AML and KYC: The latest trends and industry best practices for managers in Asia

Hi, good morning. A very warm welcome to everyone who joined our webinar this morning. My name is Connie Wong. I am the Executive Director with Waystone, based in Singapore. Today we have two subject matter experts joining us on this panel discussion, Josephine from Waystone, and Rory from ID Register, sharing with us the latest regulatory landscape in relation to AML, KYC, as well as discussing the latest industry practices for Asia-based managers to best comply with global and local standards through digital onboarding and outsourcing.

About ID Register

A very quick introduction of ID Register. The ID Register is the trusted hub of onboarding for investors in the private markets. IDR provides a one-and-done secure and private passports for KYC/AML funds as subscriptions. IDR offers a globally accepted centralized standard approach to onboarding over 30,000 investors, 5,000 funds, and 300 JPs across all major investment jurisdictions is ideal to offer a consistent, secure, and trusted way to onboard.

Our speaker today, Rory helps lead IDR’s commercial efforts, working with partners, clients, and intermediaries across the private market. Waystone is the leading governance, risk, and compliance service provider with over 20 years of experience in the asset management industry. We have over 500 people across 14 international offices and are now serving assets under management of a trillion dollars. Our other speaker today, Josephine is a compliance professional with a specialty focus on the area of AML/CFT compliance. She leads our regulatory compliance practices acting as AML officer to Cayman Islands domiciled entities. Before we get into the panel discussion, a general reminder at any time during the webinar, you’re welcome to send in any questions you might have. And we’re happy to address that individually after the session.

So very welcome, you know, to Josephine and Rory on this panel, and we appreciate your time.

So my first question to you both would be if you can share with us at a high level how you have seen the global AML landscape being evolved? And what are the push factors for such changes?

Thank you very much, Connie. So, I suppose to start the nature of AML regulations has evolved over the decades in particular since 1970, when the U.S. became one of the first countries to introduce an anti-money laundering legislation framework, the Bank Secrecy Act. And since then, obviously, numerous AML regulatory bodies worldwide have been dedicated to fighting money laundering and terrorist financing. And I suppose to name a few of these organizations they include the Financial Crimes Enforcement Network, so FinCEN in the U.S., the Financial Conduct Authority in the UK, the FCA, the French markets regulator, the AMF, and in relation to Caymans, the Cayman Islands Monetary Authority as well. And then, in particular, we have the Financial Action Task Force on money laundering, the FATF, which was established in 1989, to develop a coordinated international response. And the changes that have emanated from the FATF recommendations, they set the global AML standards for internationally. In particular, I suppose the fight of advocating the risk-based approach to identify money laundering.

So, in terms of a push factor for all of these changes, you know, the United Nations Office on Drugs and Crime, they estimated previously that the amount of money laundered globally is between 2% and 5% of global GDP each year. So that’s about, you know, $800 billion to $2 trillion each year. And then further, we’re seeing increased sophistication of the technology and the devices being used by criminals, you know, in particular, cybercriminals are finding more sophisticated methods to launder money, and this leaves more sectors being exposed to financial crimes. In addition, through the pandemic, we’ve seen an increasing push for digitalization in financial services are placing immense pressure on financial services. And these, all of these factors have led to the increased regulations, and at the end of 2020, we’ve seen the EU implementing the sixth money laundering directive. And in Cayman, again, the AML regulations, the main pieces of which include the Proceeds of Crime Act and the anti-money laundering regulations have been updated each year consistently since 2018, with the most recent version of the regulations being updated in November 2020, and the guidance notes updated on the 5th of June 2020.

The Importance of Effective & Efficient AML Compliance Programs

So following all of these shifts in AML recommendations and the recommendations of the risk-based approach, it’s paramount that institutions comply with the regulations to ensure that they do more to reduce financial crime risk. And therefore, it’s very important that an effective AML program is in place. At minimum, an effective AML program includes customer due diligence procedures, appointing an AML compliance officer, internal operations and ongoing transaction monitoring processes, policies including record keeping, risk assessments, detection, and reporting of suspicious activities.

