contact@fintelekt.com +91 - 9370078917

Progress of AML/CFT in South Asia

Eden Dema was the Deputy Governor in the Central Bank of Bhutan responsible for financial sector regulation and supervision. She has 25 years of experience in designing, developing and implementing financial sector reforms with impeccable track record of delivering time bound outputs. She has worked on financial sector regulation and supervision, financial inclusion and digital finance, AML/CFT regulatory and supervisory framework, capital markets, financial sector development strategy, financial market infrastructure, managed over 14 financial sector projects as a team leader, besides being on the Boards of several public institutions including the Central Bank of Bhutan (RMA).

As a Financial Sector Development Expert, she has demonstrated experience in providing policy and regulatory guidance to central banks, multilateral organizations and financial services providers in building a sound, stable and inclusive financial sector. As a consultant, she has been engaged by multilateral organizations, central banks, banks, MFIs and NGOs for consulting assignments on AML/CFT, digital financial services, national financial inclusion strategy, gender diversity, women’s financial inclusion and women’s empowerment.

Eden is a 2015 Fellow, Fletcher School Leadership Program for Financial Inclusion, The Fletcher School of Law and Diplomacy, Tufts University, Boston, USA. She has a Masters Degree in Economics from the International Institute of Public Administration (L’ENA), Paris, France and a B.A in Economics from the University of New Delhi, India .

Eden is currently also an empanelled Faculty Member with Fintelekt Advisory Services for specialised training programmes on AML/CFT.

As a career central banker, you have seen, experienced and guided the evolution of AML CFT regulation in Bhutan and across the region. What are your thoughts on the overall progress of AML/CFT compliance in south Asia by banks and by other reporting entities?

When we talk about the overall progress of AML /CFT compliance by banks in south Asia by banks and other reporting entities. Firstly, we need to be clear on the overall AML/CFT regime that exists in these countries, which forms the basis of how these countries fight money laundering and terrorist financing. From my experience, I can say much progress has been made by these countries. specially in terms of re-enforcing their AML/CFT regimes primarily at the micro level. In other words,  majority of these countries have adopted high standards either by introducing or amending their AML/CFT laws supplemented by regulatory and supervisory frameworks through the issuance of regulations and guidelines, establishing financial intelligence units which are supported by AML/CFT committees at different levels and strengthening coordination and cooperation at national, regional and international level. However, much needs to be done at the implementation level in terms of enforcement. Like I always say that we cannot measure compliance without assessing the effectiveness of enforcement and this is what I have experienced. So, on one hand,we need to ask how are these standards enforced by regulators and; on the other hand, how these standards are understood and complied by banks and other entities.

Looking at the global indicators , the Basel AML index which ranks countries primarily based on their AML/CFT framework. For the year 2018, only four countries in the SAARC region qualified for the ratings. From the four that qualified, except for one, the remaining three have seen a drop in their ranking as compared to 2017; which is discouraging. Overall, I think the growth is slow as far as compliance is concerned. However, on a positive note, I can say that compliance generally improves as the AML/CFT regime matures. To that end, I strongly feel both the reporting entities and regulators in this region are on the right track.

There has been a spurt in the news of digital financial services especially for providing financial access to the under-banked or to the financial communities.  At the same time there is a substantial amount of money laundering risk and terrorist financing risk through digital channels. How should banks’ balance financial inclusion with AML/CFT risk. Are there any lessons that you would like to share?

