UK banks pay billions to ensure compliance with anti-money laundering (AML) regulations, but the mounting regulatory pressure may push businesses over the tipping point, a report has warned.
In a recent report, LexisNexis found that UK banks face steep compliance costs to keep up with the increasingly complex AML regulations and warns it may actually stand in the way of progress.
It is estimated that UK financial institutions currently spend a total of £28.7bn on AML compliance, with costs expected to grow more steeply in the next two years, reaching more than £30bn by 2023. By comparison, the report notes the entire UK annual defence budget stood at £53.3bn in 2021.
On average, the firms surveyed spend £186.5m on AML compliance per year, but costs at larger institutions could be as high as £300m.
Although expenditure largely correlates with the size of business, AML compliance is more burdensome for smaller organisations, due to a lack of economies of scale, but also because AML regulations are not always commensurate with the size and level of risk of an individual business.
Why are the costs growing?
Most financial institutions see the growing volume of AML activity as the chief internal driver pushing compliance costs up, but they also cite more rigorous checks and increased investment in risk assessment as key factors.
Although one expert quoted in the report believes the increase in AML activity is a result of media coverage around money laundering and COVID-related scams, others attribute it to the fact that financial crime compliance has “moved up the boardroom agenda” and there is a cultural change in how compliance is perceived.
“In the last two to three years, financial crime has very much gone up the agenda. It’s a general realisation that it’s a major topic and it’s a hot topic with both the regulator and law enforcement,” said Steve Payne, group head of financial crime and MLRO of Vitality Group.
Meanwhile, AML regulations in the UK have changed significantly in the past few years and most banks agree that increasing regulations and regulatory expectations is the most important external factor that drives their costs up.
The UK transposed the 4th EU Anti-Money Laundering Directive into the Money Laundering Regulations 2017, while the 5th EU Money Laundering Directive was integrated into UK regulations in January 2020.
Both regulations brought compliance changes, including greater emphasis on customer due diligence (CDD) and widening the definition of politically exposed persons (PEPs).
Understanding and implementing these changes is a time-consuming and costly exercise and poses a real challenge to organisations, the report notes.
“Regulation is becoming more complex, it is becoming more onerous, and I think one of the dangers is that it’s going to become so onerous or complex that businesses will stop buying in,” Payne said.
“There is more onus being placed on businesses to almost be all-seeing and all-knowing. And I think it’s in danger of reaching a saturation point if we continue down the line of more and more regulation,” he noted.
In addition, excessive regulation may lead to businesses focusing too heavily on complying with the laws and managing the systems and controls to do so, instead of spending more time considering how to fight financial crime more effectively, according to the report.
“Financial crime compliance leaders need to balance the need to comply with regulation, with the very real need to build sustainable and effective systems and controls and future-proof them. Many lack the bandwidth to do both at the same time,” the document explains.
The fear of breaking existing protocols and inadvertently losing something important in the way acts as a deterrent to innovation.
What do compliance teams spend their money on?
According to the survey, more than half (53 percent) of the overall AML compliance cost is spent on the various processes of CDD, with identity authentication checks alone accounting for one-quarter of the total costs.
Screening and ongoing monitoring, also part of the CDD process, make up one-fifth of the overall AML compliance spend, while remediation, investigations and evidence gathering comprise a further fifth of the costs.
Remediation typically takes more than 20 hours for firms, even in the case of standard risk customers, and in 90 percent they turn out to be false positives, which are one of the biggest operational issues that financial crime compliance teams face, the report says.
“A lot of what we are facing in banks are not financial crime issues, but data issues or data legacy issues,” one head of financial crime at a major UK bank told researchers.
“A lot of things have to be solved by financial crime teams because there is a piece of legislation out there that makes it a financial crime or AML issue, which is why AML gets a bad name. Having quality data becomes paramount,” the person adds.
Another issue is with suspicious activity reports (SARs), which are increasingly moving towards “defensive reporting”, pushing firms to intentionally over-report transactions to err on the side of caution.
“Over-cautiousness” leads to “over-reporting” of suspicious activity, which results in higher volumes of work and overwhelms the system, the report stresses.
People and technology
The survey found that most AML compliance costs are spent on people rather than technology.
More than half (55 percent) of the total costs is spent on employees, with a further 15 percent allocated for training and only 25 percent used to pay for technology.
Although this may render firms vulnerable to human error or expose them to high staff turnover, businesses have already started to shift compliance spending towards technology.
For instance, 39 percent of the respondents say they are planning to implement new compliance software this year, while another 34 percent are looking to do so over the next three years.
It is, nonetheless, unlikely that technology could replace the human workforce when it comes to AML compliance.
“There’s no substitute [yet] for applying good old-fashioned human instinct to properly risk-assess a case,” the report emphasises.
“An IT system doesn’t replace the human cost. The system is a support function to your human staff, but not a replacement,” according to Kam Biring from Currencies Direct.
The survey was carried out in collaboration with Oxford Economics and is based on in-depth interviews with more than 300 leading financial institutions in the UK.