Johanna Konrad

📌 A timely reminder that effective regulation should be risk-based, not one-size-fits-all: Mark Branson, President of BaFin and former FINMA head, is calling for a more proportionate regulatory framework—especially for smaller banks. He argues that applying the same complex Basel III rules to all institutions places a disproportionate burden on smaller players without significantly improving stability. Instead, Branson advocates for simplified requirements, such as focusing on leverage ratios instead of complex risk-weighted assets. 🏦 Switzerland’s Small Banks Regime, introduced by FINMA in 2020, is a case in point—offering reduced regulatory burdens for well-capitalized, low-risk institutions. Today, over 50 firms benefit from this regime, with streamlined rules on capital, liquidity, and risk. Branson also suggests fewer supervisory reviews for banks that consistently demonstrate strong compliance, sound management, and low-risk profiles. https://lnkd.in/eCbSZnit

3

The recent raid of Deutsche Bank’s offices in Frankfurt and Berlin is another reminder that financial crime risk is not theoretical - it’s operational, reputational and immediate. Read more here in Deutsche Welle https://p.dw.com/p/57dGG When authorities step in, the damage is already done: 📉 Headlines dominate the narrative 📉 Trust with regulators, clients and shareholders erodes 📉 Legal, financial and reputational costs escalate rapidly What stands out in cases like this isn't just alleged misconduct, but timing. Investigations often focus on whether risks were identified, escalated and reported early enough. That’s the difference between resilience and damage control. For financial institutions and global organizations in today’s environment of sanctions complexity, opaque ownership structures and sophisticated bad actors, reactive compliance isn't sufficient. Proactive intelligence and risk monitoring, with technology like Sigma360, is critical to: 🎯 Detect emerging risks earlier 🎯 Connect entities, transactions, and adverse signals across jurisdictions 🎯 Stay ahead of regulatory expectations instead of responding after an event. Tomorrow's leading institutions are investing now in prevention, visibility and speed - not post-incident remediation. Let's connect if this is relevant to your organization. #FinancialCrime #AML #SanctionsCompliance #RiskManagement #ReputationRisk #FinancialInstitutions #RegTech #ProactiveCompliance #Sigma360

43

Last month, The Federal Financial Supervisory Authority (BaFin) imposed EUR 520,000 in administrative fines on UmweltBank AG for significant shortcomings in its WpHG compliance function. The fine was issued due to the company’s failure to properly resource its compliance department from 2020 to 2023, violating key obligations under the German Securities Trading Act (WpHG). 🔑 Key Takeaways for Financial Services Sector: Compliance Function: Adequate staffing and resourcing of compliance teams are non-negotiable. Investment service firms must have sufficient resources to meet regulatory requirements and protect client interests. Management Oversight: The management’s responsibility is to ensure that the compliance function has full access to necessary information and can report effectively on compliance issues. Fines & Consequences: Fines for non-compliance can reach EUR 5 million or 10% of total revenue, highlighting the cost of regulatory failure. ✅ Risk Management Alert: This serves as a reminder to ensure that compliance functions are fully resourced and that reports are thoroughly reviewed by management. Protect your firm by staying ahead of regulatory obligations and avoiding costly fines. Read on for more: https://heyor.ca/I8sArU #FinancialServices #RiskManagement #Compliance #RegulatoryCompliance

3

For senior compliance leaders, the challenge isn’t just knowing the rules - it’s the technical translation of shareholding disclosure obligations. How do you transform high-level principles into your internal process when the data gets complex? We’ve engaged with BaFin to gain clarity on the technical nuances that often trigger the most internal debate. Session two of our Regulatory Disclosure in Practice Roundtable on March 18 in Frankfurt will be a peer-to-peer discussion and collaborative deep dive into the operational “how-to” for: - Independence declarations: Determining the triggers and cadence required for mandatory updates - Display precision: Navigating MVP portal requirements and SSR rounding approaches - Corporate actions timing: Pinning down the definitive disclosure dates across various event types - Unlisted share classes: Developing a robust framework for identifying specific German obligations 👇 Request an invite and view the agenda by clicking on the link in the comments! Meet the speakers: 👉 Karl Schindler - Lead Regulatory Expert, FundApps 👉 Robert Andrić - Business Consultant, FundApps

