Simplified reporting in the face of unclear AML provisions

On July 13, 2019, new rules for reporting to the General Inspector of Financial Information (GIIF) will come into force, which stem from the Anti-Money Laundering and Countering the Financing of Terrorism Act, in effect since last year. According to estimates by the Finance Ministry, they may affect as many as 47,000 institutions, which will have to report in this way about a deposit accepted, a withdrawal made, or a transfer of funds exceeding €15,000, among other things. Edyta Zdziarska, Business Consultant, Asseco Poland, has shared her view on how the institutions can prepare for the upcoming changes and meet the regulator's requirements.

What do the new reporting rules apply to?

Since October 2018, institutions subject to the law have had a choice - they could report according to the old or new rules. As of July 2019, this will change and reports will have to be prepared in accordance with the regulations set forth in the Ministry of Finance Regulation. It is important to remember that the new AML law requires verification of a much broader spectrum of data and the conduct of a far more complex analysis. The area, which initially included only the verification of transactions and then a package of data about the client - their financial and economic activities - today already touches such specific information as IP addresses from which logging into electronic banking systems took place. Based on this information, financial institutions identify suspicious transactions and customer behavior.

However, the vague regulations, which do not make it easy to adapt IT systems to the required changes, remain the biggest challenge in implementing this law. Doubts about the interpretation of certain definitions, terms or concepts can consequently lead to many problems.

In what area are they imprecise?

The lack of precision in the provisions relates to several issues. First of all, institutions subject to the law still do not have clear guidelines for providing information on suspicious transactions and customer activities – and in the previous reporting there was a dedicated form. Secondly, there is also a lack of guidance on how to make corrections to transactions that have been submitted to the GIIF. Another issue is also that no test service has been made available so far, making it impossible to verify the new report files.

What does this mean for institutions covered by the new rules?

First of all, the need to use a proven IT system that will enable them both to report efficiently to the GIIF and to meet a number of other requirements under the Act. These institutions need a solution that will provide a comprehensive analysis of financial transactions and prevent possible fraud. It should be a flexible tool that will guarantee that institutions are fully adapted to the specifics of their operations, internal procedures and assumptions. An example of such a system is Asseco Anti-Money Laundering (Asseco AML), which monitors clients and transactions and generates GIIF reports containing information on selected financial operations. Each of the recorded transactions undergoes a validation process, which guarantees that the report complies with the requirements imposed by the regulator.

The blurring of the boundaries between data collected for AML, anti-fraud analysis, or tax information exchange also makes it a good idea to implement a comprehensive IT system, such as Asseco Integrated Analytical Platform (Asseco IAP), where AML, Anti-Fraud and FATCA&CRS modules use a common data repository and rules engine. This makes it possible to correlate data and use the results of analyses conducted in different areas.

Will such a solution provide them with efficient reporting?

Of course it will. We are a provider that not only offers a tool, but is also a partner that identifies the needs of customers and meets them. Together we work out the best solution, because our priority is that each institution has exactly the system it needs. We constantly follow what happens in their areas of operation. We also constantly monitor the regulator's environment, and we usually know earlier than the client what the changes will be and what their scope will be. We adapt our tools to the new requirements and provide a ready-made solution, so our clients are always prepared for the upcoming changes.

A good example of this is the creation of Asseco's Transaction Scanner tool. This time our goal was to enable financial institutions to comply with the obligation to apply specific restrictive measures against persons and entities on sanction lists, for card payments. This requirement stems from the Anti-Money Laundering and Countering the Financing of Terrorism Act. The Transaction Scanner enables real-time verification of senders of Visa Personal Immediate Payments and Mastercard MoneySend payments. The tool is also available as a functionality of the Asseco AML system.

However, up until now, not all institutions have used IT systems to meet the requirements related to the AML Law. Why is this necessary today?

Previously, smaller institutions subject to the law, such as cooperative banks and brokerage houses, for example, could meet the statutory requirements based on the so-called expert method. Current regulations make it necessary to constantly monitor transactions and verify a very wide range of customer information, which cannot be done manually.

It is important to remember that the new law is intended to ensure efficiency in preventing money laundering. Here, it is not only the diligence and pursuit of this goal that counts, but above all the result of this action. In the event of an inspection, an institution itself must prove due diligence in achieving the said goal. For this reason, the expert approach becomes much more difficult to defend against the supervisory authority. Therefore, it is in the interest of the financial institution to use appropriate IT tools that, in the event of an audit, will allow it to prove that effective fraud detection mechanisms were used.

What will happen in a situation where an institution misinterprets these unclear provisions?

In such a situation, institutions will face financial penalties, which have been made even more severe in the new law. Their amount depends mainly on the consequences that have arisen or may have arisen due to negligence. If, as a result of misinterpretation of the regulations, the verification process does not cover, for example, a particular type of large-scale transactions carried out by the bank, then the risk of money laundering being overlooked can be very high. This is why the role of the supplier is so important in adapting the system to the new regulations, as it must ensure that their interpretation is correct.