All over the world, Anti-Money Laundering (AML) compliance regimes are undergoing sweeping changes, as a result of shifting economic sanctions, new Ultimate Beneficial Owner (UBO), data-reporting demands and cybercrime.

Effective AML programs — to ensure compliance — are a fundamental requirement for obliged entities. Ensuring effective policies, procedures, human resources and technologies helps protect the organisation and instils confidence in its operations.

All regulated companies should strive to take the same strict precautions and follow the same procedures that the most careful of banks and financial institutions use to prevent money laundering. This means ensuring that they really know their customers, suppliers and vendors — not just their company name and where they do business from, but who owns the entity, the actual beneficial owner. 

This is the level of due diligence that is now required within the global digital economy. Businesses must have complete transparency on the origin of all funds that they receive and the nature of all businesses they are dealing with (including the UBO) and be able to identify any politically exposed person (PEP) or otherwise on a watch list.

Companies also need to embed a compliance culture within their ongoing, day-to-day operations — it’s not enough to check on an entity once. Business ownership can change, people can become exposed, or supply chains transform to include new, unwanted agents. Due diligence has to be on ongoing priority

What can happen without ongoing due diligence?

It is hard to quantify the size and delineate the scope of risks that organisations must contend with in the online environment, as fraudsters are adept at identifying new loopholes in screening and fraud detection processes and changing tack accordingly.

However, what we can say for certain is that where dirty money — whether from corrupt politicians, criminals or terrorists — sneaks into an organisation’s value chain, it can have a profoundly negative impact. Businesses that fail to do their due diligence and prevent money laundering face losses due to fraud, penalties, fines, loss of business and loss of reputation. We’ve seen plenty of examples over the last couple of years of businesses, whether in financial services, gaming or retail, being fined heavily by regulators for ineffective or non-existent AML processes. Penalties are only going to become tougher as governments desperately try to tackle an increasingly complex and evolving risk landscape.

However, beyond the financial cost of fraud and the potential of heavy penalties for non-compliance and poor AML practices, the longer-term risk of reputational damage is arguably an even greater risk. If there’s one thing that businesses recognise — regardless of their industry, size or location — it’s the growing importance of trust. In a digital economy where life has become more impersonal and we’re purchasing goods and services online from people we will never encounter in real life, the ability to establish trust holds our economy together.

But, as the saying goes — trust is easy to lose and even harder to regain.

Businesses therefore need to see due diligence around AML processes and systems as an effort to increase and maintain the level of trust people have in their business. They simply cannot afford any slip-ups; the stakes are too high.

What is the biggest change in 6AMLD compared to the old regime?

If 5AMLD was about expanding the scope of operators’ obligations in countering money laundering, the 6th Anti-Money Laundering Directive (6AMLD) provides the detailed definition of these requirements. As is often the case, regulators cast the net wide in order to tackle emerging money laundering activities but are now clarifying and refining the rules in order to make them more effective and practical.

6AMLD is highly significant for a number of reasons, namely due to the fact that it provides context around the newest forms of money laundering, which are emerging within an increasingly digital-driven global economy, particularly within gambling. The new regulation lists 22 predicate offences relating to money laundering, providing for clear and harmonised definitions of each specific crime.

Importantly, the last of these offences relates specifically to cybercrime, signalling a far greater focus on this area than in previous AML regulations. This focus is significant because it empowers organisations and regulators to root out money laundering crimes more easily and effectively across a wide range of online activities.

In addition, 6AMLD is noteworthy because it is very clear in its objective of pinpointing the individuals within an organisation who are responsible for money laundering crimes. The real headline-grabber for 6AMLD, however, is the introduction of far tougher punishments for money laundering crimes. Member states are now required to ensure that such offences are punishable by a maximum term of imprisonment of at least four years up from the previous minimum of one year.

Finally, the new regulation enshrines the requirement for member states to co-operate in the prosecution of money laundering crimes. For example, should two member states each have jurisdiction over the prosecution of an offence, they are required to collaborate and agree to prosecute in a single member state.

6AMLD will be transposed into member states’ national laws by December 2020, and organisations within all member states will be required to implement the new regulations by June 3, 2021.

How should businesses prepare for the changes?

While 6AMLD is very much consistent with the spirit of both 4AMLD and 5AMLD, it will require businesses to review their AML monitoring processes and identify areas for improvement within their customer onboarding and operational models.

This improvement will undoubtedly mean further adoption of regulatory technology (RegTech) to automate more of their onboarding processes and tap into a far more comprehensive pool of information on prospective customers.

However, while 6AMLD is set to be the next big deadline, risk and compliance professionals should recognise that AML regulation won’t stop there; as new money laundering threats continue to evolve rapidly across many industries, the pace and scale of new regulation in this area will inevitably accelerate exponentially.

Faced with this level of complexity and change, organisations need to take a broader view of compliance and operational best practices and adopt new processes and technologies in order to stay on the front foot.

So, rather than taking a reactive approach and focusing solely on being compliant with 6AMLD come June 2021, business leaders should focus on instilling a more agile and flexible approach to compliance and strive to establish a governance framework that operates at a higher level than the next, most immediate regulatory requirement, whether that be 6AMLD, 7AMLD or whatever comes next.

Most businesses are now realising that a ‘do the bare minimum’ approach to compliance is simply not sustainable in today’s digital economy. Instead they are coming to view compliance, and in particular the adoption of RegTech, as a revenue generator and key strategic differentiator. By ensuring they have the flexibility to adapt to changing regulatory requirements quickly and easily, organisations can ensure they can be first to market with new products and services, while simultaneously minimising their risk. What’s more, having good compliance processes can make it far easier to enter new markets in a fast and seamless way, rather than being held up by regulatory bodies and red tape.

This realisation that proactive compliance can act as a strategic differentiator is a major reason why we’re seeing so many businesses putting risk and compliance at the centre of their operational model. Whereas once the compliance department was viewed and treated as a back-office function, we see Heads of Risk and Heads of Compliance being elevated into strategic roles and playing a major part in shaping the future direction of a number of forward-thinking operators.

So, as risk and compliance departments turn their attention to 6AMLD heading into 2020, they should not only ensure that they have the processes, systems and technologies to fulfil their new obligations and minimise risk; they should also look on their efforts to do so as an opportunity to achieve a higher level of governance, setting them apart from their competitors in the market. By developing the flexibility to adapt to an ever-more complex and dynamic regulatory environment, businesses can acquire the speed and agility needed to thrive in the future economy.