21

2 Kommentare

Thanks Adrian Searle - we need more collaboration like Germany - National Crime Agency (NCA) National Economic Crime Centre (NECC) and Financial Conduct Authority please take note German banks are permitted to share data with each other to prevent financial crime, primarily through public-private partnerships and innovative technology initiatives, within the legal framework provided by the Money Laundering Act (GwG) and EU directives. Strict data protection laws (such as the GDPR and the German Federal Data Protection Act, BDSG) are addressed by designing these initiatives to be secure and compliant.  The Anti-Financial Crime Alliance (AFCA) was established by BaFin in 2019. AFCA is a permanent platform for the exchange of strategic information and cooperation between 15 (now 19) German financial institutions, the German Financial Intelligence Unit (FIU), the Federal Financial Supervisory Authority (BaFin), and the Federal Criminal Police (Bundeskriminalamt). safeAML Initiative: Led by the State of Hesse, this initiative involves major banks like Commerzbank, Deutsche Bank, and N26. It aims to digitize interbank comparisons and use advanced AI models (such as those provided by Hawk AI) to detect suspicious money flows across multiple bank accounts more quickly, while ensuring a secure and compliant framework for data exchange. Legal Basis: The German legal framework, particularly the GwG, transposes EU Anti-Money Laundering Directives (AMLDs) into national law, which includes provisions for information sharing between public authorities and, increasingly, between private sector entities under specific conditions. The new Financial Crime Prevention Act (FKBG), approved in October 2023, also reinforces the infrastructure for combating financial crime through the new Federal Office to Combat Financial Crime (BBF). FATF Guidance: Germany, as a member of the Financial Action Task Force (FATF), follows its recommendations and guidance on private sector information sharing, which encourages collaboration to build a clearer picture of criminal networks while respecting data protection and privacy requirements. 

2

🟣 DORA... and Why “Concentration Risk” Isn’t Always What You Think BaFin’s recent article on their supervisory focus under #DORA highlights a subtle but critical point: #concentrationrisk isn’t just about market share - it’s also about #substitutability. Three insights worth noting: ‼️ Two layers of dependency: financial firms often rely on a small set of ICT providers, but those providers themselves may depend on the same infrastructure players. That creates hidden chains of reliance that traditional risk assessments rarely capture. ‼️ Lock-in drives systemic exposure: technical complexity and proprietary configurations make switching providers costly and slow. Multi-vendor strategies can reduce exposure, but they come with integration challenges that need to be managed. ‼️ Regulatory oversight is evolving: under DORA, critical ICT providers will be designated and supervised at EU level by the ESAs. The criteria go beyond size - they also look at substitutability and systemic impact. This shifts cloud and outsourcing risk from a procurement issue to a regulatory one. What does this mean for risk leaders? - Map beyond first-tier providers: understand #subcontracting chains and shared infrastructure #dependencies. If your primary provider relies on the same infrastructure provider as your other vendors, your diversification strategy may be weaker than you think. - Assess migration friction: don’t just ask “Can we switch?” Ask “How long would it take, and at what cost?” High migration friction equals high systemic risk. - Engage early with #governance: DORA oversight is introducing new reporting and resilience obligations. Boards and CROs should treat ICT dependency as a strategic risk, not just an operational one. The takeaway? Substitutability is the new metric for #resilience. If migration looks painful, you’re in dependency territory - and that’s exactly where supervisors will focus. ©AJ

