In today's economic climate, it may seem logical to cut costs, but now is not the time to skimp on your compliance budget. Let's compare the costs of compliance versus non-compliance so you can make an informed decision for your business.
The cost of compliance
Here’s a round up of costs to consider when setting up your AML compliance programme.
Setting up a compliance team
One of the primary expenses associated with AML compliance is establishing a dedicated team to create, implement and maintain your compliance programme. Hiring knowledgeable professionals, such as compliance officers, compliance managers, and AML analysts, can significantly enhance an organisation's ability to detect and prevent money laundering activities.
However, the costs associated with recruiting, onboarding and training these individuals can be very high. The average cost of establishing an AML compliance team can vary based on the organisation's size and complexity, including onboarding and training costs, however the average salary for an AML analyst in the UK is £40k, and for a compliance officer is £50-60k.
Using EIV (electronic identity verification) providers
In order to verify customer identities and understand their customer (often called ‘customer due diligence’), reporting entities often rely on EIV providers. These services automate identity verification, often using photos or live video to confirm likeness to a driver’s licence or passport, and then matching an individual’s identity documents against various government databases.
On average, organisations can expect to spend anywhere up to £10 per check via these providers, depending on the volume of transactions and the complexity of identity verification requirements.
Data storage and security
An integral part of an AML compliance programme involves storing and securing large amounts of personally identifiable information (PII) collected during the customer due diligence process. Organisations must invest in secure data storage solutions to ensure compliance with privacy regulations and protect sensitive customer information from unauthorised access or breaches. Not only that, but the storage solutions must be well organised and easily accessible, as well as integrate securely with your CRM (customer relationship management) platform in order to reduce double handling and admin.
The costs associated with data storage can vary, but assuming the use of AWS S3 servers, a rough estimate would be £600 / month. On top of this, achieving international security standards such as ISO27001 or SOC-2 is a significant and timely investment that can take up to 18 months to implement.
Access to global and comprehensive screening and due diligence data sources
For example, in Australia, ASIC charges $9 just to search for a company name, let alone the fees they charge for company extracts or the documents needed for complex entities such as trusts and SMSFs.
Once an international entity is involved, as is common with high net worth individuals, the registry costs sky rocket as you access other country registries.
Access to comprehensive and up-to-date databases and registries such as Dow Jones Risk & Compliance and WorldCheck is essential for effective AML compliance. These data sources provide critical information to identify and verify individuals, screen for politically exposed persons (PEPs), and detect suspicious transactions.
Opportunity cost of fee earners' time:
One often overlooked cost of AML compliance is the opportunity cost of using fee earners' time to carry out AML-related tasks. As one of our clients noted, “We estimate between 50-80% less time is being spent on completing KYC and when you have a partner doing KYC with a charge out rate over £200/hour it's a huge win.”
Fee earners, such as lawyers or accountants, are valuable resources within an organisation. Diverting their time and expertise away from revenue-generating activities to handle AML compliance can result in a significant loss of billable hours. It is important to assess this opportunity cost and consider strategies, such as technology, automation and managed services, to minimise the impact on the organisation's bottom line.
Think that’s high? Let’s take a look at the cost of not getting your AML programme right.
The cost of non-compliance
While the advantages of AML regulations are undeniable, the administrative costs associated with compliance can become burdensome, particularly if your compliance program lacks proper structure. Nevertheless, the potential severe penalties, damage to reputation, and even criminal liabilities that may arise from non-compliance emphasise the importance of investing in establishing a robust program from the outset.
Here are the three major consequences that come with non-compliance.
Substantial fines: Regulatory bodies like the Financial Conduct Authority (FCA) adopt a strict stance against non-compliance and have issued fines totaling £11m since 2018.
Legal expenses: Engaging legal professionals, such as Senior Counsel or senior barristers, to defend against allegations can be financially demanding.
Loss of business opportunities: A study conducted by PricewaterhouseCoopers revealed that 50% of respondents would leave a company after just two negative experiences. A complex and lengthy onboarding process can result in the loss of customers.
Delayed revenue: The faster a customer is onboarded, the sooner revenue can be generated. Conversely, a lengthy onboarding process causes revenue realisation to be delayed. In this case, time really does equal money.
Potential data breaches: Cyberattacks and malicious actors pose a constant threat, with a single ransomware incident or breach having significant financial implications.
Media scrutiny: Public perception is critical, and the internet can be unforgiving. One misstep can haunt a brand indefinitely.
Loss of new customers: Regulatory bodies like the FCA and NCA actively employ naming and shaming tactics to deter non-compliance. A tarnished reputation within the industry can lead to the loss of new business.
Dissatisfaction among existing customers: No one wants to be associated with disreputable companies. Even if business continues with them, customers are unlikely to promote your brand to others.
Compliance remediation: Supervisory authorities have the power to enforce compliance changes, causing interruptions in business operations. Any pause in operations can significantly impact revenue flow.
Disillusionment, disengagement, and disruption: Frontline teams spend approximately 20% of their time on AML administrative tasks. Considering average salaries, this translates to a loss of £7,800 per person.
So what can you do to reduce internal costs?
Embracing technology to enhance efficiencies in AML compliance offers numerous benefits. Automation can streamline time-consuming tasks, allowing staff to focus on high-value activities. Advanced data analytics and AI-powered tools can improve the accuracy of PEP, sanctions and adverse media checks, reducing false positives and minimising manual reviews. Technology also enables seamless integration with various data sources, enhancing the speed and accuracy of identity verification and screening processes. Leveraging technology not only reduces compliance costs but also enhances overall effectiveness, enabling organisations to stay ahead in an ever-evolving regulatory landscape while maintaining their reputation and financial stability.
While establishing a comprehensive AML programme incurs costs, the consequences of non-compliance far outweigh the financial investment. By strategically allocating resources, leveraging technology, and prioritising efficiency, organisations can reduce compliance costs while safeguarding their reputation.
About First AML
First AML is an AML technology provider, and the maker of Source, an all-in-one AML platform. Source powers thousands of compliance experts around the globe to reduce the time and cost burden of complex and international entity KYC. Its enterprise-wide, long term approach to the KYC / CDD data lifecycle addresses time and cost challenges while minimising compliance, reputational and security risks.