Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
The Future of the Financial Crime Compliance
35 Plays1 month ago
Intelleqt Consulting’s Director of the Financial Crime Ronald Daliya, spoke on the core principles of a financial compliance program on the Future of Financial Crime Podcast last year.
The Future of the Financial Crime Podcast is a production of Arctic Intelligence, an award-winning Regulatory Technology (RegTech) business that transforms financial crime risk assessments to help protect your business.
Recommended
Transcript
Amendments to the AML CTF Act in Australia
00:00:00
Speaker
If you're in the financial crime and compliance space in Australia, then you've likely been focused on the amendments to the AML CTF app. However, even with these amendments, the core principles of maintaining a strong, robust and effective anti-money laundering and financial crime compliance system remains the same.
00:00:18
Speaker
In a conversation last year about these core principles, Ronald Dahlia drew on his extensive experience, both on the business side and the compliance side, to address these fundamental principles.
00:00:30
Speaker
I hope you enjoy the podcast.
Introduction to the Podcast
00:00:32
Speaker
um This is the future of financial crime, a production of Arctic Intelligence, a podcast that takes a global perspective on financial crime compliance.
00:00:41
Speaker
The MLRO report is what it's all about. It contains all the sort of metrics that you define that what's the current state of operation and how well is the program operating. it gives me a view.
00:00:53
Speaker
Welcome to the future of financial crime.
Meet Ronald Dahlia
00:00:55
Speaker
I'm your host Kwame Slasher and we have a special guest with us today, Director Financial Crime at Intellect Consulting, Ronald Dahlia. Welcome to the podcast.
00:01:04
Speaker
Good to meet you. Hello.
Implementing AML-CTF Frameworks in Organizations
00:01:06
Speaker
So to help us with some of the really, i guess, fundamental aspects of this discussion, Ronald, before we started recording, you know, one of the things that you brought up was such an and such essential thing, you know, we can be getting on about digital currencies and stuff like that, but just that simple thing of, do you know what you're doing when you're trying to implement AML-CTF compliance framework into your organization? what are the challenges there? But just so everybody knows who Ronald is, Ronald, i'm going to make you introduce yourself and tell us a bit about your journey into your role.
00:01:35
Speaker
Absolutely. So I'm probably your odd one out in that I started my career in tech and then moved into projects. I've done lots of project work. I still do project work through what I do.
00:01:48
Speaker
ah Project management taken me, luckily, to many different places in the world. And and here I am in Australia, formerly from the UK.
Integrating Project Management in Financial Compliance
00:01:55
Speaker
ah In the project work, end up looking at compliance and risk projects and then ultimately AML-CTF.
00:02:03
Speaker
There's one of those things that nobody really wants to do at the time and now here I am doing this full time. My view was to, as a project person, to know more about AML-CTF and the AML-CTF experts to know more about projects.
00:02:18
Speaker
And that was always a challenge to try and actually build something or change something that required AML-CTF framework or implementation or uplift. try and bridge that gap.
00:02:29
Speaker
And where I've ended up is moving all the way to the other side. and I'm in the compliance space where, you know, I'm a school accredited, name, LCTF specialist and so forth. And I am now implementing those changes advising my clients as to how they can actually get to that point.
00:02:46
Speaker
So from that perspective, I've spent a lot of time working through all associated project and change management, business analysis, testing, data integration, all these nitty gritty things.
00:03:02
Speaker
And I think that's what that's done is that's armed me in a way. so generic advice is great. You've got to actually make it tangible and you've got to plug it into something and you've got to watch out for the things you
Learning from Past Mistakes in Compliance
00:03:15
Speaker
need to do. What are the pitfalls you get to face? And I've lost many and won a lot.
00:03:21
Speaker
And consequently, you know, that those those things are hard to actually get to unless you live through them and lose through them too as well. I think there's lots of lessons to be learned through that process.
00:03:34
Speaker
And if my goal would be anything, would be how can i save you having to make the same mistakes that I've made and how can I share that?
AML-CTF Implementation in Different Jurisdictions
00:03:44
Speaker
That's probably what my goal is and and that's what I advise my clients on.
00:03:48
Speaker
And I feel like it's always good to start with a challenge and then go into the solution in these types of discussions. So my very next question, of course, is, and I know you have like a multi-jurisdictional experience, so I mean, pick one of me if you like.