78

6 Kommentare

Yesterday I had the pleasure of speaking to FEBIS members on the structural impact of AMLA and the new EU AML Single Rulebook. One core takeaway: AML in Europe is becoming a pan-European operating model. With AMLR directly applicable across Member States and AMLA introducing centralised supervision the shift is clear: • From fragmentation to harmonisation • From periodic KYC to continuous risk management • From reactive controls to structured, data-driven oversight For financial institutions, this is not a legal update. It is an architectural question. Manual, locally optimised AML models will not scale in a Single Rulebook environment. The institutions that industrialise compliance early will gain more than regulatory comfort — they will gain structural advantage. (And yes, AML governance can be more strategic than it sounds.) Thank you, Silvia Amaral da Fonseca for the invitation and to FEBIS for the insightful discussion. Many thanks also to Thom Townsend took over the second part of the training session, focusing on the topic of ‘beneficial owners’ and the situation regarding transparency registers. #amlcft #compliance #kyc #amla #amlr #amld6 #rethinkcompliance #kycutilities #smartautomation

25

Why do AML teams need to take a combined approach to traditional and agentic AI? Hawk will explore this topic with the ACAMS Germany Chapter in Frankfurt this week.    Wolfgang Berner, Hawk Co-founder and Chief Product Officer, will discuss the challenges that compliance teams face today, including:     ✅ Fragmented data across a variety of systems  ✅ Alert overload and investigation backlogs  ✅ Inconsistent decisions under audit pressure  ✅ Knowledge loss as talent churns The solution? A combined AI approach.  👉 Learn more about the event and register here: https://lnkd.in/enHH8u7W    #ACAMS #AML #AI #transactionmonitoring #falsepositives #AgenticAI #compliance 

47

AMLA - The EU Anti-Money Laundering Authority has confirmed that from 2028 it will directly supervise around 40 high-risk financial institutions, using a single EU-wide risk assessment methodology shared with national supervisors. The framework will be tested in 2026, meaning institutions must align their risk, data, and governance models well before formal supervision begins  • One EU standard: national differences in AML supervision will largely disappear.  • Risk assessment is decisive: weak or non-explainable risk frameworks will attract supervisory attention.  • Act early: 2026 is the real readiness deadline, not 2028.

1

1 Kommentar

AMLA has launched a data collection exercise to test risk assessment models across the EU financial sector. This signals a move toward more standardised AML/CFT supervision at EU level. The focus is not only on risk outcomes, but on data quality, consistency, and traceability. Firms should treat this as an early test of their internal risk frameworks and documentation. Human accountability remains essential: models may support risk assessment, but decisions must remain explainable and defensible. More context on our compliance operations advisory work: https://lnkd.in/d9HXfgDY Official AMLA announcement: https://lnkd.in/drQcJQPt) #AMLA #AML #ComplianceOperations #RiskAssessment #AIinCompliance

2

The European Banking Authority (EBA) has launched a consultation on revised "Guidelines on Internal Governance" to reflect recent legislative changes and lessons learned from supervisory practice. #riskculture #governance #riskmanagement Keep Reading: https://lnkd.in/e-fBn6xv

7

🚨 Nearly half of EU AML/CFT supervisors are already using SupTech tools The EBA just published its 2025 report on AML/CFT SupTech, and it’s clear that technology is no longer optional in supervision. https://lnkd.in/eTzKhg2m Some highlights that caught my eye: ✅ Adoption is growing fast – 47% of SupTech tools are live, 38% under development, 15% still exploratory. ✅ Benefits are real – better data quality, stronger risk insights, more efficient supervision, improved collaboration. ⚠️ But challenges remain – fragmented and poor-quality data, limited budgets and expertise, legal grey zones around AI and GDPR, and resistance to change. 💡 Best practices are emerging – digital-first culture, structured change management, synthetic data for safe innovation, sandboxes, and clear metrics to measure impact. What struck me most: regulators admit they feel only “moderately prepared” to embrace SupTech fully. And yet, with AMLA set to coordinate EU supervision, the pressure for data-driven, interoperable solutions will only intensify. This is where RegTech can make a difference: helping solve the foundational issues of data quality, governance, and interoperability so SupTech adoption doesn’t stall.

