Friday afternoon - A nice time to attend a seminar (http://www.rhtacademy.com/seminars/new-amlcft-obligations-financial-institutions-are-you-ready
) quite a crowd looking for clarity. Nizam Ismail opens and talks about the
balance the MAS tries to find in promoting a risk based approach while creating
as much clarity as possible in terms of ‘what is allowed and what is not’. Some
of the changes are ‘old news’ – the notion for instance that PO Boxes are not
allowed for a residential address was already practice in the bank I worked for
10 years ago. The reaction of the audience proves however that many have not
adopted that practice yet….
The rest of his talk is focused on the details of the
regulations and how to interpret them. The organizations that the audience of mostly
compliance officers work for need to be given clarity… The thing is: a policy
can only give so much clarity – you need people like us to make it work, train
staff and implement a policy. One thing that is obvious is that the MAS will
focus more on how well trained staff are – exactly the type of work we do with
a lot of our customers.
The new regulations put more emphasis on filing and the use
of systems, so co-sponsor LexisNexis (http://www.lexisnexis.com/en-us/gateway.page
) talks about their – widely known and well recognized solution – and how they
see the developments in the industry.
KPMG (http://www.kpmg.com/SG/en/services/Advisory/Forensic-Services/Pages/default.aspx)
closes of to give some do’s and don’ts based on what they have found in quality
reviews of files as part of their regulatory audit work. Great and helpful, but
knowing which mistakes to avoid doesn’t mean you know how to run a proper
remediation program. The recommendation: “ appoint a project manager “ is too
much an open door to be helpful for success. You need guys like us that have
done this before, know the ropes and deliver on time and to quality.
So what did we learn:
- there is more work to be done;
- a law firm, an auditor or a system provider alone will not
do the trick;
- a risk based approach implemented well into any
organization, combined with adequate training and potentially a well-run
remediation program are still the right answer.
So - you still need a partner like i-KYC to implement a
program end-to-end and people with experience in operationally implementing KYC
in all its aspects.