And I suppose, in particular, the customer due diligence is an essential step in a risk-based AML program. And in order to demonstrate that appropriate customer due diligence or CDD has taken place, AML programs must include Know Your Customer procedures. And it’s no just important enough to show that KYC or Know Your Customer has been performed. Initially, the most important thing for the risk-based approach is the continuation of this monitoring process, and indeed, ongoing efforts to ensure that the investors remain compliant. And also screening of the investors, their beneficial owners, and controlling parties is very important. You know, all of this brings new challenges for institutions and it’s of paramount importance that the AML compliance program is effective and efficient.

A Fragmented AML Landscape

Yeah. I think just to add to that, I totally agree with the stuff you just mentioned, Josephine. I think a high level that kind of AML landscape is pretty fragmented. When you look at all major investment jurisdictions, the different banks, financial institutions, asset managers, although there’s a broader framework of KYC/AML, you know, applied globally, each firm and each jurisdiction interprets that regulation slightly differently. And that really presents difficulties I think for investors, particularly with kind of cross-jurisdiction exposure is definitely kind of coupled with ever-evolving, and as you mentioned, kind of increasingly complex international regulatory landscape. Regulators across all major investment jurisdictions, including Cayman, UK, Luxembourg, and the Channel Islands, are and have been implementing changes and updates to strengthen the fight against financial crime by obviously building more robust AML frameworks. But as you touched on, and I definitely think we see that too, around new challenges presented by kind of the increased move to digital onboarding. And that’s, you know, that pace has really increased over the last couple of years.

Through the pandemic, I saw something from FATF recently, which stated that over the last two years, I think more than 60 million new accounts were opened digitally. And that’s a huge acceleration of the move away from traditional and manual methods of going through AML and KYC. But also, I think it’s worth pointing out, you know, again, from a kind of high-level perspective that particularly within private markets, it’s behind the curve. So, banks, traditional asset managers, and insurance companies are generally better at adopting technology quicker, and hereby nature, the private markets is more institutional, more private, and less regulated, although that is changing. So I think, you know, generally, the kind of industry requires a bit of a fundamental overhaul as to how AML and KYC is performed. And one which gives investors a better security, better data, eliminates the need for kind of this repetitive nature of the AML process, and ultimately reduces risk for managers by trying to standardize and centralize the whole process.

And in terms of the kind of push back because I think for that, there’s a you know, I think three or four which are pretty key. So one I would say would be around the kind of democratization of the markets as one of the biggest push factors, particularly again, in private assets, where traditionally it was a very large institutional investor base, but it’s now becoming increasingly accessible to a wide range of investors. And with this, you know, the increase in private family office and high net worth capital flowing into the private market.

So, these investors not only have different liquidity needs, but they also have different expectations of data, and transparency, and reporting, and process. So as we see a continued and sustained increase in capital allocation, and also fundraising, that will become more of a challenge. And also if you look at the kind of diversity the global investor base, as more economies and investors turn to private assets, that becomes more international opportunities. JPs are contending and asset managers are contending with a broader geographical investor base, with investors from China, and Africa, Latin, and more emerging markets. So ensuring there are kind of robust AML policies in place to mitigate some of those risks are crucial. So, you know, overall from an asset manager perspective that’s a huge challenge. So, on top of all of this, they’ve also got to ensure they are providing a consistent investor onboarding AML experience whilst also trying to manage and reduce their risk across fund vehicles. So there’s some serious push factors which I think are contributing to a real acceleration in the change of their mindset.

Progress Making Amendments to AML Regulations in Cayman

And you both touch about, you know, the increasing complex regulatory landscape and also the private asset as well as, you know, the fundraising activities. And I guess Cayman is one of the, you know, the key jurisdictions when it comes to a choice of place for funds vehicles. So I know since 2018, Cayman Islands, they have made a significant progress in making amendments to the AML regulations, of which the, you know, the appointment of AML officers to the investment funds and registered persons, as well as implementing the AML/CFT program. And maybe a question to Josephine, I know, because you have been acting as AML officer.

So, are you seeing any on-site inspections conducted by CIMA and what are the drives to aid in responding to the FATF blacklist?