00:04:01
Speaker
But what are some of the challenges that you have noticed when it comes to trying to implement an anti-money laundering and counter-terrorism financing program? Yeah, look, I think i pick a jurisdiction and and then reveal it. So it's different. It's interesting to see, you know, culturally how different places work. You know, the most aggressive place I worked in is London.
00:04:23
Speaker
I've worked in, good fortune, work in New York as well and and also Australia and Germany and France, a lot more decision by committee within Europe, mainland Europe, as opposed to London, which is get 70% right or fix the problems later.
00:04:36
Speaker
New York is very depending upon which institution you work for and what time pressures they have. But I found London was much more aggressive. And Australia, a lot more different from that perspective. You know, those drop dead deadlines are much more prominent within investment banking than they are in say retail banking in other places well.
00:04:55
Speaker
But for Focus on Australia, which is where really a lot of my specialism is, and I do have great ah opportunity to talk to all sorts of people through the
Risk Assessment in Compliance Frameworks
00:05:04
Speaker
LinkedIn community. ah A lot of people reach out to me and ask so various things, but there's probably five thematics that I can talk about if I may. I think risk assessment, as you know, five things. We're starting with risk assessment. Everybody always talks about risk assessment.
00:05:17
Speaker
If you're brand new or existing, you want to change something, risk assessment, enterprise wide risk assessment. There's other sort of terminology people use. The risk assessment is like often done, set, forget, underutilized spreadsheets are used, tools are used, but it's often sort of set and forget and um And what I've actually worked out with one of my clients is actually, it actually is great to model what your change is likely to be.
00:05:44
Speaker
You introduce a new product feature and so forth, plug it into your risk assessment and see what it does. Does it change your risk profile? it improve it? You know, if you add some more by onboarding controls for a customer, there's a help mode. So that risk assessment piece, often underutilized, never truly capitalized.
00:05:59
Speaker
The next one I have is rationale document. So we go into a completely separate industry, go into gaming and and gambling. Someone is in Australia, they don't try gaming machines called pokies, affectionately called pokies in Australia. You win in those and you ah go up to the the clerk and they will be a payout for you. Where red flag might be, get five payouts a month or 10 checks in a month. It's a red flag.
00:06:21
Speaker
Why five? Why 10? Why, you know, if you're in banking and you're onboarding a customer and the customer's got three companies linked together, what's your level? And you say three is enough. And then beyond that, what shall do?
00:06:32
Speaker
Why three? You know, rationale for that documentation needs to be there. You know, if you're in trouble, you have a defensible view on that? And secondly, actually, to simplify those things. Why three? Is it because you are nervous about it?
00:06:45
Speaker
You need more information? What is that? What is that rationale? Is it understood? The next one is my favorite is saying versus doing. You have your program and you have a lot of things set up within that. and You sort of say, hey, I'm going to do this.
00:06:57
Speaker
And then do you do that?
From Plans to Execution in Compliance Programs
00:07:00
Speaker
They're two very separate things. One is a written view in my independent reviews that I perform very much along those lines where you say all these things in your compliance program, but do you have the controls on them to actually make sure you actually, you undertake them? Do you do them?
00:07:14
Speaker
The next one I have is accountabilities and responsibilities. You've got be very clear about who's doing what and who's accountable for what. ah It's really simple with the regulator. They go along, you give them the program.
00:07:26
Speaker
If they can't work out who's doing what, their view is that the employees don't know what they're doing within that mix. And therefore, you don't actually have a program to operate on. And now you're in trouble because there's about three or four things that you are automatically, and then they go to the board and say, the board is very clear.
00:07:42
Speaker
It's unclear. Therefore, you approve this program and therefore, you don't have the training as well. so automatically, there three remediation actions that come out of that. because you're unclear about accountability responsibilities, which are two very separate things. And my family with my my last one, know this my favorite one I've just mentioned, is have you got a risk framework that you can operate through AML CTF with it?
Necessity of Pragmatic Risk Frameworks
00:08:06
Speaker
ah You don't have to solve or borrow or boil the ocean to actually manage or make that work. Do you have something that's pragmatic that you can use? you got How are you recording those risks? How are you managing them? What's the process? You've got to calendarize them. How is it brought up in meetings? How you update the board? You know, what are those controls? Were they documented? Who approves them? What's the life cycle on those?
00:08:27
Speaker
So those sort of things actually sort of say, well, if I solve for AML CTF, I probably have to solve for something else. Well, now I'm managing that. And it's, I love working with fintechs who are, you know, small and nimble. And, you know, a lot of people out there will sort of say, oh, they're cowboys. But a lot of the people that we've worked with have been really good in this industry.
