A trusted Advisor on financial crime prevention and an expert in complex regulations with 20+ years of experience in the financial services sector.
Transcript
Maureen Farmer
I'm very pleased to introduce my colleague, Anna Stylianou, who is an expert in anti money laundering compliance and financial crime risk management, having long term experience of working in regulated financial institutions. Over her career, Anna has worked in traditional banking, the investment industry, as well as with reputable lawyers. She is an expert in regulatory compliance standards and delivering results in the fight against financial crime. And I recognized international thought leader in the anti money laundering, know your customer and crypto compliance field. She is the founder and principal of AML cube and a consulting and training business specialist specializing in improving financial crime capability and regulatory compliance.I hope you enjoy the show!
Anna Stiliano, welcome to the Get Hired Up podcast!
Anna Stylianou
Hi, it's a pleasure to be with you today, Maureen.
Maureen Farmer
Thank you very much. And we've known each other now for a couple of years. We've collaborated on a couple of projects together and I'm really excited for this podcast today because I think it's of particular interest in the financial services and FinTech industry. Although compliance in this area is important for all organizations and some of the topics we're going to be talking about today. Overall, we're going to be talking about anti financial crime and anti money laundering topics, regulation, compliance, and we're going to talk about what AML regulation is, what AML is to begin with. We're going to talk a little bit about hacking and cyber security and credential control, although that's not really the primary topic of this conversation, we're going to talk about some of the important aspects of compliance relating to knowing your client, knowing your client's business, their businesses, frontline employees, what industries are the most impacted, what is the impact at the board level, and what questions do the board have, things you need to ask. We're going to talk about spending on compliance and we'll focus on the importance of open lines of communication between the Compliance Department and Board of Directors.
So I'm going to go back to the top of our list and say, Welcome, Anna. Anna's joining us from Cyprus. Tell us a little bit about your expertise, how you got into the industry, and then we can launch to some of our questions.
Anna Stylianou
Yes, thanks, Maureen, for this opportunity. I really appreciate it to give me the opportunity to share my knowledge and my experience with you, with your audience. But yes, I'm from Cyprus. I have more than 20 years of experience in the financial industry. I have experience in banking. I started as a frontline employee and, uh, indeed it was a role that enabled me to get a full understanding of the industry and how money laundering takes place. And then I moved slowly, slowly to undertake more responsibilities and got a bit on the side to oversee the process at a branch level. And then I left the bank, I resigned and found another job in an electronic money situation. I have also collaborated with investment firms. I also act as a board member in an investment firm. In the forex industry also as a head of compliance in the more recent year. So the benefit that I have and, the fact that I went through many roles from frontline to executive positions enables me to have a better understanding, you know, from at all levels of an organization. And I understand the challenges that frontline employees have, that managers have, that the board has.
So yes, that's all about my experience. And now I'm focused on AML, anti money laundering, anti financial crime. Which is, as you said, a crucial area for financial institutions and other entities that need to comply, are required to comply with AML, Anti Money Laundering, laws.
Maureen Farmer
Thank you for that. I didn't realize some of the experiences that you had.
So this is ever so apropos for our audience. So I would love to start with a broad overview and description of anti money laundering and, and financial crime. So why don't you give us a little bit of an example, maybe a description of the industry. And let's start there.
Anna Stylianou
Yes, AML has to do with the obligations of an organization to prevent and detect financial crime and more specifically money laundering. So we have a criminal who commits a crime and generates illegal proceeds. Now this money need to pass into the financial system somehow. So this is where criminals are becoming creative. How do I deposit this money into a bank? without getting noticed. If I have for, for example, 50, 000 that I generated this week from, uh, drug trafficking, you understand that if I go there in a bank with 50, 000 cash, they're going to, I'm going to raise suspicions. Well, where'd you find this money? And they're going to report me to the relevant authorities. So, uh, Criminals are trying to conceal the proceeds of their crimes. From the other side, we have a regulated entity like financial institutions and electronic money institutions and other areas and other industries that are required to comply with these laws who are trying to spot suspicious transactions And report them to the authorities because they know and they understand that criminals are using various tactics to launder the proceeds of their crimes.
So anti money laundering is the area where regulated entities, entities meaning that are subject to AML requirements and they are clearly specified in the national AML law. These entities, they are required to have systems in place so they are able to prevent and detect money laundering and be able to report any suspicious transactions to the relevant financial intelligence units. Which is specified in the national law.
Maureen Farmer
So, Anna, are you, and forgive me, I don't know this, but are you, in terms of compliance in this area, what is your area of, geographical area of expertise in terms of regulation? Is it European? Is it global?
Anna Stylianou
My practical experience has to do with the European regulations. However, I have written, I have made research on global regulations and I'm also, um, I also watch what's happening, uh, all over the world. For example, I read the Singapore national risk assessment a few weeks, a few weeks ago. Um, today I was looking at Australia's national risk assessment to Help me understand what are the risks associated with the with Australia in the area of money laundering trace financing. So I can say that I'm operating globally and I'm trying to stay up to date globally, not only to the European jurisdiction.
