Subscribe to our mailing list
Update your subscriptions for Grant Thornton publications and events.
AML/CFT Compliance Culture and ‘tone from the top’
Following the publication of the Central Bank of Ireland’s Behaviour and Culture Report into the five main Irish retail banks in 2018, focus on strong compliance culture has expanded beyond the prudential and conduct perspective to include AML/CFT compliance culture. The importance of an effective AML/CFT compliance culture within regulated firms has been highlighted by numerous senior individuals within the Central Bank of Ireland, including the Director General, Financial Conduct, the Director of Enforcement and AML and the Head of the Anti-Money Laundering Division.
Appropriate culture and a comprehensive ML/TF Risk Assessment is seen as the cornerstone of a strong AML/CFT framework. Culture goes beyond mere compliance, it is a mind-set seeking to ensure that a firm’s AML/CFT compliance framework is fit for purpose on an ongoing basis, kept under review to reflect changes in activities, customers and the wider financial system.
This means having an approach to AML/CFT compliance that considers the legislative obligations as only the starting point. Firms should have a commitment to investing in resourcing the AML/CFT framework, in terms of both personnel and systems, and senior leadership should participate actively in instilling the right culture. Further, the Central Bank expects that firms with a good AML/CFT compliance culture will engage with them in a positive, transparent way and be proactive in bringing matters to their attention. This is what the Central Bank expect to see across the board.
Continued Vigilance and the use of Innovation
Where a firm is utilising a RegTech solution to manage its Financial Crime risks, it is important to remember that they remain responsible for ensuring this solution complies with the firm’s AML/CFT regulatory obligations - at all times. There has been a considerable regulatory focus on FinTech with the rise of cryptoassets, blockchain and artificial intelligence. While AML/CFT legislation is technology neutral, firms who do wish to utilise FinTech solutions continue to remain responsible for compliance with their AML/CFT and regulatory obligations; the responsibility cannot be outsourced. Outsourcing is not a defence for regulatory failings.
Firms utilising RegTech solutions should also have regard to the Joint Committee of the ESAs Opinion on the use of innovative solutions by credit and financial institutions when complying with their CDD obligations.
European Commission’s AML Action Plan
2021 saw a lot of focus placed on the European Commission’s AML Action Plan and this is likely to continue into 2022 and beyond. This Action Plan represents a move towards a more coordinated and cross-border focus on the fight against Money Laundering and Terrorist Financing (ML/TF) through the proposed introduction of, amongst other things:
- A reinforced single rulebook by means of a directly applicable Regulation;
- The establishment of a single European AML/CFT Supervisor - while some firms will continue to be supervised via their National Competent Authorities, firms who are subject to a heightened risk of ML/TF (which includes Retail Banks) and whose activities are cross border may be supervised by the single supervisor;
- Support and coordination mechanism for financial intelligence units (FIUs);
- Guidance on the establishment of public private partnerships; and
- Firm to firm knowledge sharing via Privacy Enhancing Technologies.
Individual Accountability Framework and Proposed Changes to PCF Functions (AML/CFT)
Another big AML focus for 2022 is the introduction of the Individual Accountability Framework, with the aim of ensuring that key role holders in regulated firms are fit and proper, take appropriate responsibility for the work they deliver, and contribute to effective culture in firms. The Central Bank is working with the Department of Finance to progress the Framework.
The Individual Accountability Framework includes the introduction of conduct standards for individuals in regulated firms, conduct standards for the firms themselves, and the Senior Executive Accountability Regime (SEAR). The Individual Accountability Framework, specifically SEAR, will impose obligations on in-scope firms to set out clearly where responsibility and decision-making lies within the firm, and will provide for senior executive accountability. In addition, the conduct standards will set out the standards of behaviour expected of individuals and firms and, being directly applicable legal obligations, provide a mechanism by which those who fail to comply with them may be held to account as and when appropriate.
Related to the above is the recent notice published by the Central Bank on 22 September 2021, with regard to its intention to amend the list of PCF functions, including the introduction of a standalone PCF in respect of Head of AML/CFT.
Noting the increasing importance of the role of individuals with responsibility for AML/CFT, and the number of appointments of individuals to carry out this role in its own right (as opposed to within the remit of the role of Head of Compliance), it is the Central Bank’s view that it is necessary to replace PCF-15 with a dedicated role for AML/CFT, as follows: