The direction of regulation points to an increased, rather than decreased, need for Enhanced Due Diligence (EDD), even as regulators look to reduce its most burdensome aspects. This is likely to mean that negative or sceptical attitudes to these processes in some quarters, where they have been regarded in recent years as a box-ticking exercise, will continue.
Customers, clients and potential business partners can often choose where to locate their business, and there is an obvious desire to reduce friction and to make diligence checks as painless as possible. The value of diligence, though, exceeds its application in the anti-money laundering and counter-terrorist financing spaces. Viewing EDD as a means of becoming informed about 'what you wish you’d known' can significantly derisk strategic initiatives such as market entry, and transactional activity such as M&A.
2024 will see vast changes in the underlying landscape of government, creating a raft of new Politically Exposed Persons, a continued drive to tackling environmental crime and ESG issues and shifting sanctions regimes, with corresponding volumes of compliance requirements. There are upsides: advances in artificial intelligence and in other technological sub-sectors show early promise to take over lower-value, analysis-heavy compliance tasks.
This blog follows on from our review of Risks in Conflict, and forms part of a series examining issues of risk management through 2024.
The 2024 PEP landscape
2024 has been dubbed "the biggest election year in history”, with 90 elections and referenda to be contested across at least 64 countries as well as in the European Union. Among these are the UK and US elections, which will usher in new PEPs and will likely entail significant political and economic shifts both domestically and internationally. India, now one of the world's five largest economies and its most populous democracy, will hold elections at no fewer than five legislative levels this year.
11 countries on the "Jurisdictions under Increased Monitoring" list, or greylist, compiled by the Financial Action Task Force (FATF), have also figured among those holding elections this year. These include Bulgaria, Senegal and Venezuela, which have high-profile local elections and whose risk profile may change materially depending on particular political outcomes. North Korea and Iran, meanwhile, remain on FATF's "High-Risk Jurisdictions" list or blacklist. While this designation already flags them as high-risk, their respective election processes may lead to changes in significant officeholders or outside business influences.
Compliance concerns closely linked to PEPs – primarily corruption and, by extension, money laundering – will likely draw increased focus through the year among both regulatory bodies and financial crime teams. Corruption indicators often intensify around elections, even in countries without generally elevated corruption risks, presenting at varying levels of specificity and potentially requiring familiarity with particular PEP networks.
In some jurisdictions, intervening factors such as the UK Financial Conduct Authority's (FCA) expected simplification of domestic PEP rules, may reduce the compliance impact of election outcomes. Moreover, protocols for proportionality in PEP-related compliance measures – for example, assessing the risk profiles of domestic and foreign PEPs on a differential basis – can streamline these processes in periods of higher-volume political activity. However, the wider impacts of elections and surrounding activity must be taken into account, and enterprise risk assessments are likely to become a priority amid the election wave in addition to management of PEP-centred risks.
Conflict and sanctions
An era of heightened and more widespread conflict will highly likely see expansions to sanctions regimes, which are also liable to change rapidly as conflicts emerge. This alone will compound the effort and resources required for effective monitoring, screening and re-screening.
Greater conflict may also raise issues further up the agenda, including terror financing (which has always held a near-equal billing with money laundering) but also proliferation risks. We assess that Iran, in particular, may restart or accelerate elements of its nuclear programme if further conflict occurs in the region, increasing instability
At present these issues carry a degree of predictability, and regions of probable conflict and potential knock-on effects can be anticipated where inward-facing compliance processes are sufficiently resourced. However, the need has become clearer for providers in the external EDD services market to cater more directly to specific risk-based approaches, rather than conducting “one size fits all” diligence on the basis that customers can or must adapt. Conducting conflict diligence at regional, national and sectoral levels may facilitate these efforts.
Environmental and human rights diligence
Environmental and human rights-related diligence are likely to dominate the next few years of risk management activity. Regulatory activity in the enforcement and investigations field has grown, with notable fines and advertisement bans imposed in the UK, US and Germany in the past year.
