On the horizon: AML/CFT, FATF and technology trends for 2024

The past decade has shown that the world is an unpredictable and ever-changing place. However, as we begin 2024, we have taken the crystal ball out of the cupboard to determine what we believe will unfold in the world of anti-money laundering (AML)/combatting the financing of terrorism (CFT) and RegTech and SupTech in the coming 12 months.

FATF mutual evaluations and implications

Heading into the 5th Round of Financial Action Task Force (FATF) Mutual Evaluations, 2024 will see countries looking to update their risk assessment processes and legislature in line with the FATF Recommendations – the global standards of AML and CFT.

The 5th Round revised methodology – although not yet in effect – will take place over a six-year cycle as distinct from earlier rounds, which were seen to last for around 10 years. This round will focus on strengthening AML/CFT detection capabilities and ensuring countries are making use of existing regulations and policies.

From 2024 onwards, financial institutions and designated non-financial businesses and professions (DNFBPs) will be assessed separately, with the aim of providing transparency on the level of effectiveness in unique areas for more targeted recommendations to be allocated. FATF is aiming for evaluation reports to be more results-driven, “focusing on specific actions and timelines to tackle money laundering, terrorist financing and the financing of weapons of mass destruction”.

Over 200 countries and jurisdictions are committed to implementing the FATF standards within their operations, and it is within all their interests to avoid the implications of not adhering to the 5th Round revised methodology. A good result contributes towards the trust in a country’s rule of law and solidifies a country’s position within the global financial system, whereas the alternative is inclusion on the FATF’s statements identifying jurisdictions with strategic deficiencies in their AML/CFT regimes.

Countries and jurisdictions will be assessed according to the FATF methodology, whereby a country receives either a compliant or non-compliant rating. The methodology not only examines if sound laws and regulations are present, but whether they are used and give the expected results.

A mammoth task lies ahead for regulators responsible for assessing the risk of regulated entities within their jurisdiction and learning where improvement is needed. Whilst the knowledge and expertise required to undertake such a task is substantial, what is also required is the resource to set up and conduct the risk assessment, to monitor it, and to collect the ever-important data and report on it. This is often so time-consuming that by the time the risk assessment is completed, it is most likely necessary to start preparing for the next.

Technology that can allow countries and jurisdictions to view quantitative risk data of their whole market, rather the qualitative data, should be the future. Being able to effectively view the risk level of each regulated entity by score and seeing which require the most attention would be invaluable given the FATF’s 5th Round revised methodology of focusing on areas where risks are highest.

Keeping up with sanctions requirements

Financial institutions are already concerned with having sanction screening systems that meet effectiveness and efficiency standards. The expectation is that organisations will look to undertake continual system upgrades to boost screening efficiency whilst not sacrificing system effectiveness.

In 2022 and 2023, the number of sanctions programmes and sanctioned entities increased dramatically with numerous updates from sanctioning bodies around the globe, predominantly linked to the invasion of Ukraine by Russia, with Iranian sanctions increasing significantly towards the end of 2023. The number of list updates at times was overwhelming for many organisations, and exported lists will rapidly go out of date.

Keeping up to date with the changes of major global sanction lists is an arduous and resource-intensive task. With so many lists constantly changing, it is likely that many organisations will join others in the frequent testing of their sanction screening systems, which would reveal which lists have been neglected and need to be updated.

Transaction monitoring

Understanding detection logic and how it operates and aligning it to emerging risk typologies is crucial for organisations. Going forward, transaction monitoring system testing and validation must use technology that can use synthesised transactional data to mimic red flag regulatory-referenced indicators to highlight potential illegal activity in a bank account.

Typical characteristics of financial crime typologies such as modern slavery, the illegal wildlife trade, proliferation financing, tax evasion or terrorist financing need to be mimicked to test a transaction monitoring system’s ability to highlight inaccuracies and identify incorrect threshold parameters that can cause a system to produce unnecessary alerts or miss specific behavioural-type transactions.

Being well-versed in international regulatory guidance on testing against red flags is key. Through specialist research, a database of red flags can be maintained, created in accordance with international best practice recommendations and guidance from global standard setters and authorities. As these lists inevitably expand, regulators must keep up to date with them.

Should you stay or go?

A lot of organisations are now faced with the decision of whether they should stick with their current anti-financial crime technologies or if they should upgrade or change vendors. Throughout the struggles of COVID, a lot of businesses didn’t give this much thought. However, that is expected to change in 2024 as we are likely to see fundamental AML/CFT infrastructure more frequently upgraded in line with FATF Mutual Evaluations.

There are several questions a firm must ask before embarking on this journey. For example, is their system working effectively, or is there a newer one on the market that might be more beneficial? Whilst investing in another vendor’s product will only come at a huge expense, it also does not completely solve the issue as the technology must still be understood, tuned and used correctly. Harnessing it requires both expertise and experience because, after all, it is how a system is used and not the system itself that provides the outstanding results required by regulators.

Adhering to the FATF’s expectations is about ensuring that the screening and monitoring systems currently in use are working optimally. Often rigorous testing and tuning of a current system is required, rather than an expensive and laborious system upgrade.

This choice is most likely going to come down to both the size and budget of the financial institution. A lot of regulated entities aren’t large enough to make use of the state-of-the-art technology vendors have to offer, let alone able to afford them, so are better suited to optimising their current processes.

Both FATF Recommendations 26 and 27 are particularly relevant here. Firstly, 26 states “countries should ensure that financial institutions are subject to adequate regulation and supervision and are effectively implementing the FATF Recommendations.”

Ensuring their regulated entities have the correct systems and controls in place, through optimisation of existing technology or upgrading, is the first step towards compliance. FATF Recommendation 27 exists to allow regulators to supervise and monitor where necessary and improve a regulated entity’s compliance processes, giving the power to step in, intercede and take the appropriate action if needed, whether that be advising strict testing and tuning improvement or a system upgrade.

AI and ML automation

Two things that we haven’t stopped hearing about is artificial intelligence (AI) and machine learning (ML). Our prediction is they will continue to dominate in discussions across the industry and will be implemented where possible within AML/CFT technologies, despite requiring rigorous processes to implement them. Sanction screening and transaction monitoring systems will remain as core infrastructure with AI and ML acting as overlay tools to automate, optimise and enhance processes.

Public-private partnerships and information sharing

Maintaining public-private partnership (PPPs) with private sector companies with regards to financial system testing is only beneficial if financial institutions, regulators and banks are transparent and share information about the issues they are frequently facing. Going forward into 2024, we expect to see greater collaboration across the market to stop financial crime.

PPPs are also an important aspect of the fight against the illegal wildlife trade (IWT), which the industry is paying ever-closer attention to, with support from many government bodies. Globally there is a groundswell of support from the compliance industry to enable the transfer of information with regard to illicit financial activity, of which IWT is a large component due to the global nature of supply chains and financial flows.

PPPs incorporating NGOs, governments, and the private sector are critical where information is readily available to facilitate an industry-wide approach to de-banking and facilitating the prevention of illicit money flows to help progress the global fight against IWT. This is a work in progress and one in which all banks and financial institutions have a key role to play.