How Not to Break a Bank I: Tools for Prevention in Financial Crime and AML Compliance
Jason wants to open a bank account. He owns a company in the Diamond District. Unbeknown to many, he is also the younger brother of an ex-minister from a country that has not ratified the OECD anti-bribery convention. Jason is also an alias; and leaves that section blank in a banking application. He ticks multiple red flags laid by the FATF (financial action task force). If the bank has sufficient audits and screening in place, they may pass on his application.
But Jason does get approved by a financial services firm. He starts buying a lot of properties, donating money to charity, and invests in a start-up. Eventually, Jason makes a miss-step. A police investigation uncovers a shocking volume of money laundering and financial crime is uncovered…with several transactions leading to one bank. Journalists are rushing to meet deadlines and the Financial Conduct Authority is very, very, angry.
Financial crime compliance was strengthened into law in UK Money Laundering Regulations 2017. Financial Services are now held to compliance requirements for creating and maintaining policies, controls and procedures to mitigate high-risks.
See, monitoring the various financial crime disciplines can appear overwhelming. Money laundering, counter-terrorist financing, anti-corruption, fraud prevention, and sanctions are all relevant.
To help conceptualise the scope of AML, there are three financial crime compliance pillars: Prevention, Detection and Response. But to go through these pillars, financial services should be fully aware of the digital transformation tools that are available to help combat financial crime.
Here, we will be exploring steps and helpful tools in financial crime prevention (click to go to what interests you most):
- Identifying and Investigating Politically Exposed Persons
- Analysing third-country regulations, foreign bank branches and subsidiaries
- Collating risk profiles
If you are in a commercial bank, investment bank, insurance, or even the property industry, the impact to business is high if you don’t remain vigilant the entire lifecycle of a high-risk relationship.
Benefits of using Automation for AML/CTF Compliance in Financial Services
1. Vetting Politically Exposed Persons (PEP) against Financial Crime Compliance Requirements
PEPs include high ranking public figures whose stature make them vulnerable to corrupting influences and bribery. The 12thFTAF (Financial Action Task Force) recommendation regards even past holdings of office relevant to classify someone as a PEP, “once a PEP, always a PEP”.
BUT (and it’s a big BUT – place this as a rule) if you are in the UK, in some cases it is against regulation 35(10) to complete enhanced due diligence measures. Notably you shouldn’t do this to former UK officials who ceased to hold office before 26 June 2017 by the 2017 Money Laundering Regulations.
PEPs can include foreign dignitaries, MEPs, administrative members of state-owned companies, and even board members of central banks and courts of auditors. They can even be a domestic or international organisation.
Early on, a financial services company should undertake measures to explore the source of funds and the wealth coming from the PEP. This includes sanctions screening.
Matching names of individuals and institutions and their transaction records against lists of sanctioned parties and countries. The UK has a public list available on the .gov website. When Canara Bank was fined £895K in 2015, the FCA found that there was no checks on if connected parties to customers were sanction screened.
Make no mistake, sanctions screening is only part of the whole! Heard of the name Andrej Vucic? He is the brother of the President of Kosovo, Aleksander Vucic. He is also openly in touch with heads of organised crime in his country. BUT Kosovo has no sanctions,nor is it on the FATF AML Deficient list. Sanctions or not, I don’t recommend giving him a bank account!
Checks and screening of connected parties may sound excessive. But it’s known that PEPs will try to circumvent AML/CTF rules by either using intermediaries or becoming beneficiaries of the bank’s customer.
As simple as it sounds, combing listings is still a burden for your administrators.
Capture Tech for Anti-Money Laundering CDD
Intelligent document management technologies can look at basic dispersed data for Customer Due Diligence:
- Birth dates, gender
- national identification numbers,
- other identifying documents whichever the source
- residences in countries that are flagged high on corruption indices i.e. Freedom House, Transparency International, etc.
If a branch still deals with paper applications, data capture technology can grab the data with ease. Solutions that bundles capture with data automation can scan paper and electronic documents and later place them in line items for more accurate validation.
Document management tools with ediscovery creates keyword searches and match newly captured names against public international lists of PEPs (at least for Heads of State published by the UN), sanction lists or private lists.
Initial name checks can produce duplicate results if the name is common. Using other modifiers, like geographic location, can help narrow down identities. Automation software is used for two-way or three-way matches. This will limit false positives in the screening process.
A capture and data management solution can also be used to highlight if there are any gaps in data that need to be filled in. This is also useful when internal auditors use keyword searches to test the robustness of PEP identification processes.
Intelligent Screen Automation to Quicken Discovery
If investigators are searching in the public domain for sanctions, AML/CTF solutions with intelligent screen automation can also help prevent financial crime.
As long as a database can be accessed through a web browser, your choice of solutions widens to rpa tools that use intelligent screen automation with web browser engines. Pre-determined button or sorting actions can be conducted by a robot.
This technology can be leveraged to scrape the following sources for information:
- Public domain websites, including news articles from reputable sources, government websites and pages of pressure groups that specialise in corruption research, e.g. transparency international, freedom house, etc.
- Public registers, such as those for companies. The UK’s companies’ house register is one example.
- Commercial databases such as LexisNexis (note: DCS has experience integrating with this one!)
BPM for Financial Services Compliance Requirements
And don’t forget to alert bank’s senior management of the the entry of the PEP.
A BPM or workflow tool automatically routes a confirmed PEP’s application to a senior manager. This is for their benefits as well as the firm’s.
If the senior manager doesn’t see the application assessment, they can be in contravention of Section 36 of the UK Banking Reform Act (2013). A senior manager of a bank can be charged with reckless mismanagement of risk that could lead to a bank’s downfall.