Yes, yeah, no, absolutely, Connie. CIMA has conducted inspections and an increased inspection program has been in place over the last couple of years, particularly focused on administrators’ regulation in Cayman and those investment management entities registered with CIMA as registered persons under the Securities Investment Business Act. And it’s likely that CIMA will continue to focus on administrators and registered persons, and indeed trust in corporate services providers. But it’s also likely that CIMA may include mutual funds and private funds in their inspection process in the future, in particular, following the recent updates to the Mutual Funds Act and the Private Funds Act. So CIMA have stated openly that they are committed to enhancing the Cayman Islands AML, CFTs, and CPF regime through its on-site and off-site and other monitoring processes. And they continue to exercise vigilance in that regard. And they’ve stated as well that they will continue to treat breaches of the jurisdictions’ anti-money laundering regulations with particular seriousness and taking appropriate enforcement actions or other actions were necessary.

So as you’ve mentioned, the FATF gray listing is one of the key drivers in CIMA’s increased focus on regulatory inspections and enforcement actions. And just to give a bit of background on the gray listing itself. So in February 2021, the FATF published its second follow-up report on the Cayman Islands following the publication of the mutual evaluation reports in March 2019. And while the FATF did not identify significant issues with the Cayman Island’s legal framework itself, it recognized that Cayman had satisfied 60 of the 63

recommended actions that were prescribed in March 2019. And it also reported that Cayman was compliant or largely compliant with 39 out of the 40 areas of technical compliance. But it did give Cayman an action plan of three items. And those items were to apply sanctions that are effective, proportionate, and dissuasive, and take administrative penalties and enforcement actions to ensure that breaches are remediated effectively and in a timely manner, to impose adequate and effective sanctions in cases where relevant parties do not file accurate, adequate, and up-to-date beneficial ownership information. And that the Cayman Islands authorities should demonstrate that they are prosecuting all types of money laundering, including complex money laundering cases. So those three action items show the drivers for the increased regulatory inspection process. And, you know, it’s over the last year, we’ve seen the results of the CIMA inspection process.

CIMA Inspection Process

I wanted to touch on the inspection process, but in my question maybe to you because it seems you mentioned about inspection process. And we’re just wondering if you can share with us, you know, some of the key findings from the onsite inspections by CIMA. And also, you know, how in your view should the fund managers here be prepared for it?

Yes. So as some of the common findings and the key deficiencies that have been noted by CIMA in recent inspection reports and indeed in the publication that they recently made in relation to their inspection processes on the trust and corporate service providers were included insufficient evidence that adequate risk assessments were being performed in a timely manner. Insufficient evidence of ongoing monitoring of investor transactions. Documentation not being retained to support the application of simplified customer due diligence. A lack of procedures or controls for ceasing the provisions to or discontinuing business relationships with customers who have failed to provide the required or updated CDD documentation. Weaknesses in the suspicious transaction reporting processes. And deficiencies in the onboarding of PEPs in particular is what they’ve noted, including the failure to sufficiently identify, verify, and document the source of funds and the source of wealth for these investors.

So all of these and the recent enforcement actions highlight the importance of licensees having in place effective AML policies and procedures, which are appropriate, and effective, and implement the full requirements of the anti-money laundering regulations. And in particular, I suppose that risk-based approach, that documenting of evidence to support at the application of a certain type of due diligence, and those ongoing monitoring processes. And I suppose, you know, in the current environment as well, that ongoing monitoring also includes effective screening mechanisms as well, in particular, in light of the recent updates to the sanctions lists. So it’s important that included in any licensee’s AML program are those effective mechanisms for ensuring that investors remain compliance and ongoing monitoring is conducted.

Thanks, Josephine. I think that’s very useful and helpful to know, in particular to the pot that the sanctions I think it’s one of the topical matters that we discussed I think over the last two to three weeks, in particular to a certain matters, but it’s very, also good to hear that, you know, Cayman and they have achieved a lot of the points being raised by the FATF and which were remaining three items to be addressed to. So that’s a really great effort that we’re here that as a whole.

Yes. And actually on that point as well, in the FATF’s June update last year, they noted that Cayman had made a high political commitment to work with the FATF to strengthen the effectiveness of its regime. And indeed further to that positive statement in October 2021, the FATF have since reported that Cayman is now compliant or largely compliant with all 40 areas of technical compliance.

