- AMLD5 is here, and AMLD6 is on its way
- What is AMLD5?
- Who is it relevant for?
- What do businesses need to do to ensure they’re compliant?
Sinead McDonald (Head of Compliance and Regulatory Affairs at Information Security Assurance Services) talks to Adrian Whelan (Senior Vice President of Regulatory Intelligence at Brown Brothers Harriman)
Summary Highlights of the Podcast
The Rise of Regulation
- The bar on regulation – AML, KYC, Identification – is continuing to rise.
- AMLD4 was a seismic shift in KYC / Identification
- It brought out the concept of Ultimate Beneficial Ownership
- Regulators, governments, financial service providers had an obligation to really look through the chain of ownership and cashflows
- AMLD5 is here, it came into law this year (2020). It’s just one more step towards increased AML regulation…and AMLD 6 is on its way
- AMLD5 brings a far greater number of constituents and stakeholders and types of activities into scope that previously were not in scope
- It looks to deal with modern non-standard, non-traditional methods of payments –
- Such as pre-paid cards, crypto currency, e-money type facilities.
- These payment methods are new and haven’t been regulated before, so it’s an evolution of regulation
What are the Challenges for Businesses?
“The confluence of GDPR with AML / KYC is not often understood, they’re looked at separately, but they’re directly interwoven into each other and can be in conflict”
- Commercially, [businesses] have a regulatory requirement to “know their customer” and have ID verification…it looks for more data from customers …yet on the flip side there’s GDPR protecting customers’ information
- Businesses have to navigate that and get through those obstacles… businesses need to understand how [AML and GDPR] interact
Privacy by Design to Scale
“You’re constraining your own business and customer take-on by not having privacy by design built into your core process”
- Companies need to have “privacy by design” integrated into the core of their product / service
- In a highly automated environment where businesses want more customers not less, can they build privacy by design to scale? That’s critical.
- This is where traditional financial service providers are struggling. And why more fintech providers are stepping into the market and filling that space, they’re also providing easier user experiences
- Regulation is a challenge to implement but always comes with an opportunity set
- Regulation & Identity Verification
- Creates an area of opportunity and companies are coming forward saying “we have a solution that can help with the regulatory requirement and the customer experience”
So What is AMLD6?
“AMLD6 gives regulators and overseers a little bit more teeth”
- It’s a progression — AMLD5 is business-level, whereas AMLD6 is for the authorities and regulators. For example, the Central Bank of Ireland is hyper focused on this area
- AMLD6 gives [regulators] a higher right of inspection authority that wasn’t there before
- Sanctions, penalties, a more intrusive approach for rights of enquiry for standards
- If you’re a regulated financial service provider, there’s a heightened expectation of increased scrutiny or being asked about your process, or specific events or proving how you go about your business
- There’s a granularity of inquiries, not just from regulators and FYUs but from investors as well.
“It’s not just a regulatory imperative, it’s becoming a commercial imperative.”
- It’s becoming a commercial question, around your policies and procedures and how you do it on an ongoing basis — not just a regulatory imperative, it’s becoming a commercial imperative.
“The future of regulation is not about “us and them” – it’s about collaboration between policy makers/regulators, innovative technologies and new providers with solutions partnering with traditional entities.”