The new payments landscape has significantly added to AML compliance challenges for both industry and regulators. What are the key lessons from recent indictments and prosecutions? Hear from highly experienced professionals – including the prosecutor and key FBI analyst in several recent cases – on the roadmap to develop an effective AML program for the new payments landscape.
For those of you who missed the legal and regulatory panel discussion about AML & OFAC in the New Payments Landscape at Money20/20 on October 25th, here's your chance to tune in!
Highlights from the discussion are transcribed below:
Carol Van Cleef (moderator): What have you noticed is the biggest difference in compliance from last year to this year?
Katie Haun (U.S. DOJ): I think the biggest difference from last year to this year is that we are continuing to see an increase in outreach between the government to the private industry (and by government I mean the enforcement bodies and the regulators), and we are also seeing that in the other direction as well. We are seeing an increase in outreach and communication from the private sector industry to the government. For example, the blockchain alliance launched this week, which is a private public partnership devoted to fostering this partnership and although communications certainly existed last year, it really increased over this year.
Catherine "Alden" Parker (FBI): I think very relatedly we have also seen companies get a lot more serious about compliance move from seeing something that is just to check the box where you have to get license to register something you are starting to consider what is an effective anti-money laundering program; what does this look like, what do I do to not just check the box but to be really fully and compliant in this space? We have seen some tremendous innovations, including how FBI targets have become much more sophisticated on how they get around the controls that are in place so it is an emerging and involving area. It's something I think when we come back a year from now we will see a different climate from what we do now, but there has been a lot of movement and growth and that’s something that we really embrace.
Daniel Tannebaum (PwC): To play on that a little bit some of that is an increase recognition that an effective compliance program can service helping to sell your company to investors to regulators to other constituency obviously looking for backers it makes them more comfortable to have a robust internal AML and sanctions program particularly with the landscape we are getting into today, but I am seeing more and more companies put up front in their investor desk this is the strength of our compliance program, this is the credential of the team we have brought in. These are the private sector dialogue we have brought in and so on and I think that is something we are continuing to see. While compliance is certainly a cost, it is something that can be proven to be helpful in selling the company if it provided people trust that the company can stand on its own from a risk management stand point.
Stephen Ufford (Trulioo): I would just kind of tail that by saying that we nailed this especially in Silicon Valley that attitude of this is something that we worry about later has really shifted and that doesn’t just apply to big well-known startups, but also to smaller ones. So whether your company is a startup with 5000 people or a startup with 5 people, there is a real shift this year. All sorts of new companies' first hires are a compliance officer and I think that’s a huge change in attitude.
Carol Van Cleef (moderator): Let's spend a couple of minutes talking about the Ripple case. What were the important elements of the Ripple case and did that act as a changing point in the industry perception of compliance?
Daniel Tannebaum (PwC): I do think the Ripple case was an inflection point for a lot of companies to think about how to prioritize compliance and risk management. And although an organization may have a CCO and AML, it could have been someone who has risen up through the ranks or just or kind of appointed from a different role in the organization, but I think that helped people take note of the fact that even though seven hundred thousand dollars may not necessarily be a significant penalty. For emerging business that’s huge in a lot of instances they have to pay that out, I do think a lot of companies began to look more closely at their overall organizations and corporate structures and how we work this into our business how those compliance on the agenda with an a board meetings and a management meetings. I think we do see more people looking at that where the point is maybe we should begin to grow this business, build compliance in as we have not keep compliance out, as a latch on focus of the business.
Stephen Ufford (Trulioo): I also want to tail that by saying that my favorite thing to tell young startups is if you think compliance is expensive try non-compliance. That’s a well-known catch-phrase in our industry and I think Ripple really highlights that every single dollar in those early days of the startup days counts. I can guarantee you no startups rejects that they are going to be paying out $700,000’s and end up paying fines in its infancy so I think that really helps propagates through the startup landscape that even in the early days you are subject to the same requirements as big banks.
Carol Van Cleef (moderator): Oftentimes startups don’t even know what their business model is going to be and are more focused on getting traction, and worrying about compliance later. Can startups as a practical matter wait and to worry about compliance?
Daniel Tannebaum (PwC): I think risk-based approach is always the general principle from an AML standpoint and obviously how that plays out in reality is kind of different and in terms of the views of liability today. The companies that will be successful will take longer than the companies that build compliance and another operating model from the onset will stop applying compliance after somebody tap you on the shoulder and said maybe you should take a closer look at X and if that’s not necessarily that signal you want to get. The companies today need to recognize that the people that are feeding them are very important, and the regulators are equally an important part of the ecosystem so they are expecting that balance becomes really important part of the process as well, it is very difficult that technologies moving into different space and full of appreciation for that.
Catherine "Alden" Parker (FBI): Compliance is not something you compartmentalize. A lot of your fraud controls that you do to protect your own business carry over into the AML space. For a startup, knowing who your customers are in order to deliver the types of products and services that they are looking also can really carry over really well into the AML space so that you can use resources that you are devoting to other parts of your business case to enhance or supplement what you're doing purely on the AML sideStephen Ufford (Trulioo): Biggest challenges faced by startups is expense. Choosing compliance in the early stages is a hard decision and it's not inexpensive. Even the simplest compliance programs are labor intensive and inflicts some significant costs early on, including the impact on user experience and usage levels, which can ultimately define whether you're going to be successful or not and have a significant impact on the overall business.
Katie Haun (U.S. DOJ): The government recognizes that compliance systems don't have to be perfect. The question is how effective is it? The real challenge is keeping up with the changing technology and companies. We have to stay nimble and reassess the changing technologies and business models.