The Impact of Rising KYC & AML Regulations in Europe

Over the last decade, there have been a number of structural changes in KYC & AML Regulations in Europe.

For the past few years, high-profile cases of alleged money laundering have increased the general public’s and regulators’ attention on the penetration of illicit funds and fraud into European societies. As financial institutions’ and regulators’ knowledge of these criminal practices deepens, existing AML requirements are continuously adjusted to better prevent such tactics.

Introducing a further level of complexity, not only the evolution of customer expectations is adding new pressure on organisations to deliver seamless, fully digital and mobile experiences, but the unprecedented situation determined by the coronavirus pandemic in 2020 is also accelerating the pace of digital transformation in KYC compliance.

To address the challenges of this fast-evolving ecosystem, the European Union has begun introducing a number of more stringent financial regulations over the last few years and is now looking to potentially tighten its enforcement powers across the bloc, as highlighted by the European Commision’s Action Plan released in May 2020.

Looking at the macro-economic and geopolitical context that preceded the introduction of the new regulations is important to understand their rationale. The decade from 2007 saw the world – and the European region in particular – being swept by what later became known as the Global Financial Crisis and the Great Recession that followed it. As countries got into a recession with tangible economic consequences, a large part of the general population struggled to understand the mechanisms that got their national financial systems in trouble in the first place. As a corollary to the growing mistrust in corporations, people started to feel the need for more transparency on how their personal data was being stored and used by companies.

At the same time, news stories such as the Panama and Paradise Papers propelled general awareness about the extensive penetration of money laundering practices in our societies. Finally, tragic terrorist attacks renewed the urgency of introducing extensive strategies to prevent terrorism financing across jurisdictions.

A number of regulations were thus introduced to address one or more of the general issues the financial sector had been facing for the previous ten years. In particular:

• The Fourth, Fifth & Sixth Anti-Money Laundering Directive (AMLD4, 5 & 6) are aimed at counteracting the extensive penetration of money laundering in our societies by introducing more thorough checks and better cooperation between countries, as well as harsher criminal liabilities;
• The Payments Services Directive (PSD2) was introduced to stimulate customer-centric innovation in banking, with a focus on preventing payment fraud and misuse of electronic financial tools;
• The updated Markets in Financial Instruments Directive (MiFID II) was primarily driven by the need for more transparency in financial investment operations;
• The General Data Protection Regulation (GDPR) was the EU’s response to the general public’s request to regain control over personal data.

The timeline above showcases at a glance how the European regulatory landscape has changed over the past few years, with a growing number of regulations coming into force in quick succession.

Historically, the role of risk and compliance professionals has always been the one of the gatekeepers who would put processes in place to protect the organisation against damaging individual behaviour, hefty regulatory fines and reputational consequences. In this new, stricter regulatory environment, this role has become even more fundamental.

In particular, the growing risk of economic and reputational repercussions has been pushing the compliance function closer to the centre of the business structure. The approach to compliance is ceasing to be an afterthought or a “tick the box” exercise, becoming more proactive and strategic.

With multiple regulations coming into force in quick succession, compliance professionals have found themselves in need of a more flexible and dynamic approach to their function, one that would allow for prompt changes to adapt to the new requirements as they are introduced.

The sheer scope of the new regulations has also made it mandatory for compliance teams to work with a variety of departments at their organisation. In particular, a close collaboration with the IT function is necessary to ensure that existing company policies are reflected by the procedures in place and respected by all team members. In 2020, the coronavirus crisis has further increased the need for collaboration between these two departments. To ensure business continuity for financial institutions, it is essential that compliance ceases to be a primarily office- and paper-based function to become a digital and remote activity.

In our recently re-released white paper, we’ve conducted an analysis of the most important financial regulations introduced in Europe over the past few years. We take a closer look at how legal and risk teams have been driving change across their organisations working with multiple stakeholders to review operational workflows, update technological infrastructures and propose a new approach to compliance.