Jon W. Harvey on how banking C-suites are adapting to AML change

06 October 2022 Consultancy.uk 6 min. read
Profile

With financial services operators still struggling to comply with major Anti-Money Laundering regulatory shifts, it is vital that banks – both in Europe and around the world – build new strategies to stay compliant. Promontory Managing Director Jon W. Harvey tells Consultancy.uk what organisations can do to take their first steps.

With more than 25 years of international experience as a banker and financial services consultant, Jon W. Harvey is currently a Managing Director with Promontory. A business unit within technology and businesses giant IBM, Promontory provides strategy, risk management, and compliance consulting to clients around the world.

“Promontory as a business unit within IBM is the advisory piece,” Harvey tells Consultancy.uk. “So, if I describe a generic engagement, Promontory is going to look at the situation of a client – evaluate the risk they face, the regulation they are subject to – and review their systems and controls. It is important to make sure the client understands what works and what doesn’t; where deficiencies are, and how to fortify them. We also help show how technology can enhance the effectiveness of the compliance arrangements and provide efficiency.”

Jon W. Harvey, Managing Director, Promontory

Well versed on international compliance, sanctions and anti-money-laundering issues, Harvey advises clients on a range of risk management, audit, and compliance matters, with a particular focus on financial crimes. He has also managed complex projects involving issues related to blockchain, virtual-currency forensics, payments, and secure messaging systems.  

Harvey goes on, “In terms of the types of clients, they're mostly financial institutions. Sometimes this is domestic institutions, but more often they're primarily international and global players in the banking sector. As a result, I get to work all over in EMEA, working on financial crime projects, primarily financial services clients. We do a lot of advisory when helping clients with transformation programmes – but recently, we have increasingly been tasked with assurance work, in which we’ve been asked to review a client's systems and controls to understand the extent to which they comply with and on regulation and then help develop remediation programs, and optionally operate the compliant operations.”

When asked what the driving forces are behind this boom in demand for assurance services, Harvey believes it is regulatory scrutiny, but also a C-suite response to regulatory changes. More specifically, he suggests that in the short term, “new directives with the penalties that arise,” are going to continue seeing C-suite ask for another opinion.

“Frequently it's triggered by something in the newspaper that makes C-suite leaders wonder, ‘There has been this massive fine at another institution in our market, do we have the same issue?’,” Harvey elaborates. “Promontory is then being asked for an independent opinion on questions like, ‘Is our program compliant?’ or ‘Why are all these institutions that  we interact with, receiving these enforcements – are we affected by the findings?’… At the same time, sometimes assurance work is commissioned by an institution at the request of a regulator. As part of a broader investigation, they can decide, ‘We you want to commission a review by an independent person to examine these areas.  Our heritage in regulation and industry expertise, coupled with years of experience positions us very well for these engagements."

Adapting to AML

One of the largest shifts in financial regulations across Europe in recent years has been the implementation of new Anti-Money Laundering (AML) legislation, and the related Know Your Customer (KYC) regime. Many banks have struggled to adapt to the new requirements – with AML fines in particular skyrocketing. To help the market evolve its response to AML requirements, an event in partnership with  IBM, Deloitte, Silent Eight, Fourthline and the European Banking Federation, took place in Brussels.

Bringing together banking leaders, regulators and policy-makers from across the continent, the conference was also attended by representatives of Promontory – including Harvey. Speaking on the event, Harvey’s chief takeaway seems to be the industry devotes tremendous time, diligence, and resources to protecting our financial system.  There is clearly huge innovation underway in our industry. Confirming procedures are compliant, getting the basics right, is vital to innovation that follows. Technology can significantly enhance effectiveness and efficiency, but it must start from a compliant base. Once compliant and the technology is enhancing effectiveness and efficiency, then operations can migrate to sustaining a compliant operate and maintain model.

He recalls, “One of the presenters this morning spoke about the ease of company formation: Delaware, Wyoming, and potentially Nevada, they cited examples of company formation in a few seconds. I would like to think that's not as easy in Europe. But, internationally, the regulation is not necessarily as well established. if you look at the introduction into the US in BSA of the beneficial ownership rules. If you think how recent that was, and how frequently a client account must be reviewed for periodic refresh, there may be international clients in the backlog who are only just going through that beneficial ownership and ultimate controller cycle now.” 

Getting past this kind of a backlog is no mean feat. When it comes to dealing with a mounting pile of files that are not compliant or possibly not compliant, Harvey suggests ensuring a company has the appropriate governance structures in place to ensure a thorough and transparent examination, rather than diving into a problem head-first, and potentially missing details for the sake of being seen to do something quickly.

He concludes, “I'm going to misuse a catchphrase which some of my team would have heard me use, ‘Unless you review the client's procedure at the very beginning to make sure it's compliant, there's a real risk that you are very efficiently doing the wrong thing.’ You have to look at procedures to make sure they comply, so when considering a backlog, make sure your procedures reconcile with the regulation, and make sure your people have got work instructions that implement them properly. The issues we see are failing to consider the full risk factors when mediating a file. If the file is not fully compliant of the conclusion, you have just wasted your time. We must innovate. You can't stand still; we must innovate and create. I think that's the takeaway.”