How a data first approach can enhance AUSTRAC reporting for financial institutions.
Reeling from a series of money-laundering scandals and fallout from the Hayne Royal Commission report published last year, the Australian financial industry is coming to terms with how to scale business, while complying with more exacting regulatory reporting mandates.
On one hand, financial institutions (FIs) are trying to beat out competitors by bringing new, innovative products and services to market quickly in order to minimise delays in remittance of funds and deliver the most seamless customer experience to their clients. This competition is now coming from all sides, with consultants McKinsey and Company predicting that traditional FIs will lose up to 30% of their revenue to new, non-bank competitors in the next five years.
On the other hand, global regulatory reporting regimes increasingly require more and more data to be identified, collected, and shared, so they can fulfill their mandate of a safe, secure, and crime free financial system. The result is increased pressure on FIs to have more and more information available for extended periods of time. Yet they are struggling with how to identify and collect this information, as well as how to store it for future review.
If those reforms weren’t onerous enough, consider the speed of regulatory change as another critical risk variable. According to consulting firm Alvarez & Marsal, the “annual volume of regulatory publications, changes and announcements” surged by 492% from 2008 to 2015.
This trend continues to increase, as a 2020 “Cost of Compliance” report from Thomson Reuters Regulatory Intelligence (TRRI) found that FIs collectively had to process, on average, 217 global regulatory alerts and updates per day in 2019. Additionally, 76% of TRRI survey respondents said they expect the amount of compliance updates published by regulators to increase in 2020.
Of this 76%, TRRI also discovered that regionally, 90% of firms in Australasia are expecting the amount of “regulatory information published by regulators and exchanges to increase in the next 12 months”. TRRI attributes heightened regulatory expectations in Australasia to fallout from the Royal Commission inquiry and a “growing spotlight on climate risk.”
The Australian Transaction Reports and Analysis Centre’s (AUSTRAC) reporting regime, in particular, has heightened the due diligence requirements for transactions coming into and out of the country, or that exceed a certain amount. Put more simply, they are imposing more rigorous oversight on transactions they view as posing higher fraud or financial-crime risks.
AUSTRAC’s elevated diligence demands are also increasing the manual-processing load for financial crime compliance teams. The data that needs to be reported to AUSTRAC is available, but is often inaccurate, incomplete or stored in non-machine-readable excel document files and scattered across siloed payment and reporting systems.
Furthermore, the processes in place to identify, collect, and share data are both highly manual and not robust enough to ensure data quality and integrity. This results in exorbitant costs for risk data aggregation and regulatory reporting (RDAR), compounded by the potential for fines for non-compliance that can reach billions of dollars.
Chartis Research, a market intelligence firm focusing on risk technologies, found that the “industry-wide cost of RDAR operations and technology is about US $70 billion,” according to a 2018 report it co-authored.
The challenge for financial institutions is further heightened by cross-border transactions and the complex correspondent-banking chains often required for non-core markets. The use of third parties within a payment chain and for reporting purposes complicates regulatory reporting by adding in layers of data management that aren’t always under the control of the institution. Each counterparty in the payment chain also needs to be attuned to their responsibility for reporting, irrespective of if they are the ones actually sending information to the regulator, or if they are relying on a partner to submit the data.
To illustrate the regulatory environment facing AUSTRAC reporting entities today, consider the AU $700-million fine the agency assessed against one FI alone in 2018 for their anti-money-laundering (AML) failings. And just last year, another significant Australian FI was found by AUSTRAC to have violated AML regulations some 23-million times and is at the time of writing, facing a potential AU $1-billion penalty.
Looking at the bigger picture, the problem is that legacy regulatory technologies and global reporting systems are unable to communicate, whether that be across jurisdictions or within their own internal database architectures. Inaccurate, incomplete, or unavailable data also makes it difficult to establish a single source of truth, with the result being that reporting data is hard to identify, collect, and share when legally mandated. The results is that valuable team members are manually sifting through transactions and documents to determine if they are reportable and if so, submit them accurately.
Part of these manual processes is the use of outdated technologies like fax, email and excel as the primary method for the remediation of reporting errors. With 30 percent of FIs anticipating their data storage demands will exceed 10 petabytes (10-million gigabytes) this year, the incompatibility, inaccessibility, and immobility of fragmented data could further exacerbate the problem in 2020.
This is the first in a new blog series examining the top five systemic reporting challenges facing AUSTRAC-covered entities and suggesting ways to alleviate some of the RDAR burden. Check back here, or register below to be kept up to date as new blogs are published. Blog two focuses on the lack of visibility into transaction data and its impact on accurate and complete reporting.