Maureen Farmer
That's good to know. And I know you, you are very understated because there's no trying to stay current with you because you have prolifically written prolifically on these topics and you write current.
So current I was just curious about your area of expertise in terms of, you know, your, the jurisdictions where you worked, but just for the listeners edification. Anna has a massive following on LinkedIn.
Anna Stylianou
I have 40, 000 subscribers on LinkedIn.
Maureen Farmer
Yes. The value you bring is from the years of experience and also in terms of keeping really current on these topics. Because I would assume that the regulations change often.
Anna Stylianou
Yes, but you know, the principles remain the same. We have the FATF recommendations, which, you know, the FATF is a global organization that is setting standards that countries are expected to follow if they want to have A strong anti money laundering and countering financing, um, regulatory framework.
So these standards are the same for all countries. And because all countries are, are considering these recommendations, yes, there are some significant differences, but the principle, the actual principles remain the same.
Maureen Farmer
What are some of the most common principles?
Anna Stylianou
So it's actually implementing customer due diligence on your, um, on potential or existing customers.
What does it mean? It means to identify the customer. We ask questions to understand who is this individual or this entity that they want to. collaborate with, uh, with us, to work with us, to be our customers. Then, and if it's a company, a legal person, then we need to understand who is the person who controls that company, either directly or indirectly, or benefits from that company.
And from there on, we need to ask the customer questions to understand what is the, this customer, the expected activity, the business, how does this customer generate his wealth, his income, and then perform ongoing monitoring, which involves, uh, monitor the customer's transactions and also review or Refresh the customer information to ensure that the information that we have for the customers must be up to date. It's not acceptable to have outdated information for our customers. So these are the main AML requirements. And of course, there are some more like record keeping, uh, having everything written down in the form of policies and procedures, training the employees, uh, conduct, independent audit. There are several AML requirements and everything is stated clearly in every, in every country's national law.
Maureen Farmer
What would you say is the most common practice for laundering money?
Anna Stylianou
Well, it depends if there are cash involved or if there are no cash involved. What I've realized, and the more I am in this industry, and the more I realize that, is that criminals keep using traditional money laundering methods. Of course, they are using some new and innovative methods, but, uh, they still use a money laundering methods that they used 20 years ago. For example, if I am a criminal drug trafficker, I have thousands of cash. I'm going to use People, I recruit people and they act as money mules. I give them money through my, through various agents. I provide them with cards, I deposit them in accounts that either I control, either in their accounts, and then send the money to another account that I will tell them. So, in this way, we break large amounts of cash in very, very small amounts, less than 10, 000, which, because if it's more than 10, 000, the bank is going to start asking questions. So in small amount, they deposit them cash in the bank, they get a small commission, and then they send the money again to an account that the criminal controls. So this is a very common, old fashioned practice, but it's still very effective. And you know what? In the compliance, we are dealing with professionals. There are professional money laundering networks that they have a huge army of this type of money mules, either for cash transactions or in some cases, It's Who only, uh, who are using their accounts for bank to bank transfers or for crypto, they also have money mules, they have shell companies, fake companies that are created just to exist on the paper to enable them transfer money from one country to another. They have a huge network with various levels of ownership and in some cases it's very difficult, if not impossible, to identify who is behind all these group of companies. So we are dealing with criminals and this is the big challenge for AML professionals. And we are dealing not only criminal with professionals and we need to stay up to date with their evolving tactics so we can effectively fulfill our obligations.
Maureen Farmer
Are you familiar with the movie High Confessions of an Ibiza Drug Mule? Are you familiar with that movie? It was a movie about a drug smuggler who was a mule. She was Irish, her name was Michaela McCallum and she was, recruited it out of Spain to go to Peru and, and bring drugs out of Peru back to Europe, I think. And she got caught and you mentioned just a few minutes ago that criminals are using the same, you know, tactics that they did 20 years ago and just surprised me how easy it was for this young woman to be recruited into this activity.
Anna Stylianou
Yes and you know what, we need to keep in mind that all these movies that are around, especially in the area of money laundering, are things that can happen and happen in reality. They actually describe the actual methods used by criminals. And in this case, the girl was arrested. Yes, because whether you are helping someone to launder money willingly or unwillingly, doesn't matter. You're still assisting a criminal. Yes, you can be arrested. Yes, you can be prosecuted and go to jail plus other penalties. So the fact that someone doesn't know and doesn't protect him at all, willingly or unwillingly, you're assisting criminals. And this is sad. Because, many of the people that are recruited by these criminal networks do not understand what they're doing.
Maureen Farmer
On the corporate side or the, the, the business side, I would think that the risk to organizations among many would include reputational risk. What are some of the other risks that boards need to be aware of as they are managing their compliance?
