5AMLD & Data Quality: new regulation, same problems?

money image

With the EU’s fifth Anti-Money Laundering directive (5AMLD) having gone live on the 10th January, Matt Flenley took some time with Alex Brown, CTO at Datactics, to find out what implications there are when it comes to data quality.

Firstly, what do you think are the biggest impacts for firms?

Naturally we’re going to focus on where data quality is concerned, and from that perspective the biggest challenge is about ultimate beneficial owners, or UBOs. Being able to stand over the accuracy of information a firm holds on those who have significant control of a company, trust or other legal entity is a massive challenge in itself; you’ve any one of input error, out of date information, or intentional misleading by bad actors – or a combination of all three – that could lead to significant variances between what a firm thinks is accurate, and what the truth really is. It really undermines a firm’s capacity to combat money laundering and comply with all associated regulations.

I read that member states must have beneficial ownership registers. Can’t regulated firms just check their records against what’s held there?

Yes, member states will be expected to have beneficial ownership registers that are publicly searchable, and that they’ll hold adequate, accurate and current information on corporate and other legal entities such as trusts and so on. However, while some countries already have these in place, they can’t be seen as the golden source of accuracy and truth, as the UK Companies House explains here, “The fact that the information has been placed on the public record should not be taken to indicate that Companies House has verified or validated it in any way.” Clearly, there’s a significant imperative for data quality validation and verification in central records, and it won’t be enough just to compare what you have against what the Companies House record says.

What sort of approaches are you seeing firms taking to meet the data quality requirements of 5AMLD, and fight money laundering?

The options usually taken are to outsource, build or buy. Outsourcing due diligence activities to third parties definitely feels like the quickest fix especially when a new regulation comes along; then it’s just down to managing SLAs between parties, but ultimately there’s a risk that on its own it can be sticking plaster that doesn’t do anything about the quality of the underlying data held by the firm. Lots of the activities that outsource partners will need to do will be manual lookups of entity information and cross-referencing against multiple sources of data to determine the truth; it can be accurate, but it’s extremely time-consuming and costly as a result.

Building the technology stack is favoured by tech-heavy leaders who have invested significantly in their own IT capabilities. That approach can yield the data quality improvement needed but often the timescales needed to deliver all high-priority infrastructure projects simply won’t align with regulatory demands. Often this leaves teams relying on overtime to complete audit work manually via spreadsheets, and even with the best robotic processes to update data it can lead to a spiralling cost of compliance.

In the “Regtech” era, many providers offer parts of the compliance journey that can be bought off-the-shelf, though in reality this isn’t the normal pathway firms are taking. Whether that’s a cultural thing of simply needing to “get it done” or a reluctance to onboard more solutions, it can mean firms miss out on game-changing capabilities offered by Regtech startups and scaleups.

That’s true. At Fintech Connect I saw a demo of how ING Bank has developed a platform to “orchestrate” together a number of Regtech solution providers to help it with compliance. Do you see this as the way forward for 5AMLD?

It’s certainly one way of approaching it, though clearly ING has invested significantly in this platform. In the meantime, when it comes to getting the data right, we’ve already been asked to help firms resolve entity data duplication in their core systems and in those they have access to, including Companies House. Fuzzy matching is key to resolving these sorts of discrepancies and reduce manual workloads, and was central to the winning entry at last year’s FCA TechSprint. It’s something we’ve been working on in some pretty massive regulated datasets for well over fifteen years, so for us of course it’s good to see the industry being switched on to the possibilities. Elsewhere of course the FCA’s focus on preventing “phoenixing” is something that scalable, fuzzy match technology can really help in.

Where can people go to find out more about what Datactics does in this space?

Well, of course we’d be delighted to provide a demo, for which people can simply contact our sales team to set one up.

If you are looking at 5AMLD, then there’s a number of areas we can help with particularly: 

  • Entity data quality – both measurement and remediationensuring your entity data is up to scratch; 
  • Matching entities in disparate data silos with AI-powered human-in-the-loop entity resolution (for which we recently hosted a webinar).

We’ve also developed some publicly-available showcases of our software around matching for sanctions screening; it’s not 5AMLD reporting but clearly demonstrates how multiple records for sanctioned individuals can be mistyped, out of date or intentionally obscured – but can still be fuzzy-matched on metadata, with an accompanying confidence score.

Additionally, our LEI Match Engine does a similar job for entities, fuzzy-matching to the Global Legal Entity Identifier Foundation’s list of Legal Entity Identifier information. Both are free to use.