Mitigating financial crime risk in the UAE

Financial institutions in the UAE are preparing for the country’s FATF Mutual Evaluation later in 2019. The publication of the results could be critical for the image and reputation of the country’s financial services sector, as the outcome is likely to play a profound role in determining the way the UAE’s anti-money laundering (AML) regime is perceived globally.

In pursuit of ensuring that the financial services sector is ready when the FATF evaluators arrive, the Central Bank of the UAE (CBUAE) mandated an independent evaluation of their AML and sanctions-compliance frameworks. First for the national banks in 2017, and subsequently the branches of foreign banks and the exchange houses in 2018.

Having completed the assessments for multiple financial institutions between 2017 and 2018, KPMG gained some insight into the AML programmes adopted by financial institutions. Most financial institutions performed well in terms of governance, training and assurance, and two areas were highlighted for potential improvement: risk assessment and monitoring.

The reality is that compliance functions have been striving to strike a balance between ensuring effective management of regulatory developments and reducing compliance cost. This appears to be turning into an increasingly challenging task, as the cost of compliance is rising exponentially with the accelerating pace of regulatory change.

A step-by-step method

The question arises how organisations can simultaneously prepare for the FATF evaluators, meet strategic compliance objectives, minimise compliance cost and effectively manage financial crime risk.

The answer may lie in a three-fold approach:

A) Remediate the areas for development identified through the recent assessment of the AML program. Hence, in view of the outcome of the assessments, financial institutions should prioritise a review of:

1) The compliance risk assessment framework aimed to ensure it covers all business areas and enables them to identify and adequately prepare for money-laundering risks. These are continuously evolving with the entry of new financial products and players in the competitive market, as well as with FinTech developments such as digital finance and cryptocurrency.

2) The monitoring programme in order to validate that the annual compliance plan, transaction monitoring and know-your-customer (KYC) processes address regulatory requirements and are aligned with the firm’s risk profile.

B) Achieve operating efficiencies through, for example, integration of intelligent automation and innovative technology into the existing technology infrastructure. Compliance leaders could explore and leverage new technology capabilities to automate their compliance activities alongside similar transformations being undertaken by their business counterparts.

For instance, robotic process automation (RPA) can assist in retrieving data for money-laundering investigations and scanning public databases for changes to laws, rules and regulations. Machine learning may be used to identify risks using public information and historical outcomes of previous investigations.

Meanwhile, cognitive technology may be used, capable of mimicking aspects of human judgment to, for example, interpret transaction activity.

C) There should be a greater focus on effectiveness by ensuring that key risks are clearly understood, and mitigation measures are designed and implemented to ensure compliance with the regulatory provisions on AML and sanctions.

Clear protocol and canny investment

Moreover, in the process of re-assessing their AML regime, financial institutions should not overlook their conduct risk management programme. Money-laundering scandals and the ensuing enforcement actions continue to plague the financial sector. We can therefore expect regulators to remain keenly focused on business ethics and the demonstrable actions taken by financial institutions, both proactively and reactively, to prevent and manage misconduct.

In order to be operational and effective, the compliance risk management and conduct risk management programmes should be aligned and governed by clear escalation and reporting protocols.

Banks are likely to benefit from compliance-driven investment in technology, systems and innovation that will equip them for fighting increasingly sophisticated financial crime. This should complement business-driven investment in strategic tools that empower sustainable growth and revenue.

Katerina Pagoni is KPMG’s associate director of risk consulting