5

Switzerland's mandatory due diligence checks have led to: Reporting: Enhanced transparency through mandatory public reports Governance: Implementation of formal supply-chain and risk systems Enforcement: Legal exposure for directors, modest civil liability Alignment: Better alignment with international ESG standards Momentum: A platform for broader future regulations Should we not be doing the same here?

2

The next milestone for the ITFA Financial Crime Compliance Initiative ... we are delighted to share a new guidance paper on the operationalisation of technology by financial institutions and FinTechs. This paper was developed by members of ITFA’s Financial Crime Compliance initiative (FCCi) which was established a year ago by ITFA’s Fintech Committee. The paper is entitled “Advanced Technology Operationalisation Framework for Financial Institutions & Vendors” and was authored by Elizaveta Savinykh and Aurelia Bucicoiu. https://lnkd.in/e5mPUNKz The paper outlines a common framework for financial institutions (FIs) and vendors for the operationalisation of advanced technology, such as artificial intelligence (AI) and machine learning (ML), as well as sophisticated deterministic rules-based models. The proposed framework consists of five guiding principles with an overview of how these principles should be embedded in the advanced technology deployment lifecycle. The adoption of this framework by both FIs and vendors is expected to lead to stronger model risk management (MRM) outcomes while also increasing vendor competitiveness, efficiency, and reputation and enabling FIs to strengthen governance, enhance transparency, and accelerate adoption of new technologies. The paper usefully includes appendices with questionnaires and data-mapping templates which can be used by members to assist in the implementation of new technologies and systems. The paper will be presented during our next FCC Initiative in-person seminar that we aim to organise for trade compliance specialists in November. In the meantime, please don’t hesitate to join our group calls and to engage with FCCi co-chairs, Ben Arber and Dr Graham Baldock or with the ITFA Fintech Committee chair, André Casterman. ITFA Complidata #quantexa

25

1 Kommentar

Proud to share the DT4C Alliance’s response to the EBA’s consultation on the draft RTS for Customer Due Diligence (CDD) under the EU AML/CFT framework. This is a crucial step toward ensuring that digital identity and trust services are effectively integrated into financial compliance processes. 📄 The response highlights key recommendations to enhance clarity, interoperability, and innovation in the application of digital trust services. 👉 Read the full response and join the conversation #AML #CDD #DigitalIdentity #EBA #RegTech #DT4C #FinancialCompliance

4

"The safeguarding requirements actually illustrate why this dual authorization framework is problematic rather than protective. Under MiCA Article 70(1), CASPs must already "make adequate arrangements to safeguard the ownership rights of clients" for crypto-assets including EMTs, with specific insolvency protections. Additionally, EMT issuers are subject to EMD2 safeguarding requirements under MiCA Article 48(3). Layering PSD2's Article 10 safeguarding requirements on top creates what the EBA calls "disproportionate" protection that "would far exceed the risks intended to be covered." More fundamentally, PSD2's safeguarding mechanisms weren't designed for distributed ledger technology. Requiring CASPs to segregate EMTs using traditional banking infrastructure could create operational impossibilities or force them into costly workarounds that don't meaningfully enhance client protection. The EBA explicitly acknowledges this, noting that PSD2 safeguarding methods for EMTs "may not be available or be disproportionately costly" and advising against prioritizing enforcement of these provisions."

7

Experian's Vicky McNab discusses a new phase for digital identity moving from one-off checks to reusable, user-controlled credentials. With initiatives like the GOV.UK Wallet, EU Digital Identity Wallet, and upcoming regulatory guidance for AML and KYC, the way regulated organisations verify identity is set to change. This article explores what that means for businesses, regulators, and the role of trusted private-sector providers in a hybrid identity future.

36

A first for regulated digital assets in Germany. Bullish Europe has received its EMT payment license from BaFin under PSD2/ZAG regulation - making it the first BaFin-regulated CASP to hold both MiCAR and PSD2 licenses. This is a meaningful step forward for Bullish Europe and the broader digital asset industry.

103

4 Kommentare