy forms every year. Or visit the office to submit documents for verification. Remote verification is not possible in some cases. These are all the situations that can make the business lose potential customers or move to its competitors.

So, it becomes crucial to focus on improving customer experiences. Yes, digitalization is a solution. However, it must align with overall operations and the AML compliance requirements. The regulated entity can use customized, automated solutions to improve customer interaction with the system.

Disregarding The Importance Of Continuous Monitoring – KYC Remediation

Constant monitoring of customers is essential to track the changes in customer details and know the changes in their risk level.

KYC is not a one-time activity. Instead, the KYC process includes KYC remediation, focusing on the ongoing review of the customer’s information to identify the changes in the customer’s information and determine if the customer’s details submitted earlier are valid and whether the originally assessed risk holds good.

Ignoring KYC remediation or lapses in the continuous monitoring of the customer profile may lead to exploitation of the business by the customers originally tagged as low-risk and, thus, imposition of non-compliance penalties and reputational damage.

Thus, monitoring the customers’ details and documents is an excellent practice.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article India

AML Measures when Dealing with High-Risk Customers under IFSCA AML Guidelines

The regulated entities operating in the International Financial Service Centre (IFSC) are required to identify and assess the money laundering and terrorism financing risk and apply adequate risk mitigation measures in accordance with IFSCA (AML, CFT, and KYC) Guidelines, 2022 (IFSCA AML Guidelines). The IFSC AML Guidelines mandate the regulated entities to perform Enhanced Customer Due Diligence when the identified ML/FT exposure is high.

In this article, we shall discuss Enhanced Due Diligence (EDD). These certain risk factors may suggest increased risk involved, warranting the performance of enhanced measures and EDD measures to be applied when engaging with high-risk customers.

What Is Enhanced Due Diligence?

The IFSCA AML Guidelines require regulated entities to implement robust AML policies and procedures, focusing on the timely identification of ML/FT risks and conducting necessary checks and verifications to manage these risks.

One of the key AML provisions prescribed under IFSCA AML Guidelines is conducting the Customer Due Diligence (CDD) process to identify the customer, verify their identities and assess the risk exposure from the particular business relationship.

An integral part of the CDD is enhanced customer due diligence, applied when the customers are identified as posing increased risks. This concept is in line with the foundation of the AML program – the risk-based approach, requiring the regulated entities to apply increased controls when the higher risk is assessed, and for lower-risk customers or transactions, standard risk mitigation measures can be enough.

Enhanced Due Diligence is an advanced version of normal Customer Due Diligence, with additional inquiries around the customer information and stringent verification of the customer’s profile. This may include a thorough understanding of the customer’s business activities, the purpose of the business relationship, the customer’s financial position, etc.

For applying these additional checks and controls, the regulated entity may seek additional details and information from the customer relying on third-party reliable and independent data sources, social media, etc.

Identifying The High-Risk Customers?

It is essential for the regulated entities to identify the high-risk business relationships or transactions to manage the risk to ensure:

Regulatory compliance with the provisions of IFSCA AML Guidelines
Protection of the business against potential exploitation by financial criminals
Avoid reputational damage to the business
Contribute towards stability and integrity of the economy

The IFSCA AML Guidelines have enlisted certain factors around the nature of the customer, product or services offered, the jurisdiction involved, etc., which pose a higher risk of being associated with money laundering, terrorism financing, other financial crime, or its typologies.

Here are certain high-risk factors that regulated entities must consider while developing the Customer Risk Assessment methodology:

Risk Arising From The Nature Of The Customer

Customer is a Politically Exposed Person (PEP) or is a close relative or associate of the PEP
Customer involved in high-risk business activities (such as casino, money service provider, etc.)
A corporate customer has a complex ownership structure or where identification of the beneficial owners is difficult
Corporate customer having nominee arrangements – nominee shareholders or nominee directors
Legal persons or arrangements acting as personal asset-holding vehicles
The customer has been alleged or convicted in the past for any financial crime

Geographic Risk

Customer is hailing from or is closely associated with high-risk countries such as jurisdictions subject to FATF grey list or black list (e.g., North Korea or Iran)
Transaction is expected to be executed in a country known for a high level of corruption
Countries with weak or no AML regulatory framework for controlling and preventing money laundering, terrorism financing or financial crimes
Jurisdictions subject to sanctions, embargos or similar restrictions by the United Nations or any other international organisations
Countries known for funding terrorist activities

Customer Due Diligence

Products or services favouring anonymity
When the customer is onboarded via remote channels or non-face-to-face basis without applying adequate controls in this regard
The customer is insisting on settling the transaction charges through a significant value of cash or crypto or other virtual assets
Business relationship involves agents and intermediaries without any business sense
When the transaction payment is settled through an unassociated third-party account
The value of a product or service is disproportionate to the customer’s financial profile
The services requested by the customer are related to the appointment of nominee shareholders or setting up a trust in a foreign country

The list here is not an exhaustive one, and the overall customer risk profile must be determined considering the combination of various risk parameters and not just one. The customer risk assessment program must align with the business’s nature and the overall Enterprise-Wide Risk Assessment.

