# AML supervision at central banks: 2022 survey

Kroll explores why many central banks are investing in skills and data to tackle money laundering, but resourcing constraints are preventing stronger action, as Central Banking’s survey data reveals.

### Key findings

• Anti-money laundering (AML) teams are typically fairly small. Central banks with a dedicated team report a median size of 18 staff members.
• The focus remains on traditional financial institutions – 81% say they oversee banks, but only 19% oversee crypto firms and 14% fintech firms more broadly.
• Few financial firms seem to lose their licences because of AML breaches. Only 24% of respondents have rescinded at least one licence in the past three years.
• Cross-border financial flows are seen as the number one source of risk, with 76% of respondents warning this is a key concern.
• More than half of respondents say a lack of resources is hampering their AML efforts.
• On- and off-site inspections remain key tools for supervisors looking to address money laundering risks.
• Two-thirds of respondents report using data analytics for AML purposes. Of these, 71% say they use forms of automated data collection.
• There are many hurdles to better use of data. The wide range in the size and complexity of supervised entities is a concern (67% of respondents), followed by a lack of technical tools (62%).
• Collaboration, including data sharing, is common on a domestic level. But authorities are much less likely to collaborate and proactively share data with global counterparts.

The two years since the outbreak of Covid‑19 have been a boon for many criminals. The rise of digital finance – particularly crypto assets – has given them new ways to finance crime, including terrorism, and new channels through which to launder money. Authorities have been distracted, their attention and resources devoted to fighting the pandemic and its economic fallout. Meanwhile, in many countries, generous government support schemes have created even more fertile ground for fraud.

### Risk factors

Comfortably the number one risk factor was international financial flows, reported as a key concern by 76% of respondents. Corruption came in at number two (57%), followed by large cash payments (48%) (see figure 2).

Echoing figure 1, the data shows that central banks still view newer threats, such as crypto assets and fintech, as lesser concerns. Only 5% reported crypto and fintech as major risk factors in their jurisdictions.

This may be starting to change. The Financial Stability Board’s latest report into crypto assets noted crypto markets were on a path to becoming systemically important. But they are not there yet.

### Supervision: tools and challenges

Despite the impact of Covid-19, the most commonly reported supervisory tool was on-site inspections of financial firms, in use at 86% of respondents. A further 81% reported off-site, desk-based reviews as a key tool. The latter has grown in importance since the advent of social distancing rules, but it remains to be seen whether the balance between on-site and off-site reviews has permanently shifted.

Central banks reported having conducted anything from just one supervisory inspection in the past year to as many as 463, with a median of 12 inspections (see figure 3).

Many central banks commented that they used risk-based approaches to supervising money laundering/terrorist financing risks, as advocated by the FATF. One advanced economy central bank in the Asia-Pacific region said it employed risk-based supervision. This central bank said it had moved away from “fixed on-site inspection cycles” towards “more dynamic and timely” interventions. The respondent highlighted three key tools: use of data analytics to identify high-risk activities; supervisory interventions to “dynamically disrupt” high-risk activities; and targeted inspections to direct remediation at high-risk firms.

A second central bank in Asia-Pacific stressed the importance of its AML risk rating system, which allows supervisors to make systematic assessments of firms’ risk profiles. This feeds into the wider process of risk-based supervision. To further support these efforts, the institution carries out periodic sectoral risk assessments.

Risk-based supervision could help central banks meet other objectives as well. A central bank in the Americas commented that it had implemented a simplified due diligence approach to allow banks to set up accounts for vulnerable people in society, “including low-income and undocumented persons”.

Many respondents said they employed regular reviews of AML risks across their whole jurisdiction. Central banks reported their most recent review fell in years ranging from 2013–22. The most common response was 2019.

Central banks face an array of challenges when it comes to improving their AML supervision. Over half (57%) said limited resources was a major obstacle. The second most important was data gaps, reported by 48% of respondents, followed by data quality, at 29% (see figure 4).

### Data: analytics and obstacles

Exactly two-thirds of respondents said they use data analytics to help them identify AML risks. Of these, the most commonly reported data tool was the use of automated data collection (in use at 71% of respondents that apply data analytics). The use of data in external public records was also common, at 64% of respondents. Much less used was AI or machine learning, in use at just one central bank. Big data or ‘alternative’ data was used by three (21%).

The figures show a significant minority of central banks in the sample (33%) do not use data analytics in their AML work, suggesting this could be an area of expansion in future years (see figure 5).

However, for data use to become more widespread and effective, central banks will have to overcome a range of obstacles. The most commonly reported problem was the sheer range of institutions on which data must be gathered, given their differing size and complexity – 67% of central banks said this was a problem. A further 62% said a lack of technical tools was holding them back, while 52% mentioned a lack of resources (see figure 6).

At the other end of the spectrum, AML definitions (19%), lengthy processes (24%) and data duplication or incompatibility (both 29%) were less commonly reported as challenges.

### Resourcing

The broad trend appears to be towards either greater resourcing of AML functions, particularly in the staff and training categories, or constant levels of resourcing. One central bank reported that its staffing resource had fallen in 2021, and one other reported that its training resources had fallen (see figure 7).

Somewhat less seems to be invested in data platforms, hardware – for instance for data processing – and cloud platforms. Only 14 central banks commented on cloud resourcing, which may indicate that use of the cloud is still relatively limited, at least for AML purposes.

Given that central banks report a lack of resources as a key concern, more investment in AML may be needed. One central bank in Africa commented that recent reforms to the AML function had led to greater co-operation with local and overseas authorities, which had the additional advantage of allowing pooling of resources.

### Collaboration and data sharing

The data suggests authorities have closer ties to domestic authorities than to their counterparts abroad, which could hamper efforts to improve information and data sharing. Since central banks report international financial flows are a key concern, strengthening global ties seems an important priority.

It is common to have a body tasked with co-ordinating AML/CFT authorities domestically. Only four central banks (19%) said they did not have such a body in their jurisdiction. Most of those that have a body mention that this is either the country’s financial intelligence unit or a council specifically formed to co-ordinate AML matters.

Similarly, most central banks report that they share data on suspicious activity domestically. Two-thirds say they share data on a proactive basis, and another 23% say they provide data on request. Only 10% say they do not share data at all domestically (see figure 8).

A central bank in the Americas reports it is undertaking a project to centralise know-your-customer data at a national level. Financial institutions and regulators will be able to access the data. The project is expected to enter production in July 2022.

All respondents say they are engaged with some form of international collaboration on AML. Regional groupings are the most common (76%), followed by bilateral co-operation (67%) and international bodies (48%).

However, many central banks (38%) do not share any data on suspicious transactions internationally. A further 43% said they share data on request, while only 19% of central banks share data proactively on an international level.

This feature forms part of the Central Banking focus report, Anti-money laundering and countering the financing of terrorism 2022

You need to sign in to use this feature. If you don’t have a Central Banking account, please register for a trial.