Keeping up with increasingly demanding anti-money laundering (AML) expectations in 2023 will likely mean doing more with less and figuring out where and when is the best place to use technology to aid compliance, experts say.

Many business leaders are expecting a recession to hit sometime next year, meaning compliance budgets will likely shrink while new initiatives are curtailed or shelved. But regulatory expectations for your organization’s AML compliance program are not going away.

Key areas of concern for regulators in 2023 include:

  • Understanding who is the beneficial owner of investment vehicles and business partners and where they are physically located;
  • Applying the best use of technology to automate processes that find red flags related to organizations’ AML risks;
  • Managing and monitoring AML risks posed by digital assets, including cryptocurrencies; and
  • Understanding and mitigating AML risks posed by relationships between banks and fintechs.

A recession might cause a tipping point for automation of AML and know your customer (KYC) processes, said Tracy Manning, director of financial crime compliance at LexisNexis Risk Solutions, during a session at the Association of Certified Anti-Money Laundering Specialists’ (ACAMS) 2022 annual conference held in October.

“There is a potential economic recession that could cause a tsunami to AML processes,” she said. “The time is now to decide what actions to take to flexibly respond and thrive versus just survive.”

Manning said compliance professionals should “shift their eyes” to the parts of their portfolio most at risk for AML issues and prioritize monitoring those risks. To aid in that effort, Manning advised firms to manage and communicate internally between AML, fraud, cybersecurity, and e-commerce divisions to drive efficiencies.

One key element to add to your firm’s KYC and due diligence protocols is geolocation. It’s no longer enough to know if an account is opened by someone in a sanctioned jurisdiction or by a sanctioned individual. Your business should be striving to understand where that person is physically located, including for transactions that occur after the business relationship begins, and to have a system in place that will flag transactions that are being attempted from sanctioned jurisdictions.

Russia’s war on Ukraine shows no signs of stopping and neither does the parade of measures western countries are taking to punish Moscow. The war is increasing the number of politically exposed persons and sanctions every day, and the changes need to be folded seamlessly into your firm’s AML searches.

It is also important to know who your customers and investors are and to understand whether ownership of key vendors or suppliers has changed to include sanctioned entities or individuals.

“There is a potential economic recession that could cause a tsunami to AML processes. The time is now to decide what actions to take to flexibly respond and thrive versus just survive.”

Tracy Manning, Director of Financial Crime Compliance, LexisNexis Risk Solutions

Overall, regulators will have higher expectations for businesses to be more cognizant about who is on the other end of a transaction in 2023.

“There will be more conscious regulation about who we trade with,” said Wale Ayantoye, director of financial crime operations for online retail platform Etsy. Regulators want companies to expend more effort understanding who new customers are when they are onboarded and better monitor the relationship over time, he said.

Regulators also want companies to better understand their customers so they know which of them are minors and apply all the relevant regulations to that relationship, he said.

“Regulations are not generally made to make our lives more difficult as the benefits usually outweigh the pain,” he said.

Perhaps the biggest AML development in 2023 will be the creation of the beneficial ownership registry by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN). FinCEN finalized its beneficial ownership rule in September, which will require certain reporting companies to file basic information with the agency about who controls their finances. The registry is scheduled to become active on Jan. 1, 2024.

FinCEN’s beneficial ownership registry will be a “net positive” for banks, said Cliff Stanford, a partner at Alston & Bird and leader of the law firm’s bank regulatory team. “But the implementation is where the rubber hits the road,” he said.

Digital assets will get a hard look from regulators in 2023, particularly the risk they pose as a path for money laundering and terrorism financing. Cryptocurrency is far and away the most popular way for hackers to receive ransomware payments.

Regulators will be examining “the intersection of regulated banking and digital assets; that interplay between new technology with new potential for unknown risk,” Stanford said. “There will be a shakeout as to what models survive. Regulators are laser-focused on this issue right now.”

In November, FinCEN said U.S. banks paid $1.2 billion to ransomware criminals in 2021, with nearly all those payments made in cryptocurrency. The Bank Secrecy Act requires financial institutions to log suspicious activity reports for any ransomware payments.