True, digital financial services have been the major driver of financial inclusion since 2010. According to the World bank FINDEX report 2017, 1.2 billion people opened bank account from 2010 to 2017 which was primarily driven by digital financial services. However, we still have 1.7 billion unbanked adults as of 2017 and majority of them are in developing and under-developed countries. From my experience working on financial inclusion, I would say poor and under privileged people have complex financial life which translates to complex financial requirements which can only be addressed by innovative financial services , but how do we do that? We need to first understand and acknowledge that financial inclusion and financial integrity are mutually re-enforcing objectives but achieving a fine balance between the two is a challenge for banks, so we need concerted efforts from stakeholders at all levels (macro, meso and micro). At the government’s level, the government should strive to build an inclusive digital financial ecosystem; meaning put in place a robust digital infrastructure which should address the problems of exclusivity of agents, facilitate interoperability between different financial service providers, enable access to different database be it institutional or national and protect data privacy and confidentiality. Once this infrastructure is put in place, then it must be supplemented by a facilitative AML/CFT legal and regulatory framework. The word facilitative because we are talking about supporting financial inclusion through disruptive models. This should come in the form of risk-based approach to customer due diligence and regulatory sandbox to facilitate innovative financial products. At the banks level, banks should apply risk-based approach to KYC process. In other words, they should have in place simple AML/CFT standard operating procedures that are commensurate with their risks. I stress on the word “simple” as the targeted clients under financial inclusion are people with little or no identity documents, less education, little or no collateral  and no credit history. Not only that, banks should also focus on simplifying the identification, verification and monitoring stages of KYC process which would then translate to “walking the talk” of financial inclusion and financial integrity. Simply put, meeting the dual objectives of financial inclusion and financial integrity in a balanced way with minimal trade-offs. We have seen this happening in India through Aadhar, a nationwide biometric identity system database which captures ten fingerprints of individuals. There is a unique Aadhar number which is developed which allows financial service providers to open accounts in a very efficient manner promoting financial inclusion. Let me also end by saying this that Axis Bank have made very good use of this system through the introduction of savings account using the Aadhar eKYC.

As a former head of financial intelligence unit and having started the unit from inception in Bhutan what would you say are some of the critical success factors for any FIU to be able to a conduct this role effectively and efficiently both domestically and on the international stage?

Well, my journey in setting up the FIU in the Central Bank of Bhutan(RMA) was a long and challenging one. I and my team of three staff had to literally start from ground zero. We had this huge responsibility of establishing the legal and regulatory framework, in parallel, we had to work on establishing the FIU, the national coordination committee for AML/CFT and the technical committee with members from different law enforcement agencies(LEAs) in Bhutan in facilitating the process of establishment including capacity building of  AML/CFT compliance officers of the banks on reporting requirements to FIU. This was followed by signing MOUs with LEAs in Bhutan. Strengthening regional cooperation with foreign Financial Intelligence Unit and gaining membership to regional entities like the Asia Pacific Group For Money Laundering. We were also involved in the preparation and conduct of the National Risk Assessment for Bhutan and preparing for Bhutan’s mutual evaluation by the APG. Now when I walk down my FIU memory lane, I feel satisfied and happy with the achievements made and the footprints are left in building the foundation for robust AML/CFT regime in Bhutan.

Coming to the success factors, both from my experience within and outside Bhutan, I would say for the effective functioning of FIU, firstly putting in place a strong legal framework is imperative followed by the establishment of the FIU. In case of Bhutan, we experienced teething problems in terms of duplication/overlapping of AML/CFT roles and responsibilities between the RMA FIU and the law enforcement agencies. So it is imperative for all stakeholders to understand where their role “starts” and where it “ends” as far as fighting ML/FT is concerned. It is helpful to understand the type of FIU to be established. There are four types of models Hybrid, Judicial, law enforcement and administrative. Ours was built on the administrative model. Once the legal framework and the institutional setup in put in place, one needs to work on the operational front which should be backed with adequate financial resources and a set of skilled, well trained and motivated FIU staff. Besides, the functioning of the FIU must be supported by a robust AML/CFT IT system preferably real time reporting system which was a problem for the FIU Bhutan because we did not have the funds to do that. As the subject of money laundering and financing of terrorism is technical and dynamic in nature, we need to put in place dynamic manuals to facilitate continuous offsite surveillance and onsite inspection of reporting entities. We also need to ensure unfettered access to institutional and national database for better analysis of CTR and STRs. Besides, sharing fo ideas through peer learning and knowledge sharing is important to strengthen coordination and cooperation at a national, regional and global level. In our case, we signed MOUs with foreign FIU like the Bangladesh FIU and the Korean FIU. Gaining membership to the Egmont group and the APG group is equally important.