00:08:45
Speaker
in this sort of respect, in that they're able to affect change very fast. And also, they're able to bring these together and bring to bear really quickly. So risk framework, and trying to manage those things in a formalized way, a well understood in large corporates, but actually very clunky and difficult to manage.
00:09:06
Speaker
small The small end of town, much more informal, much more fluid, and then therefore, is it as strong as an rigor followed on the back of that. There's a blend in between some people get it right, some people get it wrong.
00:09:18
Speaker
Those are my five favorite things on that. That's perfect. And I was just thinking, I've heard various speakers from others track at different events. And, you know, usually the things they identify challenges with, with Australian organizations is the risk rating. And and I guess the you the the subjectivity of that and, you know, not always agreeing with how people decide what to rate something and when they decide to do a certain level of due diligence. And then the high one that I thought was pretty interesting again is that that lived framework concept.
00:09:46
Speaker
You have a system, you have a program, but is it lived? Is it actually work? Is it functioning? How are you measuring it? How do you know it's working? So, you know, you brought that the issue of ah measurability, which without it, I don't know how you'd
Effectiveness of AML-CTF Programs
00:09:56
Speaker
operate. yeah Yeah.
00:09:57
Speaker
ah The measurable one is a great one, right? ah So, again, I'm going to put my practical lens, the Ronald's lens on this sort of view. The practical lens on that is every now and again, in terms of Australia with the AMLC TIF compliance office, AML Co., if you're going a bit more further overseas, money laundering reporting office, um MLRO, the MLRO report is what it's all about.
00:10:18
Speaker
It contains all the sort of metrics that you define that what's the current state of operation and how well is the program operating? It gives me a view. and can I actually maintain and keep that over time and see if I'm trending up and down on particular dimensions within that report?
00:10:35
Speaker
It's really useful and when you roll it up and take it to board and maybe do it quarterly, maybe you're doing that a bit more um and and really taking that up and having really good quality, robust discussions about what's occurring in that and how does it align with the threat landscape that's around you. But the practical elements on that are not all of those things are easily captured, those metrics.
00:10:55
Speaker
If you're working in a medium-sized customer-owned bank within Australia, for instance, it's a mutual bank of some sort. There, if you look at how are you doing, what sort of vetting are you doing or screening or AML background that you're doing third-party vendors, the procurement team may be one or two people within that.
00:11:15
Speaker
You know, forming up those metrics and providing that on a regular basis could potentially be a big deal. Depends how much data you've got to mine. Have you access to the systems? I want to run that report, but I need my tech person to run that. How do you do that?
00:11:28
Speaker
Is that pragmatic? Is it more quarterly or is it months, maybe six months? you know You really have to drive that, not because of what you can or can't do, but you have to be realistic when you sort of put these things up. So when you're designing that sort of report,
00:11:43
Speaker
You do need to take a consultative approach to actually work out what's reasonable, what's feasible. So that gives you a sense of how the program operating, but it has to be done in a pragmatic manner. And, you know, often I see often someone will write up what they expect.
00:11:58
Speaker
The compliance standard or guideline look like internally to do that. And it's impossible to operationalize because accessing that data is a big deal. It's there. But gettinga ah getting access to it is hard because there's three people in front of you wanting reports and they're priority because they actually write business. And, you know, those are the sort of challenges you've got to work through.
Challenges for New Industries under AUSTRAC
00:12:18
Speaker
You've got really appreciate Yeah, sure. And just to highlight something I said earlier, for anyone who's not familiar with the Australian framework, AUSTRAC is the Australian Transactions and Reports and Analysis Centre and is the local financial intelligence unit to which all financial institutions have to report to. And maybe with the current consultations happening at the moment, um capturing some other businesses as well, lawyers, real estates and high-valued providers.
00:12:42
Speaker
And I guess on that, actually, ah you know, imagine that you are one of these, you're working with one of these new industries who suddenly have this requirement to Austrac and to reporting under the AML-CDF Act in Australia, and they wouldn't have the majority of the financial institutions who have been doing this for a while. I mean, what are there any challenges you should think some of these businesses are going to have? I mean, it look, ah there's many questions in there, right? So...