Yeah, I think it’s, you know, it’s one of those where particularly historically Cayman’s had a quite a potential bit of a bad reputation around some of these processes. But even when it’s identified there was some deficiencies, as Josephine’s mentioned, you know, they satisfied 39 out of 14 technical requirements, which, you know, it could be worse. But I think also it’s worth mentioning that actually from a global perspective, you know, it’s only a good thing that Cayman has gone through this process or CIMA has gone through this process as it brings the requirements up to standard across this to kind of match some similarities across other different global jurisdictions. So actually, some of those changes and to the commons chase being made, particularly around ongoing screening or ongoing monitoring of the KYC, that does then bring those Cayman’s standards up to kind of standards that match across different jurisdictions. So it can only be a good thing in the long run for Cayman, in terms of bringing the standards and the kind of progressiveness of that jurisdiction up to where other jurisdictions are from a fund’s perspective.

Okay. And I guess maybe a question to Rory. I know we can… IDR you have a very good reputation, you know, in supporting and onboarding the investors onto your trusted platform. And it’s a very secure platform that you can offer to the investors, JPs, and also various stakeholders. So, maybe perhaps just turning to the KYC process, and it appears for a lot of managers and a lot of investors getting more onerous. And, you know, what are the major challenges or will be the common pitfalls that you see the most was the fund managers and investors? It will be good to hear from your experience.

Challenges for Fund Managers and Investors

Yeah, absolutely. And thanks, Connie. You’re absolutely right. There are lots of challenges with the whole kind of KYC/AML onboarding process. And there are also many, many, many pitfalls. I think in our experience as the private markets grows, and as I mentioned earlier on, more and more investors enter the market, both fund managers and investors continue to be frustrated by the onerous and also intrusive nature of KYC/AML, and the broader onboarding process. I think it’s also worth pointing out that it’s a big challenge for service providers too. So fund administrators, for example, typically deal with a huge volume of both funds and investors across multiple jurisdictions. So here we see major challenges around control, control of data, privacy, speed, efficiency, and also overall client experience. So for me, this kind of really falls into a few different buckets. So I would classify their challenges as regulatory, the overall investor experience, and also the use of technology.

So from a revenue perspective, as Josephine mentioned, not only increased regulation, but also more scrutiny from the regulator on both the onboarding process and the ongoing monitoring. So I think poor and inaccurate records leave firms highly exposed from a regulatory perspective, that the inspections or if likely to just comes knocking more broadly, having poor historic records that are not centralized and are not complete, particularly now more than ever leave firms significantly exposed to challenges from the regulator. And as I mentioned earlier on, we’re seeing more and more retail-like investors, so family offices, and high net worth individuals are opening up additional capital to the private markets. And this brings more regulatory challenges for JPs around the volume of investors, the volume of data and data demands, and also transparency and access. When it comes to the investor experience, all types of investors are demanding a better experience. And that’s across their portfolio and across front, middle, and back-office when it comes to technology.

So we mentioned the challenges around data transparency, reporting, and access, and this really applies across the AML, KYC, and onboarding process. The majority of JPs and administrators are consistently battling to provide a better experience for their investors. Reduce their need for…reduce the need, sorry, for unnecessary touchpoints and having to go back to investors, and request additional information, and make the process as smooth as possible. So when you look at that experience more broadly, how do you create an AML/KYC and onboarding process which is efficient and meets the regulatory requirements, and also reduces the pain or frustration that investors are going through? So we find that having that central standardized approach across all jurisdictions, which allows investors to take control and ownership of their data and information, reduces the need to then have to go out to investors again and again, and actually satisfies the requirements across different jurisdictions.

