Anti-Money Laundering (AML) and transaction monitoring processes are becoming usual practices in today’s financial environment due to the increasing enforcement of more and more regulations. In recent news there have been a number of international tier I and tier II banks that received large fines due to: AML violations, lack of sufficient scrutiny of existing procedures, Know-Your-Customer (KYC) process violations, and lack of proper controls over trading.
Some of the larger banks are growing their AML departments because of the increasing volume of alerts crelated by transaction monitoring systems. Many banks also focus on additional checks and are expanding their KYC teams with particular focus on Customer Due-Diligence (CDD) and Simplified Due Diligence (SDD) operations. Organisations focused on these subjects are publicising guidance on the processes and procedures for various financial and banking entities.
Many consulting companies are also offering their ongoing support, with the provision of systems, services, expertise and operating models as solutions to the issues that arise with ever expanding AML considerations and the new and more demanding regulations. Regulators covering the current environment are becoming more and more demanding and if they identify any lack of adherence to a regulation, not only are fines imposed, but charges can be raised against Money Laundering Reporting Officers (MLRO’s). This new personal liability is a step further and has resulted in many organisations analysing and revaluating their risk appetite.
Technology solutions are continuing to grow for this industry, since it is identified for many companies that adherence to AML rules is a necessary cost. Therefore many companies are evaluating which is better – more expensive technology and automation of processes, or ‘cost-heavy’ operations areas with AML specialists.
It appears that analyst operations on AML (post transaction review) and KYC teams are very often using the same tools to validate information that is provided; tools such as web searches, negative media searches, Worldcheck, Lexis-Nexis, etc. Therefore some of the analysis is repeated and, if any unusual activity is identified, then the next level of research is performed, expanded by additional analysis into client / bank / relationship manager / account manager areas. This model shows that the same effort can be taken possibly three times in different teams for the same client, using similar or identical tools.
When validated, this type of model shows potential for operational simplification and data sharing between teams. There are certainly a number of solutions and modifications which can help to reduce some of the operational costs:
- Creating a Secure ‘Big Data Lake’ where details of the analysis can be stored. Information provided must include client details, transactional details, negative media details, past alerts and activity. The Lake must be in a secure environment with the ability for read only access. This data must have proper governance and control protocols and be secured from any leak or unauthorised access.
- Creating KYC operations teams who will provide accurate and updated information with client details. Data that is analysed should be embedded within the client information, alongside updates to the transaction monitoring system which analyses client behaviours, providing alerts only for activity that shows a different pattern from that stated during the on-boarding and account review processes. Data should be periodically checked and approved, with client status / risk updated accordingly. This data should be shared with other areas of compliance operations. Analysis performed should be available and reused by other compliance teams via procedures which allow that to happen.
- Developing a single system where AML, KYC, negative media, trading, surveillance can be managed. The system should be able to perform all the required checks and only alert for issues where appropriate. Thresholds should be applied accordingly and adapted for false positives (self-learning). This type of technology would manage the compliance operations department as a whole, using tools and information already stored. The system should be smart enough to recognise analysis of data and transpose conclusions in one area to multiple other compliance areas (e.g. applying negative media analysis on a client to their KYC profile and further transaction monitoring).
These solutions have different specifications and all of them pose different risks and issues for individual companies. However, implementing even one of these solutions will have a huge impact on any firm operating in ‘The New Normal’ of continuous regulatory change and create a reduction of compliance costs in operational areas.
Banks and financial institutions should categorise the details held by each area and build ‘information bridges’ between various operations departments, where information is secured and research is persisted.
Firms that embrace this approach will ultimately come out on top – the winners being those that are able to utilise their biggest intelligence assets (data and client data analysis), bringing them together in order to reduce costs and manage their risk and compliance more effectively.