What AML Measures Are To Be Implemented For High-Risk Customers By IFSCA-Regulated Entities?

To adequately apply the Enhanced Due Diligence measures and to manage the increased risk posed by high-risk customers, the regulated entities must perform the following AML measures in addition to the standard CDD process:

Additional Details

Additional inquiries must be made to understand the customer’s occupation, nature of business activities, ownership and control structure, etc.). These details may be sought directly from the customer or information can be gathered from other data sources (internet, paid subscription, corporate register, social media like LinkedIn, etc.)

The regulated entity must also establish the customer’s intended purpose of a particular business relationship.

Financial Status Of The Customer And The Beneficial Owners

Reasonable efforts must be made to understand the customers’ and the beneficial owners’ financial position and its alignment with the nature and value of the transaction. For this, the regulated entities must obtain information about their source of funds and source of wealth

The regulated entity must establish the validity of this information by obtaining valid documents like audited financial statements, tax returns, payslips, bank statements, etc.

Senior Management Approval

The senior management must be apprised of the risk involved. The regulated entity must have systems and procedures to seek senior management approval for onboarding or transacting with high-risk customers.

Enhanced Ongoing Monitoring

The degree of risk the high-risk customer poses may increase or decrease over time, impacting the relevance and validity of the EDD measures and other controls applied. Thus, the regulated entities must subject these high-risk customers to an increased monitoring program. Under this, the transactions executed by these customers shall be closely monitored, and the customer’s overall profile shall be reviewed frequently and rigorously.

Condition Around First Payment

The regulated entities must ensure that the first payment towards the business relationship with the regulated entity is settled through the high-risk customer’s account with a bank subject to similar AML regulations and CDD measures.

This includes the following institutions where the customer has maintained an account in his own name:

a Bank
a financial institution subject to AML regulation and supervision, implemented in accordance with FATF Recommendations,
a subsidiary of the abovementioned entity, following the AML regulations applicable to the parent institution.

The IFSCA-regulated entities must implement the above-stated measures as part of EDD to mitigate money laundering and terrorist financing risks.

Best Practices To Manage High-Risk Customers

The following are a few tips that the regulated entities must consider when developing the Enhanced Due Diligence Program:

AML training on EDD is mandatory to manage the risk effectively. The regulated entity must ensure that the compliance team and relevant staff are adequately trained on identifying high-risk customers and diligently applying the additional checks and measures.
To bring efficiency and speed to the monitoring program, the regulated entity may consider implementing a robust business relationship and transaction monitoring system, wherein advanced technologies (like AI & ML) can be leveraged to review the transaction on a time basis, map it with the customer’s profile and promptly identify the suspicious activities.
To maintain the effectiveness, quality and relevance of the AML program, including the customer onboarding process and EDD measures, the regulated entity must establish a periodic review and AML audit function. The review must identify the weaknesses and flaws in the AML efforts and provide recommendations on strengthening the same.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article India

Detecting structured transactions under PMLA and IFSCA (AML, CFT, & KYC) Guidelines, 2022

One of the standard techniques criminals use to launder illegally obtained money is through structuring. In this context, the Prevention of Money Laundering Act, 2002 (PMLA) and IFSCA (AML, CFT, and KYC) Guidelines, 2022 require financial institutions and other regulated entities to implement necessary anti-money laundering (AML) measures to identify the structured transactions, report, and prevent the same.

The article here discusses the structuring of transactions from an AML perspective and the measures to be adopted for enhancing the AML program, focusing on the detection and deterrence of such transactions.

What Is Structuring?

It is essential to understand the concept first before deploying the controls to curb it. Structuring refers to a process where the large sum of the amount is intentionally broken into smaller denominations to avoid the attention of the authorities or AML-related enquiries from the regulated entities.

The launderers use structuring during the placement as well as the layering stage of the money laundering process. During the placement stage, the large amount of cash generated through criminal activities is split into small values for putting such cash into the financial system without raising suspicion (when millions of cash value is divided into 100s of smaller deposits). During the layering phase, the structuring of transactions is done to distance the owner and origin from the dirty money.

