Key Takeaways from the Annual AML Conference Risiko Geldwäsche
On the 21st of November the german AML conference, Risiko Geldwäsche 2023, took place at the Frankfurt School of Finance & Management. Advisense participated on stage with René Naarmann, Director and model risk validation expert and Maximilian Krackhardt, Senior Manager and AML expert talking about anti-money laundering as part of model risk and business controls framework (Geldwäscheprevention als Teil der Risiko- und Geschäftssteuerung).
Discussions among experts attending confirm that effectively achieving a risk-based approach remains a key issue. Other challenges addressed included the disconnect between different key processes, from the business wide risk assessment, to KYC, customer risk classification and finally transaction monitoring.
Meanwhile, requirements on what constitutes a well-established model risk framework are now clearer given the new Minimum Requirements for Risk Management (MaRisk).
The term ‘model’ is very broad and includes also AI models. This creates a framework that financial institutes should comply with to ensure regular monitoring of models and systems used for amongst others decision making. Systems used within AML/FCP (customer risk classification, transaction monitoring and sanction screening) will therefore have to be more thoroughly assessed in the future, to ensure that results are reliable. This also involves regular model validation, as a standard process to enable continuous improvement and assuring a risk-based approach.René Naarmann
According to René Naarmann, model risk management requires a more structured approach for assessing all models in a bank, including models for AML and deciding on risk mitigating measures. However, it was only until recently that AML models were clearly included into the model risk management framework, and many banks still have work to do in this area.
Drawing on some early experience from the current focus of the Financial Supervisory Authorities in Sweden as one example, financial institutes are increasingly expected to demonstrate a holistic approach with a logical ‘red thread’ across the business-wide risk assessment, the customer risk classification model and individual KYC processes. The SFSA also wants to see demonstrated proof of updated KYC documentation.
Maximilian Krackhardt points towards areas where more than a few financial institutes may have significant potential to improve.
Quality assurance of KYC data is really decisive. KYC data collected might be complete, but the questions are usually not driven by model performance or even by a model’s possibilities to utilise the answers. Rather, they are driven by statical adherence to the minimum legal requirements. Focus should be on questions that actually provide value from a risk management perspective.Maximilian Krackhardt
According to Maximilian Krackhardt, the bottom line is grasping the purpose of KYC and sharing of data. KYC data could be much better utilised.
The purpose of KYC data generated in the first line should be reconsidered. The purpose is to be able to establish customer risk classification and transaction monitoring. Detection of risk only happens in monitoringMaximilian Krackhardt
There is significant potential to optimise the use of customer intelligence sources. Both what is already available within organisations and externally. In terms of the future of KYC, additional external data sources may be considered. Moreover, organisations need to find a balance between how much info that is generated through manual or automated process to gather information from the customer, and information that is gathered through Open Source Intelligent (OSINT) external sources to verify and complete the KYC process.