What is your advice to banks and reporting entities on the importance of continuously improving the quality of suspicious transaction report? Are there any improvements areas that you would like to suggest?

Firstly it is important for us to understand the critical role STR plays in the fight against money laundering and terrorist financing and the way it facilitates the AML/CFT analysis process. Having said this, I would also like to stress that this has been underlined in the FATF recommendation 20. Therefore, it is important to continuously monitor the quality of STR as the value of STR depends on its quality and not necessarily quantity. Having said that the question is how do we improve the quality of STR both at the reporting and receiving end? From my experience I have few suggestions.

On the reporting parts i.e. banks and the reporting entities, I would advise the AML/CFT compliance officers to have a complete understanding of the AML/CFT regulations and guidelines issued by the FIU including their internal AML/CFT policies and procedures which would facilitate them to submit quality  STRs to FIUs. Quality STRs in terms of completeness, clarity and accuracy which would facilitate quality analysis at the FIU level for further investigation. Besides, legal provisions should  facilitate banks and reporting entities on confidentiality and privacy provisions, in terms of having access to data, in terms of sharing the data, in terms of not having to require consent from the client to share their data with LEAs including adequate legal immunity to the reporting entities and their staff.

At the receiving end, the Financial Intelligence Unit has to put in place the following to get quality STRs:-

  1. Issue comprehensive guidelines on STRs;
  2. Provide adequate and continuous training to reporting entities;
  3. Encourage banks to use “risk based approach” to assess, identify and understand its AML/CFT risks;
  4. FIU should develop an internal classification of predicate offense and STR indicators to facilitate fast tracking of high risk STRs. They should apply quality control checks using different techniques to determine the quality of STRs and put in place reasonable penalty and sanctions for non-compliance.
  5. Require the banks to put in robust AML solution to facilitate regulatory reporting and compliance requirements.

Lastly from my experience, I would say when AML/CFT bill is being drafted, finalized and enacted, one has to ensure relevant stakeholders are included from the inception to the final phase of enactment to avoid teething problems in the implementation phase.

What are some of the challenges that you see in the near to mid-term for Asian banks and the imperatives for the FIU of the Asian countries?

As we all know the global financial system is undergoing rapid changes brought about by technological disruptions  which are manifested in products, channels, and partnership in a way never seen before. We need to understand that these changes are inevitable. Therefore, the only way out for the FIUs or the banks is to be prepared to respond to these challenges in a proactive manner. Some of the challenges I foresee are:-

1. FIUs

The AML/CFT laws should have the required provisions to address potential money laundering and terrorist financing risks brought about by destructive technologies as well as crypto currencies;

The strong AML/CFT legal and regulatory framework should be supported by a strong leadership at the FIU;

Encourage innovation through regulatory ‘sandbox’ in view of the complex and fast changing financial services landscape;

The ability and willingness of FIUs to use RegTech and SupTech to increase supervisory effeciency and effectiveness; and

Develop or implement a robust solution like “goAML” to improve its functionalities.

2. Banks

Continuous regulatory reforms  translates to high compliance costs for banks.

The lack of right mindset, ownership and accountability of bank’s senior management which could translates to low understanding and weak ethical culture amongst the employees the bank further translating down to weak compliance and risk management procedures.

Short supply of AML/CFT compliance staff given the hybrid requirement of skill, knowledge and experience required of them.

Lastly, with disruptive banking models that churn out complex financial services, products and channels which brings along both risks and opportunities, the primary challenge for the regulators and the banks is their ability to minimize the risks and maximize the opportunities to foster financial sector development.