Anti-Money Laundering (AML) and transaction monitoring processes are becoming usual practices in today’s financial environment due to the increasing enforcement of more and more regulations. In recent news there have been a number of international tier I
and tier II banks that received large fines due to: AML violations, lack of sufficient scrutiny of existing procedures, Know-Your-Customer (KYC) process violations, and lack of proper controls over trading.
Some of the larger banks are growing their AML departments because of the increasing volume of alerts crelated by transaction monitoring systems. Many banks also focus on additional checks and are expanding their KYC teams with particular focus on Customer
Due-Diligence (CDD) and Simplified Due Diligence (SDD) operations. Organisations focused on these subjects are publicising guidance on the processes and procedures for various financial and banking entities.
Many consulting companies are also offering their ongoing support, with the provision of systems, services, expertise and operating models as solutions to the issues that arise with ever expanding AML considerations and the new and more demanding regulations.
Regulators covering the current environment are becoming more and more demanding and if they identify any lack of adherence to a regulation, not only are fines imposed, but charges can be raised against Money Laundering Reporting Officers (MLRO’s). This new
personal liability is a step further and has resulted in many organisations analysing and revaluating their risk appetite.
Technology solutions are continuing to grow for this industry, since it is identified for many companies that adherence to AML rules is a necessary cost. Therefore many companies are evaluating which is better – more expensive technology and automation of
processes, or ‘cost-heavy’ operations areas with AML specialists.
It appears that analyst operations on AML (post transaction review) and KYC teams are very often using the same tools to validate information that is provided; tools such as web searches, negative media searches, Worldcheck, Lexis-Nexis, etc. Therefore some
of the analysis is repeated and, if any unusual activity is identified, then the next level of research is performed, expanded by additional analysis into client / bank / relationship manager / account manager areas. This model shows that the same effort can
be taken possibly three times in different teams for the same client, using similar or identical tools.
When validated, this type of model shows potential for operational simplification and data sharing between teams. There are certainly a number of solutions and modifications which can help to reduce some of the operational costs:
1) Creating a Secure ‘Big Data Lake’ where details of the analysis can be stored. Information provided must include client details, transactional details, negative media details, past alerts and activity. The Lake must be in a secure environment
with the ability for read only access. This data must have proper governance and control protocols and be secured from any leak or unauthorised access.
2) Creating KYC operations teams who will provide accurate and updated information with client details. Data that is analysed should be embedded within the client information, alongside updates to the transaction monitoring system which analyses
client behaviours, providing alerts only for activity that shows a different pattern from that stated during the on-boarding and account review processes. Data should be periodically checked and approved, with client status / risk updated accordingly. This
data should be shared with other areas of compliance operations. Analysis performed should be available and reused by other compliance teams via procedures which allow that to happen.
3) Developing a single system where AML, KYC, negative media, trading, surveillance can be managed. The system should be able to perform all the required checks and only alert for issues where appropriate. Thresholds should be applied accordingly
and adapted for false positives (self-learning). This type of technology would manage the compliance operations department as a whole, using tools and information already stored. The system should be smart enough to recognise analysis of data and transpose
conclusions in one area to multiple other compliance areas (e.g. applying negative media analysis on a client to their KYC profile and further transaction monitoring).
These solutions have different specifications and all of them pose different risks and issues for individual companies. However, implementing even one of these solutions will have a huge impact on any firm operating in ‘The New Normal’ of continuous regulatory
change and create a reduction of compliance costs in operational areas.
Banks and financial institutions should categorise the details held by each area and build ‘information bridges’ between various operations departments, where information is secured and research is persisted.
In the current environment more and more firms are seeking to consolidate information over operational groups rather than create even more fragmentation. This type of exercise helps to build a holistic picture of clients and their activities. It should also
help produce better transaction monitoring by segregating clients into the correct risks ‘pockets’ and allow for revaluation of client behaviour.
By collating all the relevant data for each client / account the ‘bigger picture’ becomes clear. It is then easier to make strategic decision on how to operate, which clients to invest in, which clients are operating in accordance to company risk appetite,
and which are posing an increased risk (indicating where client activity should be reviewed). Firms need to realise that both their data and client data analysis is one of their biggest assets, and they should act in a way that utilises this valuable information
(which they already hold), in order to protect themselves, drive revenue and comply with regulatory requirements.
The more that automation can be used as a solution between compliance operations systems the better, as this will mitigate potential misinterpretation of facts, human error, duplicated analysis, etc. However, solutions need to be smart enough to identify
and prevent regulatory breaches, hopefully in real time, based on previous patterns of client activity.
Firms that embrace this approach will ultimately come out on top – the winners being those that are able to utilise their biggest intelligence assets (data and client data analysis), bringing them together in order to reduce costs and manage their risk and
compliance more effectively.