Strengthening AML Preparedness in Southeast Asia: Enhancing Coordination Between First and Second Lines of Defense in Managing Non-Face-to-Face Transactions | Insights

With the rapid advancement of digital technologies, Southeast Asia has experienced a significant rise in services delivered through non-face-to-face channels. This trend is particularly evident in financial institutions, where the shift toward remote interactions has made it more critical than ever to strengthen anti-money laundering (AML) preparedness for managing such transactions.
At the same time, institutions face the challenge of maintaining agility in service development while effectively addressing AML risks – making the integration of speed and security a key business imperative.
In this context, close coordination between business units focused on customer acquisition and revenue growth (the first line of defense) and compliance teams responsible for risk management (the second line of defense) is essential. Designing services that reflect a balanced perspectives from both lines of defense is crucial to achieving sustainable and secure growth.
This Insight explores strategies for enhancing AML preparedness through improved collaboration between the first and second lines of defense in the context of non-face-to-face financial services.

About the Author

Eiji Matsumoto

Senior Manager
Toshihiro Sonoda

Senior Manager
Keita Misu

Manager
Tatsuhiro Hayashi

Senior Consultant

1. The Growing Importance of Addressing Money Laundering Risks in Non-Face-to-Face Transactions

The rapid advancement of digital technologies, accelerated further by the COVID-19 pandemic, has significantly shifted financial transactions from traditional face-to-face interactions to digital, non-face-to-face channels. In Southeast Asia, particularly in Singapore, the adoption of mobile banking, online lending and AI-powered chatbots has grown swiftly, reflecting the region’s strong receptiveness to digitalization.
While these innovations have enhanced customer convenience and operational efficiency, they have also introduced new vulnerabilities. Financial institutions now face an urgent need to address money laundering (ML) risks specific to non-face-to-face channels. The Financial Action Task Force (FATF) has highlighted these concerns in its Recommendation 10¹, and Guidance on Digital Identity², emphasizing the challenges in verifying customer identities and the potential for misuse.

Regulatory bodies across the region are responding with targeted countermeasures:

The Monetary Authority of Singapore (MAS) recommends implementing screening techniques such as mobile app sideloading detection³ and device identification data to strengthen digital onboarding.
The Indonesian Financial Services Authority (OJK) permits electronic Know Your Customer (KYC) processes, setting clear requirements for non-face-to-face authentication using third-party technologies.⁴

Balancing customer convenience with robust risk controls has become a critical management challenge- one that directly influences competitive positioning and public trust in financial institutions.

1 The Recommendation on Customer Due Diligence set out by the Financial Action Task Force (FATF)
2 FATF guidance providing international standards related to money laundering, financing of terror and proliferation finance countermeasures. It indicates in detail the measures countries should implement to deal with these risks
3 Installation of software through means other than the usual route for acquiring software. This includes, for example, installing smartphone apps by transmission via cable from a computer, rather than through an official app store. In some cases, security checks can be inadequate, and malicious attackers may be able to bring in malware through such routes
4 OJK Regulation No. 23/POJK.01/2019

2. Challenges in Aligning the First and Second Lines of Defenses in Service Planning and Design

(1) Overview of the Challenges

As financial institutions increasingly develop non-face-to-face services, tensions between business and compliance departments have become more pronounced. Business teams (the first line of defense) prioritize customer needs and revenue growth, while compliance teams (the second line of defense) focus on mitigating risks, particularly money laundering (ML), through regulatory adherence and internal controls.

This divergence in priorities has led to several key challenges:

(1)

Insufficient risk consideration during early service planning
(2)

Misalignment and lack of coordination between departments
(3)

Rapid technology adoption and business alliances without adequate risk oversight (especially relevant in Southeast Asia)

These issues are not unique to Southeast Asia; similar patterns are observed in Japanese financial institutions. However, the complexity is heightened in Southeast Asia due to frequent mergers and acquisitions, often involving organizations with differing corporate cultures and systems.

(2) Background and Analysis of the Challenges

The root of these challenges lies in the inherent differences in roles, priorities, and perspectives between the first and second lines of defense. These differences can hinder effective coordination and lead to the following issues:

(1)
Insufficient Risk Consideration in Early Service Planning
- A.
  
  Revenue-driven focus minimizes risk awareness
  Business units may deprioritize ML risks in favor of profitability and customer experience.
- B.
  
  Risk management is often dismissed as solely the responsibility of the second line of defense
  This mindset can lead to limited engagement from business teams in risk-related discussions.
- C.
  
