Cloudy
14o,
3m/s

Is AML/CTF over-compliance catastrophic for business and customers?

cover Is AML/CTF over-compliance catastrophic for business and customers?
While it may seem prudent to take extra precautions, over-compliance can have negative outcomes for businesses or customers

Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulations are critical for preventing financial crimes. However, over-compliance with these regulations – when organisations go beyond the required standards – can lead to unintended consequences.

Today, we (compliance officers) are all witness to an unjustified increase in the client onboarding time-frame from banking institutions or a constant flow of complaints from the business-line, like from relationship managers, to compliance units, regarding the clients unduly and on-going supporting documentation requesting.

While it may seem prudent to take extra precautions, over-compliance can have negative outcomes for businesses or customers.

The key outcomes of AML/CTF over-compliance are as follows.

Increased operational costs

  • Resource allocation: over-compliance requires organisations to allocate excessive resources (experienced staff, time and technology) to compliance functions, often leading to inefficiencies
  • Higher costs for compliance systems: financial institutions, especially small and medium-sized enterprises (SMEs) may overspend on implementing overly complex new AML/CTF technologies on verifying customer identities and monitoring and assessing their behaviour and risks (KYC/CDD) or transaction monitoring systems, beyond what is necessary for regulatory adherence.
  • Increased reporting burden: firms may generate and file an overwhelming number of suspicious activity reports (SARs) as a result of ‘defensive compliance’, which can overwhelm investigation and compliance teams and external regulators alike, without substantial use of SARs to uncover illicit activities.

Customer friction and loss of business

  • De-risking: over-compliance can lead to ‘de-risking’, where financial institutions opt to close or restrict services to certain high-risk customers, sectors or countries to avoid potential regulatory violations. This often impacts innocent clients such as non-profits organisations (NGOs), small businesses with a cash-intensive character, or individuals from emerging markets, leading to reduced access to banking or financial services
  • Unjustified due diligence: Excessive, unprofessional customer due diligence (CDD) and know-your-customer (KYC) processes can deteriorate client’s business experience. Lengthy account opening processes, frequent requests for documentation, and over-zealous scrutiny can frustrate customers and push them to seek alternative service providers, sometimes illegal or unregulated
  • Slow transaction processing: overly cautious transaction screening and monitoring can delay legitimate transactions, hurting business growth and operations

Data privacy concerns

  • Potential privacy violations: collecting and storing excessive amounts of customer information, beyond regulatory requirements, can raise privacy concerns and increase the risk of data breaches. Over-compliance could conflict with other laws, such as data protection regulations, such as the general data protection regulation (GDPR), which impose strict limits on data collection and use under a certain legal basis

Impact on financial inclusion

  • Exclusion of vulnerable populations: over-compliance can disproportionately affect low-income individuals or refugees, for example certain Ukrainian refugees, who may lack the comprehensive documentation often required for stringent KYC checks, have been denied banking services from some EU banking institutions. On March 4, 2022, the Temporary Protection Directive (2001/55/EC) was activated. This directive gives refugees from Ukraine temporary EU residency and an associated right to access and use a payment account with basic features.
Follow Cyprus Mail on Google News

Share:

In case you missed it

Under the EU's GDPR regulations you will not be able to read or make comments under articles unless you accept CM cookies because the commenting platform, Disqus, will be automatically disabled. This is because Disqus is a third party platform that uses cookies and/or trackers.

Click here to change your cookie preferences