To make sure your financial services firm does not run afoul with the Financial Conduct Authority (like Canara), it’s always a good idea to keep records of the PEP and sanction screening with software that includes an audit tool.
You may choose to use multiple screening platforms. But the end-file is what matters. Ongoing monitoring of even approved PEPs should be conducted on a regular basis. The law-abiding PEP of today, could be tempted in the future.
Intelligent capture and collection is key to organising your administrative endeavours and regular schedules. At least you would have plenty of evidence of preventative measures taken!
2. Financial Crime Compliance Software to Review Third-Country Regulations on Branches and Subsidiaries
For international operations, a financial services firm needs to be mindful of the differences in AML legislation in all countries where their branches operate.
Some countries have relaxed standards, leaving the branch vulnerable for exploitation. For instance, there are countries that rarely impose sanctions and embargoes on PEPs e.g. Iran, North Korea, Pakistan.
Unfortunately, even banks of high standing can fall into this trap if they are not vigilant. The Estonian branch of Danske Bank funnelled 200B EUR between 2007-2015 from shell companies in the UK, Russia, Cyprus and Estonia.
Despite the grievous oversights in the Estonian branch, Danske’s Danish headquarters insist they
followed all regulatory compliance protocols. But this did not absolve Danske Bank Denmark from penalties!
As a result of the scandal, the bank’s compliance and reputational risk was raised. Its capital requirement rose to 10B Danish Crowns, imposed by Denmark’s financial regulator. Estonia has also since ordered Danske bank out of the country
Identity Verification and RPA in AML Compliance
Online identity verification is one way that customer due diligence can be applied flexibly wherever the branch’s jurisdiction. If we go back to the case of PEPs…as you can logically deduce, a foreign PEP can also be a domestic PEP in their own country.
When several branches need to coordinate their findings from disperse information sources, the last thing you need is delays just in collecting paper, fax, e-mail information, etc.
Bridging the communication gap between branches when investigating a PEP can be done with software robots that can move between systems.
Kofax robotic process automation is system agnostic. With careful process planning, a Kofax rpa robot can gather information and move seamlessly between new and legacy IT frameworks.
Analytics for horizon forecasting and creating scenarios with analytics can be deployed in branches to test their robustness against new (and other country) regulations.
An easily understandable dashboard provides the high visibility needed. Decisionmakers like the CCO can make a judgement on the case. Having real-time monitoring capabilities makes sure that any potential issues can be nipped in the bud and not transfer over into Detection and Response mode (which is too late for some).
3. Collating Financial Crime and Money Laundering Risk Profiles in KYCC
But it never stops at the PEP. KYCC, aka. Know Your Customer’s Customer. The PEP designation can be further extended to include: Spouses/partners, children, Business associates, and those with joint beneficial ownership of any legal arrangement, e.g. property investments.
The reality is that a money laundering criminal has multiple touchpoints with various enterprises. Affected companies and financial services firms all have the bits and pieces to form a more complete picture. But only if combined.
Risk profile data ripe for collection include:
- The presence of offshore accounts
- Connections of probable shell companies operating in low tax countries or tax havens
- Risk assessments if a customer or their associates is known to use alternative cash-exchange methods.
Companies in the infamous Troika Laundromat were registered in the UK but operated as offshore businesses. Detecting these accomplices means finding out the nature of offshore products. One way is to understand the ownership and control structure of partners of the customer.
Depending on how the risk profile goes, the customer can then be approved (by senior management if they’re a PEP), or it can go through extended CDD proceedings.
Financial services should also highlight and if there are any conflicts of regulations in the branch’s country against the country laws of the bank’s head office.
File Management for More Accurate Detection
Due to the complexity of CDD and KYC, removing the hum an element is not always prudent. One amusing case -- someone modified a generic risk-based assessment tool to place their own scores on industries, countries, etc. The tool produced large, impenetrable and illogical results once it spat out the risk scores/grades. No introduced robot could make that one work!
But, once that perfect risk formula is created, a system that uses machine learning can automate the collection and storage of CDD data into a unified file storage system.
KYC checks are usually done manually and suffers from errors. Errors create missed detection of money laundering and fraud further down the compliance funnel. How many manual errors were responsible for the penalties of 2017’s £163M for Deutsche Bank, $100M fine for Capital One (USA), Countrywide and others?
File management can help unify a risk profile for a foreign or domestic PEP.
Cognitive Document Automation for Due Diligence Checks in Financial Services
Sometimes your business processes will need enhanced due diligence checks once an issue is flagged.
Unstructured data includes vital information that isn’t already in forms at its point of origin. Trading data, voice, photographs and video are some examples. These are often found separated and hidden in information silos.
Cognitive document automation can work with capturing unstructured data to give you a more comprehensive information portfolio for your financial crime risk assessments.
If you are able to establish connections between sources of unstructured data, you are already one step ahead. Not only in prevention, but also in helping your organisation keep up with expanded responsibilities: trade monitoring, record keeping and reporting.
Conclusion: Rounding up the Tools for AML Compliance Requirements in the Financial Services
The above tools can be summarised as:
- information capture,
- business process automation,
- and RPA.
As money laundering evolves in complicated webs, so must the checking, analysis and collation of information during the Prevention stage.
Succeeding against AML/CTF is not a one-shot deal. Money laundering goes through extensive phases of layering. If a PEP isn’t the initial account opener, they can be using conspicuous middle men and still be hidden.
For information on combatting money laundering from non-PEPs or those that slip under the cracks, please see Part 2 “Detection” (coming soon!)
- Financial Services