  Lack of shared understanding of ML risk literacy and decision-making standards
  There is often insufficient awareness of threats like identity theft and fraudulent account creation.
(2)
Misalignment and Lack of coordination between departments
- D.
  
  Absence of early-stage collaboration frameworks
  Coordination mechanisms are often missing during initial planning phases.
- E.
  
  Perception of compliance as a bottleneck
  Business teams may hesitate to involve compliance early, fearing delays and excessive scrutiny.
(3)
Rapid Technology Adoption and Business Alliances Without Risk Integration (Specific to Southeast Asia)
- F.
  
  Digital transformation outpacing risk preparedness
  Many Southeast Asian banks have embraced mobile banking and online lending, but risk controls have lagged behind.
- G.
  
  Inadequate ML risk management in third-party partnership
  Collaboration with fintechs and retailers often proceed without robust oversight of ML risks in external products and services.

3. Specific Countermeasures for These challenges

As non-face-to-face services become increasingly prevalent, financial institutions face the dual challenge of maintaining speed in service development while effectively managing money laundering (ML) risks. Rather than assigning responsibility solely to one department, it is essential for business and compliance teams to collaborate from the earliest stages of service planning. Leveraging the unique perspectives and expertise of both the first and second lines of defense is key to building secure and customer-centric services.
The table below outlines specific countermeasures designed to promote cross-functional coordination and strengthen AML preparedness. These measures aim to bridge gaps in understanding, align priorities, and embed risk management into the service development lifecycle (see Figure 1).

To ensure these countermeasures are effective and sustainable, financial institutions must go beyond one-off implementations and instead establish ongoing operational and monitoring systems. This involves embedding the countermeasures into a structured Plan-Do-Check-Act (PDCA) cycle, enabling regular evaluation of their effectiveness and continuous improvement based on observed outcomes and evolving risks.
Key elements of this approach include:

Establishing a PDCA cycle to assess how well the measures are embedded and their impact on risk reduction.
Involving internal audit and risk management functions to independently evaluate the effectiveness of these measures from a third-party perspective.
Aligning with regulatory expectations by designing and documenting countermeasures in accordance with guidance from bodies such as the Financial Action Task Force (FATF) and local supervisory authorities.
Preparing for regulatory scrutiny and external audits by ensuring that measures are not only implemented but also regularly updated to reflect both technological advancements and regulatory developments, particularly in the fast-evolving space of non-face-to-face services.

By institutionalizing these practices, financial institutions can build a resilient AML framework that supports innovation while maintaining regulatory compliance and public trust.

4. Conclusion: Fostering Risk Management Cultures Across Entire Companies

As technological innovation accelerates, driven by the expansion of non-face-to-face channels and the rise of generative AI, money laundering (ML) risks are expected to be increasingly complex and sophisticated. To effectively address these evolving threats, financial institutions must embed risk management into their company-wide culture, rather than treating it as a specialized function confined to the second line of defense.
Enhancing AML preparedness is not only essential for regulatory compliance but also contributes to protecting corporate reputation and supporting sustainable growth. Institutions must design systems that enable cross-functional cooperation, as outlined in the countermeasures above, and adopt a mindset of “taking calculated risks while maintaining effective controls.” This involves building collaborative frameworks that allow departments to work together from the earliest stages of service development, striking a balance between innovation and risk control.
A unified approach where all departments engage in risk identification and mitigation from the outset is key to navigating the challenges posed by non-face-to-face services. Through repeated and structured efforts, institutions can strengthen their accountability to external stakeholders and enhance their long-term compliance capabilities.

ABeam Consulting’s Support Offerings

ABeam Consulting provides comprehensive support to financial institutions seeking to enhance AML/CFT preparedness, including:

Risk Analysis and Countermeasure Design for Non-Face-to-Face Channels
We assist clients in developing effective risk assessments and controls aligned with both domestic and international regulatory frameworks, including FATF guidance.
Building Coordination Systems Between First and Second Lines of Defense
ABeam helps clients design governance structures, KPIs and operational processes that foster collaboration between business and compliance teams from the initial stages of service planning.
Facilitating Cross-Organizational Workshops and Training Programs
We promote sustainable risk cultures, by improving AML literacy and fostering shared understanding across departments.

ABeam Consulting has supported numerous domestic and international financial institutions in strengthening their AML/CFT frameworks. If you would like to discuss these topics or explore tailored solutions for your organization, please feel free to reach out to us.

Insights TOP