Anna Stylianou
There are many risks involved. You know, of course, when you are trying to implement an antimicrobial program, there are some systems that you need to implement. These systems can, at some point, something may go wrong. So we have operational risk. We also have risks that are associated Um, with, uh, people, human error, again, this operational risk.
But as you said, in my opinion, the reputational damage is the biggest because we don't know what the results will be. For example, from other types of risks. You can't quantify the risk and you can make a provision. You can't even make a provision for potential penalties for failures to comply with AML law.
You can't do that but you cannot make a provision for the reputational damage. It may be zero. There may be zero effect from reputation, there may be zero effect for a company if it is involved in a money laundering scheme. Especially for big banks. But we don't know, you cannot know, and you can never be sure. And let's see the example of Credit Suisse, one of the largest banks globally. What happened? It was sold to its biggest competitor. Why? Because of bad risk management practices. Plus many anti money laundering fines for anti money laundering failures. This bank ended to have a big reputational damage. People started withdrawing funds. The Central Bank of Switzerland provided a capital injection, a large amount of capital. Still, that capital was not enough to stop people from Withdrawing funds, so they panicked and started withdrawing funds, which led to the collapse of the bank. It didn't collapse. Actually, it was sold to the to UBS, but still, we can see that reputational damage cannot be monetized. We cannot be calculated. As I said, there may be zero effect, but you can never be sure. And the risk is huge.
Maureen Farmer
I wonder if there are organizations that, well, there are organizations, polling organizations, I suppose, that could go to the market and, and monitor the perception, the perceived transgression of Credit Suisse or any other organization that is not compliant, as a matter of measuring reputational harm, but I don't imagine it would be, highly quantifiable in this vein.
I'm thinking that the creating open lines of communication between the compliance department and the board of directors is absolutely critical, and I'm guessing that there would be some type of an audit report with the audit and risk committee where they would be. They would be assessing and and evaluating audits. Internal audits, for example. So can you talk a little bit about that communication flow and how important it is and some of the mechanisms that organizations can use to maintain an accurate assessment of compliance at any one time?
Anna Stylianou
Yes, of course, the compliance department must have open line of communication with the board of directors. They must notify the board of directors with various reports about, uh, hiring customers and in some cases in the high risk customers, they need to get their approval, not from the board, but from senior management. They also must send some statistics on suspicious transactions, so there must be an open line of communication from their own, the AML department, the compliance department must also conduct inspections in various departments to see what they do and how they do it. And if Measures implemented are in accordance with the company's procedures. From there on, as you correctly stated, we have the internal audit, which is independent.
For smaller companies, it can be one individual. For larger organizations, it can be a separate, independent department, and their job is to assess the AMR program, and not only if you're required to comply with other regulations, The compliance with those regulations and then create a report to the Board of Directors, which includes the areas, um, that were inspected, the findings, and some recommendations for improvements. So this is the most important element of the audit report, the recommendations, and then from there on. The board of directors must again go back to the compliance department and ask them to rectify these weaknesses because there is no perfect anti mildew laundering program, right? And when they rectify these weaknesses, they must update the board of directors on the improvements made.
So this is how it works. It's a combination of compliance department, board of directors, and the audit department, a good collaboration, and you know, Something that I've seen in my experience, usually organizations, when they're going through an audit, they don't like it. It's like, oh, the enemy came here now...
Maureen Farmer
Oh I've been there, Anna. I've worked in organizations and when the internal audit department comes, everyone freezes.
Anna Stylianou
It shouldn't be the case. They're there to help us!
Maureen Farmer
100%. I worked for Bank of Canada, the Canada's national bank, central bank for five years in my early, early career. And I tell you, when the auditors came from Ottawa, everyone stood at attention and, you know, were there to serve the auditors because it was a very, you can imagine a central bank we were dealing with in billions of dollars in cash on site. Well, maybe not billions, multi millions of cash in our central vault. And so they would come and they would count cash for days at a time. And, you know, it had to be balanced to the, to the, to the dollar. I remember those days very well. And then moving on into corporate, other corporations that I worked with, you know, in energy companies and financial services and financial services, we had OSFI, the office of the superintendent for my financial institutions who would come annually to do an audit. So while surely the auditors are there to help in the long run, I think people are pretty much arrested when the auditors come on site and are waiting with bated breath until that audit report comes out.
And I would love to take a moment to talk about the audit report and in terms of public disclosure, how I hope this is an appropriate question. Maybe not. But how much of that audit report is publicly disclosed to the regulator, to the Sears Securities and Exchange Commission, for example, or whatever regulator that we're working with?
How much of that is disclosed?
Anna Stylianou
It depends on the regulators guidance. For example, in my country, uh, the audit report must be published at annually. Uh, and also be submitted along with the minutes of the board of directors for that report. Uh, so the minutes and the report are submitted to the regulator. So the same report that the board is receiving, the same report is also submitted to the regulator. And in many countries it's like that. Okay, I cannot be 100 percent that they all follow the same procedures. But it makes sense to have this process in place.