All regulatory requirements must be complied with in a professional manner. The companies and organizations concerned cannot be satisfied with inaccuracy or, worse still, negligence. AML-CFT is no exception to the rule, especially as the financial stakes are colossal and the penalties dissuasive. However, it is easy - and unfortunately common - to make mistakes, even though AML-CFT requires reporting entities to rigorously, continuously and exhaustively monitor all events likely to reveal suspicious transactions.
Error No. 1 - Insufficient identification of the Beneficial Owners
According to the Autorité de Contrôle Prudentiel de la Banque de France, a beneficial owner is " the natural person who directly or indirectly controls the customer, or for whom a transaction is executed or an activity carried out ". Under AML-CFT, it is therefore mandatory to identify and verify the identity of the beneficial owner, as well as the date and place of birth, and, of course, to keep all this information up to date. One of the complexities lies in the fact that a business relationship or transaction with an occasional customer may involve one or more Beneficial Owners. The risk is to "forget" some of them, or to make identification errors.
Beneficial Owners also concerns company shareholding. A European directive has established a register of Beneficial Owners (RBE), defined as "the natural person(s) who directly or indirectly hold(s) more than 25% of the capital or voting rights of the company or who exercise(s), by any other means, a controlling interest in the management, administrative or executive bodies of the company or in the general meeting of shareholders".
Error No. 2 - Inadequate monitoring of transactions
AML-CFT is based on a detailed and exhaustive analysis of all transactions, in order to identify any suspicious ones. This protective net thrown into the ocean of financial transactions must not be pierced. The mistake not to be made is to overestimate our detection capabilities.
Article 561-2 of the French Monetary and Financial Code requires companies to set up an internal organization and procedures to combat money laundering and the financing of terrorism, taking into account risk assessment. This organization must be equipped with the tools, material and human resources needed to effectively implement all due diligence obligations. All of this must be accompanied by the retention of transaction-related documents.
Error No. 3 - Neglect of reporting obligations
The fight against money laundering and the financing of terrorism can only be effective through detailed knowledge of suspicious transactions. Hence the obligation to report, notably via the ERMES tele-procedure portal offered by Tracfin. In addition, financial organizations must complete the QLB questionnaire to monitor practices and identify suspicious transactions. This is not a task to be taken lightly, especially as the new version of this questionnaire, introduced in 2024 for companies subject to the law, has added no fewer than 247 new questions out of a total of 392, spread over 11 tables.
One of the difficulties is that " the answers to the questions must be sincere, objective, and correspond to the system, procedures and controls put in place within the organization or, where applicable, the group ", as specified by the Banque de France. In a webinar held in January 2024, the Banque de France reminded us that " it is imperative to respect the deadlines for submission, failing which an injunction will be issued, accompanied by a fine.
Error No. 4 - Insufficient team training
Any complex issue - and AML-CFT is one of them - requires state-of-the-art solutions. Not only in terms of internal processes, but also in terms of the skills of the various stakeholders. And we know that skills quickly become obsolete, especially in highly dynamic and highly regulated sectors such as AML-CFT.
The mistake is to consider that training at AML-CFT is never essential, because it's expensive and unnecessarily mobilizes staff.
Error No. 5 - An approach that is too rigid or poorly adapted to regulatory changes
Despite appearances, legal matters never stand still. In the field of AML-CFT, regulations are constantly adapting to the ever more complex and diversified challenges and techniques used to launder money. Processes adapted at a given moment may no longer be efficient in the short or medium term. The mistake would be to think that AML-CFT processes, once defined, are immutable and do not require adaptation. On the contrary, it's essential to keep them constantly evolving, particularly for warning, filtering, feedback, scoring and KYC systems. But that's without taking into account the imagination of fraudsters!
4 essential approaches to avoid mistakes
If the error is human, it is obviously possible to eliminate it, or even minimize the probability of its occurrence and the associated impact.
Four approaches are essential.
Prioritize ongoing training for teams
It is essential to maintain alignment between regulations, the processes that guarantee compliance and the skills of those who manage them, especially in a context where a 360° vision is crucial. Ongoing training is essential both to master all facets of the issue (law, data management, use of software tools, knowledge of money laundering techniques, mastery of monetary and financial instruments...) and to limit the consequences of team turnover.
Investing in traceability and process automation
The effectiveness of AML-CFT relies on end-to-end traceability of transactions to identify suspicious ones. As data volumes continue to grow, it is unreasonable to maintain totally or partially manual processes. This is a source of errors, discouragement for the teams in charge of AML-CFT when faced with time-consuming tasks, and organizational rigidity.
Automation brings several advantages:
- exhaustive analysis,
- reducing the number of errors and false positives,
- shorter decision-making times,
- increased team productivity,
- improved compliance.
Regularly update systems in line with regulatory changes
Regulatory changes often add a further degree of complexity to AML-CFT. This becomes apparent when it comes to extending the types of essential information to be collected (e.g. in the QLB questionnaire), modifying alert thresholds, broadening the types of transactions to be analyzed (e.g. crypto-currencies...) or refining international standards... All these changes obviously have an impact on internal processes, which need to be updated to avoid compliance getting out of sync.
Implement appropriate, high-performance tools
At a time when digital transformation is at the heart of corporate strategy, AML-CFT must obviously be integrated into it. This is all the more true given that the targeted, innovative software solutions offered by RegTech are available and widely used to guarantee regulatory compliance, which is becoming increasingly complex over extended perimeters.
The functionalities offered by "all-in-one" software solutions, such as AP Solutions IO, cover the full range of needs and requirements for AML-CFT, including:
- Definition of compliance policy, with dozens of possible settings options to define the rules and criteria to be applied to comply with the requirements of regulatory authorities.
- Detection and filtering, based on the definition of scores, to provide relevant alerts in real time.
- Traceability, via an audit trail, enables us to keep all the information we need to prove to the regulatory authorities at AML-CFT that our compliance policy is operational.
- Scalability, to adapt to changes in the volume of data and alerts to be processed, especially when millions of data items need to be managed in real time.
- Security, which meets the four essential criteria in this field: availability, integrity, confidentiality and traceability. Not forgetting the management of personal data, mandatory under the GDPR (General Data Protection Regulation).
- Integration with other tools, thanks to secure APIs (Application Programming Interfaces).
All-in-one software solutions such as AP Solutions IO are undoubtedly the best allies for all organizations concerned with AML-CFT and compliance. By avoiding the main mistakes that can have major consequences, they help to ensure peace of mind for all stakeholders!