EXCLUSIVE: Regtech Failures Plaguing European Banks

Peter Oakes, former director of AML enforcement at the Central Bank of Ireland, told moneylaundering.com that regulators expect compliance personnel to fully apprise themselves of the purpose, capabilities and limitations of any regtech their institutions acquire, and do not wait around for an internal audit to identify any problems.

Read original article here
Read PDF here 
​Read in html below

“Unthinking” reliance on new technologies landed roughly half of the more than 250 financial services companies found to have breached anti-money laundering rules in the EU this year in hot water with their national supervisors, a senior regulator has warned.

Carolin Gardner, head of AML at the European Banking Authority in Paris, told ACAMS moneylaundering.com that concerns now abound that financial institutions frequently fail to deploy the latest transaction-monitoring software and other innovative tools effectively, creating gaps in their compliance programs that can persist “for a significant period of time.”

“One of the challenges, based on what supervisors are telling us, is that technology is being employed before it’s properly tested, and that [it] then has the potential to actually weaken institutions’ systems and controls,” said Gardner.

In January 2022, as part of a broader effort to strengthen and harmonize AML oversight across the European Union, the European Banking Authority, or EBA, launched EuReCA, a bloc-wide database where national regulators log any “material weakness es” found at financial institutions, and the remedial measures or other steps they took in response to them.

Regulators in the bloc’s 27 nations have uploaded a combined 771 AML violations at 256 banks, money services businesses and other financial institutions on the database so far this year. At around half of those companies, improper use of new regulatory-compliance technology, also known as regtech, laid at the heart of the breaches.

Artificial intelligence-driven software, advanced data-analytics tools and other regtech products hold the promise of radically improving customer-identification and -verification processes, bolstering detection of potentially illicit transactions and helping compliance officers untangle complex corporate structures.

But national supervisors have observed a substantial uptick of cases in which banks and fintechs neglected to check whether their newly acquired, compliance-related technologies delivered as promised, and failed to ensure that senior managers consistently monitored their use.

“We are in favor of technology, we don’t think the fight against financial crime has a future without it and we have seen excellent examples where it works fantastically,” said Gardner. “Our concern at the moment is that not everyone is using technology in the right way.”

EU supervisors have reported 377 enforcement actions or other supervisory responses to EuReCA since January. Details of many of the associated violations show that regtech-related shortcomings appeared in all areas of AML compliance.

“It’s difficult to pinpoint exactly what’s going wrong where, because it’s really a little bit of everything,” said Gardner. “This is clearly an area where we feel we need to intervene, and we need to intervene fast.”

Regtech-related problems have also become a regular topic of discussion at the EU’s supervisory “colleges,” forums where national regulators share information (https://www.moneylaundering.com/news/eu-aml-supervisory-colleges-grow-in number-effectiveness-eba/) on the AML programs of financial institutions that operate across borders.

Peter Oakes, former director of AML enforcement at the Central Bank of Ireland, told moneylaundering.com that regulators expect compliance personnel to fully apprise themselves of the purpose, capabilities and limitations of any regtech their institutions acquire, and do not wait around for an internal audit to identify any problems.

“They normally already have a framework for product governance elsewhere, but firms need to extend that to any regtech offerings they bring on board,” said Oakes, now a consultant in Dublin. “They also need to identify it [new regtech] as a risk, so that there’s a discussion around monitoring and regular testing.”

The EBA plans to conduct additional research on the problematic trend ahead of publishing an “opinion” on emerging money laundering- and terrorist financing-related risks next year.

​Contact Koos Couvée at [email protected]