00:13:08
Speaker
You know, reporting entities, anybody since I'm talking about reporting entities are going go from 30,000 all the way to 120,000. That's significant. It needs to be done. You all these other, you know, so of sectors and so forth that needs to be folded in. And, know, they're potentially perceived and they are seen as gatekeepers for you know There's a lot of the sort of financial crime and and money laundering as well. So therefore, inclusion is required. But the practicality of actually making happen is very difficult.
00:13:35
Speaker
you take ah If you take of view of this is challenges these guys are going to face, how are they going to get there and what's easy? yeah The current legislation and its current incarnation is clunky,
00:13:48
Speaker
difficult to understand, subjective, and they talk about framework. And if you're a two person, maybe one person, real estate agent firm to be exposed to this, how are you going to navigate through that? What's, you know, is someone going to turn up with a toolkit that you can basically open open up and start using straight away with a bunch of processes and a few other things.
00:14:09
Speaker
It's not, that's not a sort of easy sort of answer to sort of solve for. And I think that's actually a real, that's really a challenge for these guys and how are they get to make this happen. So I think the answer, the short answer to question is, so There needs to be streamlining of the legislation as step one.
00:14:26
Speaker
Step two, there's really got to be some strong consultation as to how they're going to make this practical, pragmatic and accessible.
Simplifying Legislation for Compliance
00:14:34
Speaker
And it cannot be around people like myself sort of going in and advising these people.
00:14:39
Speaker
And there's a danger there as well. A lot of these sectors do require people to understand how they operate. So resources, legal, legal industry, what is it? It is not the same application. I have a good fortune working ah just under two years for a large law firm.
00:14:55
Speaker
And I can tell you right now, it's not the AML-CTF application framework. It's not the same as it would be in banking to law firm. And depends what law services you're offering too. So ah think there needs to be clarity as to how these things are going to be implemented. It didn't work.
00:15:10
Speaker
You can't just simply we rely on some guy saying, hey, I know about this stuff. I've got great advice. Me doing this for some time doesn't necessarily mean that's the person you need. And, you know, if I can trump my own horn, change management of how you're implement that into your business, the business processes, the structure, the you know, what are the impacts that you're going to have?
00:15:30
Speaker
Is it going to affect the way that you actually do business? You know, that could be a big deal. That needs to be understood. So streamline first. Practicality, pragmatics, change management, very specific guidance on how per industry as to how these guys are going take it.
00:15:48
Speaker
Yeah, and it goes back to something you were talking about earlier about that feasibility and not trying to get something that's off the shelf as a product to help you build that, but making sure that it's a fit for purpose for your specific type of industry and size of organization.
Tailored Solutions for Different Business Sizes
00:16:01
Speaker
Yeah, I think the Oztrak terminology or the ones that the attorney general a nature size complexity, right? They'll just spin out on that basis, but that's that's fundamentally what it It's true. It's exactly right what that is. And applications of different industries, a lot of people wanting to talk about this and give their spin on this.
00:16:18
Speaker
It needs to be right sized. It needs to be appropriate. It needs to be commensurate with the sort of your business. And that doesn't mean that you can choose to put bits and pieces of it. It just needs to be in a manner that's, you know, how can I, if I'm a two person operator or one person operator, how I actually plug that in? You know, is that, do I just go and buy some off the shelf thing that does it all for me and it's packaged? Maybe that's the answer. so I just wanted to pick on something else that you'd said earlier. as You mentioned that accountability piece.
00:16:45
Speaker
And for many organizations in Australia, the financial accountability regime sort of gives us a certain requirement for those who are captured by those regulators of what kind of systems they have to have in place. But I would imagine that with the expansion of the AML-CTF regime, some of those organizations who get caught might not be, even if they are captured, may not be fully aware of their responsibilities and accountability or haven't really thought about accountability.
00:17:10
Speaker
So I guess for them, it'll be now thinking about who is accountable for whatever it is that they need to build in their system. Yeah, look, that's right. I mean, you're right. mean, even banking, where it's been there for some time, so you had banking executive and accountability regime bear, and you've had FAR.
00:17:26
Speaker
and All these different accountability views, and you allow sort of a segregation of who does what. But if you talk about, again, ah small business, what does that mean?
00:17:40
Speaker
and how am I good? What does that mean to me? and Firms talk about segregation of duties and they're rightfully so, you know, talk about the three lines of defense and how and what their purposes are and how that's actually meant to help you.
00:17:53
Speaker
That's a good example where that doesn't scale down to a smaller firm. And as you start bringing external people in to sort of break those things up, your first and second line are very much blurred.