The objective of structuring transactions is to artificially manipulate the value and count of transactions that appear to be expected and within the threshold of AML checks to escape scrutiny. Structuring leads to the creation of a complex web of transactions, concealing the source of criminal proceeds and the identity of the launderer.

This calls for a comprehensive framework to monitor the transactions to spot such falsely structured transactions attempted to launder illicit money.

Why Is It Crucial To Detect Structured Transactions?

When any structured transactions go undetected, the regulated entities are deemed to have aided the money laundering process, though inadvertently. This can lead to severe unwarranted effects such as:

Legal Consequences:

The failure to detect and prevent the structuring of transactions would be treated as non-compliance with provisions of PMLA and the IFSCA (AML, CFT, and KYC) Guidelines. This can result in huge penalties and other legal actions by the regulatory authorities.

Reputational Damage:

when the entity is known for being exploited by criminals to route illegal money, it portrays the image of weak AML controls of the company. This adversely damages the business’s reputation in the market, including loss of customer trust. Rebuilding the original brand takes a long time and is an expensive affair!

Financial And Operational Risk:

Loss of reputation and customer confidence has a long-lasting impact, resulting in loss of new business opportunities. No rational investor is willing to associate with an entity that does not demonstrate a solid commitment to AML compliance and overall ethical business conduct.

Further, when the business has been misused by criminals for money laundering, it may also have led to the exploitation of the business resources, resulting in financial loss to the regulated entity.

Given the severity of the impact the structured transaction can have on business, regulated entities must understand the significance of its detection and implement a strong AML program that ensures no structuring of transactions goes unidentified.

What Are The Key AML Measures For Detecting The Structuring Of Transactions?

The following elements must be developed thoroughly and implemented in the whole spirit to identify and prevent the potential suspicious transactions suggested structuring:

Customer Due Diligence

The regulated entity needs to identify the customer and the beneficial ownerswith whom the business relationship is to be established. Verification of the identity of such persons is very crucial to determine if the person is genuine, has no mention on the Sanctions List or is not connected with one, has some adverse media or is associated with a Politically Exposed Person (PEP)that warrants application of additional measures.

Further, understanding the purpose of transactions and the nature of business relationships is also a significant measure to uncover any potential structuring activities.

Implementing Robust Ongoing Monitoring Mechanism

Only with continuous monitoring can the structuring of transactions be detected. The regulated entities must develop a comprehensive ongoing monitoring program to identify suspicious trends or inconsistencies with the customer’s profile. This program must include tools and technologies configured with monitoring rules to immediately flag the complex transactional patterns suggesting structuring, as the manual review may not possibly cover a holistic review of the transactions and is also subject to human oversight. The system uses sophisticated logic to draw anomalies and unusual patterns, such as the same amount of funds being frequently deposited from one account to another or the purchase of the same value of gold (below the reporting threshold) every week.

The regulated entity must explore investing in advanced technologies like machine learning and artificial intelligence that can run large volumes of transactional data in seconds, predict the trends and generate alerts for any suspicious series of transactions, indicating structuring. Further, with intelligent algorithms, the number of false positives can be minimized, saving on human efforts to examine the alerted transactions. Data analytics capabilities can also analyse customer behaviour and map it with the overall risk profile of the customer and the transactions being executed by the customer over the period of time to determine any dubious activities.

AML Awareness And Training

Having well-trained employees is as important as having the AML program. The regulated entities must invest resources in imparting adequate training to the team to create awareness on:

internal AML policies and procedures implemented,
the money laundering-related red flags,
the software and tools deployed to manage the AML compliance,
identification and reporting of suspicious transactions, including potential structuring activities,
specific to the structuring of transactions – various structuring methods must be discussed,
overall duties and responsibilities towards the AML framework.

The employees must be trained on thoroughly investigating the flagged transactions to trace the origin and true beneficiary of the funds to uncover any attempts to launder the funds through structuring.

The training program must include case studies and workshops to empower the employees to deal with real-life scenarios when any risk indicators are observed.

Periodic Review Of The AML Program, Including Monitoring Systems

The regulated entities must periodically review their AML policies, procedures, controls and systems to check the effectiveness and validity in identifying and preventing the structuring of transactions, along with other vulnerabilities.

This periodic review of the AML program shall ensure that the entity is aligned with regulatory developments and emerging risk trends. During this process, gaps or weaknesses in the AML framework, if any, can be detected and addressed to strengthen the efficacy of the AML efforts. Further, it can also assist in verifying that the transaction monitoring rules are working fine and no transaction structuring goes unobserved.

With a systematic approach and a robust AML program encompassing Customer Due Diligence, continuous transaction monitoring, AML training and AML health checks, the regulated entities can effectively detect and prevent the structuring of transactions.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article India