Moreover, new legislation has introduced further diligence obligations with greater reach. In particular, the recently phased-in EU Corporate Sustainability Due Diligence Directive (CS3D) will compel companies located or publicly listed within the EU to provide general sustainability disclosures covering both environmental and social factors, and to demonstrate processes for the identification, prevention and management of ESG risks. The UK's Economic Crime and Corporate Transparency Act 2023 has also introduced additional 'failure to prevent' offences operating on a wide definition of fraud, applicable to organisations which misrepresent their ESG policies or performance. As with CS3D and previous UK 'failure to prevent' legislation, the Act will likely have extraterritorial effect , requiring companies to take a wider view on which elements of their operations will warrant evaluation. Risks of financial penalties and reputational damage on these bases will drive increased proactivity in undertaking and seeking accurate and robust ESG diligence.
Financial crime
The complexity of financial crime is unlikely to decline and can be expected loosely to keep pace with the emergence of financial technologies and payment methods. The main typologies for large-scale money laundering are likely to remain the same, with complex cross-border schemes supporting transnational organised crime, and funds linked to corruption from higher-risk countries disguised through offshore structuring.
The use of cryptocurrencies for criminal purposes has become widespread in recent years, as bad actors have sought to exploit the decentralisation, high transaction speeds and perceived anonymity afforded by blockchain-based mechanisms. Crypto has become key to cyber crime activity such as ransomware attacks, where it represents the default payment method demanded by perpetrators. While illicit crypto activity appeared to decrease overall from 2022 to 2023, the increasing sophistication of bad actors and the continued prominence of sanctions-related crypto activity will likely drive sustained emphasis on risk management in this field.
Other perceived risks associated with the use of cryptocurrency may prove less threatening over time, however. Massive money laundering and sanctions evasion, widely anticipated in the wake of the invasion of Ukraine, have not manifested at the scale which had been feared – and, given the sheer volume of funds which would have required movement, may never have been a realistic possibility. A large spike in cryptocurrency values would drive fiat and luxury asset transactions of potential relevance for anti-money laundering (AML) and other areas of financial EDD, but this is unlikely in the next year.
One issue which can be expected to persist relates to how geopolitically driven capital flight can be addressed. We may see individuals (and their wealth) exiting areas such as Hong Kong and mainland China as economic strains, such as the real estate crisis, and political risks intensify. These individuals may look to offshore structures, or simply seek European banking facilities where their wealth is legitimately obtained but difficult to remove.
Database accuracy
High-volume compliance review often relies heavily on databases, or on automated systems of varying levels of intelligence. When conducting reviews of elevated risk factors, however, the accuracy of these systems is open to challenge. They should therefore form only part of a specific assessment.
It is only fair that individuals are able to challenge inaccurate information about themselves or their families hosted on databases. However, while demand for such work may persist, the value of simple database screening checks continues to diminish, and these are most suitable for transactions or issues of least risk.
Remote relationships
A model in which clients can be taken on remotely, wherever they are in the world, opens up new markets for businesses and may start to provide access to financial services for communities that historically could not access them.
Risks are likely to persist in relation to the fact that remote relationships may suffer from a lack of deep local knowledge, even in a world that has more broadly adopted video conferencing. A carefully curated international image and well-presented documents from an intermediary can cover for issues that may be only visible in a specific geography or language.
AI and automation
The application of artificial intelligence tools to EDD processes will rise, as will increased process automation. This is to be welcomed, reducing operational friction and demonstrating the possibility of risk management without burdening customers or clients. At present, however, these technologies are used more at the "simple" end of the diligence spectrum – for example, generating industry activity codes from customer-entered text descriptions and comparing them with those which fall within, or exceed, the risk appetite.
Headwinds can be expected in this area, as effective automation of even simpler risk management processes is dependent on the availability of accurate and timely data. An immediate use case is the screening of the obviously “known bad”: for example, where data is missing, or a judgement needs to be made concerning unstructured data.
Outlook
As political shifts occur, conflicts proliferate and regulation continues to underscore increasing commitment to sustainable development, embedding proactive corporate diligence and compliance processes will prove crucial. Opportunities for sustainable and responsible growth will continue to emerge, interfacing with criteria for effective navigation of evolving and converging regulation. As companies embrace these opportunities and seek to operate judiciously, EDD providers will add value through continued flexibility and adaptation.