00:18:05
Speaker
And part of the same thing, do you have the right capability in house to actually have a first and second line. And you see this as a great example of corporates that are in medium to large enterprise are going through that growth phase where, you know, that formality around that second and first segregation occurs.
00:18:23
Speaker
Third starts emerging. Once that starts to establish, they've been using external third line for to help build that out. Responsible accountability across that whole sort of program, I think and then isn't is an interesting one. And depending on how you actually Sign off the program.
00:18:40
Speaker
What is that? Do I need to have meeting minutes with my directors on file to sort of say You know, it needs to be written out in that manner. It's not just great saying your board approves it. So you say, hey, I don't really have a board. I'm two directors and that's it. And the director's my other half. And they basically come along and we we do these things and change our bank accounts. who We wrote it down.
00:19:00
Speaker
How far does that extend on this? Is that clear? It's those sort of things that need to, you know, extend this out to the small that A lot of you just are focused on the large. What does it mean?
00:19:10
Speaker
You know, for them, it's probably easier because there's already processes and so forth in that. But even the large firms have struggle with accountability, responsibility. And I think the example I pulled on earlier, which is yeah you see this when the attorney general department's lawyers on stage, you know, one of these ACAMs of Fenton says,
00:19:31
Speaker
yeah I've read all these AML-CTF programs and it's unclear to me who does what. I do independent reviews and accountability responsibility always comes up as a means of improvement.
00:19:43
Speaker
Not red hot item because they describe those in different ways. Some firms do this better than others, but you really have to pull apart, choose your own story, lead your program, refer to this standard, refer to this compliance guide, refer to this operational process. It does require navigation and context to understand who
Systems for Audit and Scrutiny
00:20:02
Speaker
it is. And smaller firms are very clear who does what, but is it written down?
00:20:06
Speaker
Is it understood? It should be demonstrable to a third party. And is is that self-contained? You know, those are the questions that come out. I think I spoke to a medium-sized bank CEO and his view was, are we good? are we Do we stand up to third party scrutiny? I think that's probably the best way to describe it.
00:20:24
Speaker
Yeah, I'm just imagining Oztrak maybe exercising one of their enforcement toolkits and maybe forcing an organization to appoint an auditor and having a look at the system. What will they see? And will they see evidence of a system? If there's systemization on the back of this and then repeatability and...
00:20:40
Speaker
You know, someone does turn up with the the wonderful solution, just plug it in. It does everything for you. Great. um And, you know, there's probably lots of facets to it, which is why that whole legislation needs to be simplified and made easier and and all those wonderful things too.
00:20:54
Speaker
Well, I'm looking. at the time and I think maybe we should wrap this up, but I'll give you an opportunity if there was anything that you know you thought was critical that we didn't talk about that you wanted to leave listeners with who are operating in this space and and you know just trying to get this right either from a implementing perspective or maybe they're working for the regulatory side, what they should be looking for.
00:21:14
Speaker
A lot of the things I do around that sort of implementation piece, right?
Impact of Compliance Changes
00:21:18
Speaker
And everybody says they're good at implementation, but I would say to you right up front, work out what your change impacts are before you even start.
00:21:26
Speaker
You know, it feels like counterintuitive process and sort of saying, well, we've got to work out what legislation like You ask a lawyer, you'll get a different view. You ask a compliance person, get different I'm saying all of those views of Abbott, but I'm saying right up front, what are your impacts likely to be and understand what they are.
00:21:43
Speaker
It will make all those things much easier later on because you'll be able to engage the right people at the beginning, have them along for the journey, and then therefore when you're implementing your change, you can sort of make that easier. Tools, techniques,
00:21:57
Speaker
frameworks all help with those sort of perspectives. But and from what i preach and practice upfront, you know, you stop start with a plan. Well, how are you going to do that? Work that through. It might be in an idea view and then you sort of plug that into the plan. But understanding what those second order or impacts are going to be are really critical in being successful, what you want to do And, you know, in particular, everybody's faced this. we're goingnna change this, make it a bit harder, or maybe it's requiring more information to compliance is up.
00:22:24
Speaker
How are we going to actually solve for that? And, you know, you maybe have some reluctant people who don't want to play more. You just got to work through that. Starting that early helps you get there. Well, thank you so much for your time, Ronald.
00:22:35
Speaker
No problem. This has been a production of Arctic Intelligence. And the music is a production by Royalty Free Music.