And the third point, which you mentioned, was the kind of use of technology, and that can represent a huge opportunity, but also be a pitfall, like you mentioned. So digital onboarding does indeed help to move the process away from being completely manual. And there are many technology providers out there that can automate some of that process to help reduce the time spent on onboarding. But fundamentally, just digitizing the process is not solving the real problem faced by investors, which as I mentioned earlier on, is the repetitive, and intrusive, and continual nature of inbound KYC requests. If you’re a large institutional investor, let’s say, you might be investing into funding Cayman, or multiple funds in Cayman, a fund in Luxembourg, and a fund in the UK. And you’re being asked the same information again and again by each of these asset managers in different jurisdictions. So if one manager is digitizing that process, that’s brilliant, but you’re still being requested that same data, the same KYC and going through that AML process with the different fund managers. So giving ownership back to the investor and saying, “Okay, well, here you create your own KYC/AML passport, and then connect that across different managers,” is definitely how we see a way to solve that problem. So for us, the fund managers not being able to standardize and not being able to centralize that process is a real challenge we see managers facing.

I think in terms of the pitfalls, and you touched on earlier on, we do find in our conversations that the C-suite generally are already thinking about how they look to improve that KYC/AML experience, and what’s going to drive a difference their investors and reduce that risk. As I mentioned, digital onboarding is one thing, but you’ve got to look beyond that and understand how to fundamentally change that investor experience by eliminating the need to repeat the same process again, and again. I think, you know, we find building internal systems is only really possible for a few of the top global firms. For the rest, it’s either very much a case of outsource, or by technology, or combine the two. And you want a service fundamentally that supports your investors, and doesn’t leave them to self-manage, but it’s driven by technology to create those efficiencies.

How Do Managers & Investors Overcome These Challenges?

And I think to one of your points earlier around how do managers and investors overcome that challenge? I think you’ve got to look at how you create those synergies and efficiency. So, for example, we talked about the KYC and AML process by itself, and how that can be improved, and what the drivers are for that, but also it’s worth looking at what are the components come into that process, which broadly make up the whole onboarding piece, whether that be subscription process, you know, tax compliance, CRM, deal rooms, it’s important to understand, I think, what are the drivers around the investor experience which can kind of change that whole process for them. So we often find them when we say to managers that where you can standardize and centralize as much as possible and keep it simple is the best way. You wanna a single golden source of truth, which does the onboarding, but also, as Josephine mentioned, can fulfill that ongoing screening, ongoing monitoring, and the periodic updates and reviews, which is transparent and visible, wherever and whoever needs access to that. And there’s no need to overcomplicate it. So it’s really about just trying to kind of reduce the need to repeat and update as much as possible, and centralize that experience where possible.

And Rory, I know during the areas that you cover about the investor experience and being transparent and sanitize that process. I think you cover, you know, the areas that the managers and investors they can do to overcome the challenges. But if I can maybe ask you to just give us, you know, a very quick one, maybe a quick heads up to the manager today, you know, what you can do to help to get the managers and investors to overcome those?

So, yeah. So it’s the kind of top three things that we can…I think managers can do. So I’d say, certainly keep it simple, standardize, and centralize where possible, utilize expertise. So if you can’t do it internally, utilize an expertise third party to help you do that process. I think also it’s important to remember that it is about the investor experience. So try and look at where you can create those efficiencies across the KYC, the onboarding, and the AML process. Obviously, utilize technology. But I think also, probably the biggest thing for us is about creating that golden source of truth. So whether it’s the investor, the fund manager, the regulator that needs to see those records being kept in a central and a secure place, it’s about having a golden source of truth which reduces your risk and keeps your records central, so that whoever is asking or whoever is requesting information is coming from the same place and it’s not differentiating, depending on manager, or jurisdiction, or whatever.

Thank you, Rory. I think that’s a very good point to note of. And I guess today’s webinar, we tried to keep it sweet and short. And I think the first part being covered in on a global level, you know, what the managers they can do by going through, you know, the process and trying to standardize the way that they can do to enhance the investor experience. I think the second part which Josephine kind of highlight earlier, the founding of the CIMA inspections when it comes to the enforcement. So I think we’re very delighted to have both of you to come on this panel discussion, sharing your experience, and also the market practice, especially for managers in Asia, how they can tackle the AML and the KYC process.

And I guess, everyone today on this…attending this webinar, again, we will be reaching out to you addressing some of your questions individually. And we’ll be also sharing the contact details of Rory, Josephine. And if you have any questions around AML/KYC, or any part of the compliance question, we are happy to take your questions and to set up a call to discuss further. So again, thank you, everyone, and thank you, Josephine, and also Rory to joining us this morning.