With increasing sanctions management regulations imposing ever-larger fines and the risk of custodial sentences for CFOs for non-compliance, the issue of sanctions looms large in today’s boardrooms within the banking and financial services community.
And the pressure is set to continue: as of 21 November 2009, for example, the advent of the new SWIFT messaging standard MT 202 COV will result in an increased number of alerts and associated management issues.
In turn, this has driven a number of initiatives designed for such organisations to demonstrate fully-audited processes for understanding and managing customers and payments, in a way which meets all regulatory requirements across multiple global jurisdictions.
In response, central to meeting such requirements is the adoption of an integrated enterprise-wide case management system, ideally within a broader rules-based business process management (BPM) solution, which creates a virtual central repository where information
is securely retained and rules used to manage the complex processes and regulations associated with global sanctions management.
An integrated approach
Compliance with economic sanctions regulations for financial institutions continues to be a major challenge, as regulatory scrutiny and the threat of fines and even custodial sentences increase. As a result, most institutions face a constant struggle with
the operational risk associated with identifying and managing lists and alerts relating to an ever-growing list of potential terrorist entities, individuals and other prohibited regimes.
Historically, institutions have typically reacted by increasing the numbers of staff dealing with alerts and potential infringements - essentially a highly manual response which might be seen to address new regulatory imperatives quickly but which is neither
cost-efficient nor error-free.
And looking ahead, this such a response is likely to become less acceptable, as new compliance rules not only expand to cover additional areas of financial activity but become more demanding in terms of the level of the levels of evidence required – in the
form of audit trails - to provide proof of compliance.
In response, most institutions today are using sanctions-filtering technology to identify the complex mix of payments, customers and transactions that may be potential US (OFAC), UK, EU or UN sanctions hits.
Each of these sanctions requirements differ by type of sanction, requirements and jurisdiction: in addition, in a global payments and cross-border environment, the rules pertaining to each alert vary based on specific regulations.
The issue of how these alerts, accounts and transactions are deemed false positives, blocked or reported in the context of specific regulatory requirements poses significant operational and compliance problems for most financial institutions. And, as they
typically operate in cross-border jurisdictional and multi-currency payment environments, both the level of risk and associated compliance demands become even greater.
It is recognised that less than five per cent of all sanctions alerts generated are true alerts. So how can institutions manage and dramatically reduce the increasing number of alerts while ensuring internal risk control and compliance with the appropriate
rules and regulations?
Specifically, to be fully effective – in reducing risk, cutting costs, improving compliance and enhancing customer service - any solution must directly address the following challenges:
- Managing the high volumes of exceptions generated by sanctions-filtering tools
- The high cost and risk associated with manual processing
- Significant fines for non-compliance
- Slower payments processing and client on-boarding times, resulting in client dissatisfaction and potential loss of opportunity
- Ensuring fully-auditable processes, at the same time ensuring timeliness, documentation and risks are managed
- Meeting regulatory requirements that change frequently and often carry significant financial penalties for violation.
The answer is to adopt tools which combine sophisticated case management with business rules in enabling the automation, audit management and processing of sanctions alerts in an holistic, enterprise-wide way. In other words, it should allow the business
automatically to map its procedures and policies, which in turn can be mapped and respond directly to the relevant regulatory requirements.
An intelligent approach
So what might this look like?
A BPM-based Financial Crimes Management (FCM) framework, incorporating automated triage functionality, are essential elements underpinning the development of an enterprise-wide fraud and anti-money laundering (AML) alerts and investigations management backbone.
Automating the management of alerts and investigations in this way will ensure both compliance and control while significantly reducing the number of false positives.
Other functionality within an effective FCM solution may include:
Alert and investigations case management - administrators can include customised rules to manage each alert type with real-time alert intake to resolution
Auto-duplicate search – this identifies any alerts that are duplicates and auto-resolving what is deemed the duplicate with a comprehensive audit trail
Behavioural resolution – includes: auto-resolution of sanctions alerts that were previously deemed false positives based on previous history and due diligence; automation of false positive processing with built-in quality control; and straight-through
processing to block or restrict activity in payments or customers with previous violations
Auto-grouping – automated identification and grouping of related alerts, whether payment- or customer-related, into single or multiple cases
Auto-risk rating – each alert and case is automatically risk rated, allowing for prioritisation of alerts and cases, by type of sanctions risk and regulatory requirement. In addition, alert ratings received from disparate monitoring systems can be
normalised to ensure consistent rating and prioritisation
Investigation case management – this can incorporate automated case creation, investigative processing options based on type of investigation, automated case enrichment with customer data, related alerts and transaction history and documentation management
Fraud, AML and Sanctions process management – including rules to manage internal control gaps, with SLAs ensuring compliance to demands for timeliness around regulatory reporting.
Real time reporting - on issues such as trends by sanctions hits type, number of alerts vs. false positives by type, resolution times and investigator productivity.
And this is not just fine theory. Financial institutions adopting this approach and functionality have reported a 40-50 per cent in operational efficiencies, delivering a full return on their investment in just six months.
Maximising your investment
Importantly, this approach does not require a rip and replace investment strategy but is designed to wrap around existing technologies and so leverage the existing investment.
As a result, it offers a relatively low-cost development at the outset and one which can roll out across the business in a simple, iterative way. By applying rules and processes, this will significantly improve compliance with rapidly evolving and increasingly
demanding compliance requirements, while at the same time reducing processing costs.
Which makes it an even more attractive ‘keep out of jail’ card for senior executives within the business.