AML Solutions for Corporate Service Providers

When TCSPs come across clients who are legal entities or legal arrangements, they are required to identify and verify the natural persons directly benefiting and orchestrating the operations of such legal entity or legal arrangement. These natural persons are known as UBOs, where the percentage of holding or control to classify a natural person as a UBO may differ from one jurisdiction to another. Identification of UBOs is an AML compliance obligation in most countries, and TCSPs find it difficult to identify UBOs when they come across legal entities with complex ownership structures and arrangements.

AML regulations also require TCSPs to conduct customer due diligence (CDD) whenever they enter new business relationships, as well as on an ongoing basis during the duration of such business relationships. CSPs across the world provide a wide range of services to their clients. However, not all activities or services they provide fall under the purview of AML compliance. Many TCSPs do not have a clear understanding of the services that are covered by AML regulations and the services that are not governed by AML laws. This ambiguity causes difficulty in the implementation of customer onboarding protocols, leading to inefficient application of KYC and CDD measures.

The lack of clarity about regulatory compliance requirements, resource constraints, and errors in determining the periodicity or frequency of ongoing monitoring due to poor implementation of risk-based classification of customer relationships are a few of the many causes of difficulty in implementing ongoing monitoring effectively.

Record-keeping sounds simple, but in reality, it’s one such requirement where even the best of the professionals fail. Maintaining records of every customer relationship, the CDD, KYC, and other AML controls implemented on such business relationships, the decisions taken, and approvals made by the AML compliance officer and the senior management , respectively, need to be recorded and preserved for a prescribed duration by the AML laws applicable. TCSPs often, due to oversight, lack of resources, and personnel, find it difficult to comply with record-keeping requirements.

Name screening is one of the AML compliance requirements that require the most effort and expertise in terms of subscription to relevant screening lists or watchlists and the very process of conducting screening accurately. If screening is ineffective or incorrect, the AML program of a TCSP fails as a domino effect. The reasons behind the ineffective screening process include reliance on the manual name screening process, legacy systems, and the occurrence of false positives due to poorly configured screening software, which are a few among many reasons behind the ineffective name screening process.

Lack of reliable, skilled, efficient, and dedicated compliance staff is another challenge that plagues TCSP businesses. AML compliance is a niche area, and recruiting the right team takes effort, time, and resources. TCSPs often falter on this front, leading to inefficient AML compliance.

When TCSPs rely on legacy AML compliance software, the consequence is ineffective AML compliance. Legacy systems are not scalable and cannot be attuned to keep pace with changes in regulations, emerging AML/CFT typologies, red flags, fast-updating sanctions, and terrorist watchlists. Legacy systems also do not capitalise on the magic of fuzzy matching and AI, which can simplify their AML compliance worries. Data security and data privacy are also at risk due to legacy systems.

When TCSPs rely on manual or legacy systems, they are prone to missing out on timely regulatory reporting, which can lead to a breach of the AML reporting requirements applicable to their country.

Adopting RBA is a balancing act that not every TCSP can accomplish with ease and accuracy. RBA is required to deploy a TCSP’s resources in an optimal manner where there is no room for over- or under-compliance. RBA helps ensure that controls are applied in a commensurate manner to the degree of risk faced by the TCSP.