To Catch A Thief, First Capture High-Quality Data
Today, regulators struggle to stay ahead of the latest scam, while insurance companies and banks race to ensure they can identify and block criminal activities, and serve legitimate customers faster and better than ever before. In India for instance, the Prevention of Money Laundering Act 2002 came into force with effect from July 1, 2005. It imposes an obligation on banking companies, financial institutions and intermediaries to verify the identity of clients maintain records.
Additionally, the Reserve Bank of India’s extensive anti-money laundering (AML) guidelines have become effective from March 2006. The AML norms such as “Know Your Customer” emphasize that banks must keep a record of their customers’ backgrounds in order to reduce and control the risk of money laundering.
At the end of the day, all of this is to enable Indian institutions to achieve a common goal - to acquire more customers, avoid fraud, and stay compliant with ever-changing AML regulations
In a competitive marketplace, success depends on creating those new acquisition opportunities, closing loopholes, and carefully toeing the regulatory line in every country in which the business operates. At the end of the day, however, regulatory compliance is essential to keep the business running. The consequences are steep - if regulators find an organization has been used to launder money, crippling regulatory sanctions extend well beyond fines or bad publicity. The effects ensure that organizations can be kept from moving ahead. Without regulator approval, organizations can find all forward activities restricted or halted, whether that’s bringing products to market, carrying out M&A activities, or making any change to any business process without the regulator’s approval.
With the stakes so high, technology has become an essential tool for complying with anti-money laundering (AML) and counterterrorist funding legislation. While the regulators in the US and EU are now emphasizing on the importance of effective AML analytics as a cornerstone of compliance, Indian regulators are not far behind.
Companies are demanding enhanced functionalities and new flexibility from AML solutions. Generally speaking, currently, up to 50 percent of an investigator’s time is spent chasing false positives – a waste of valuable resources. Worse, false positives slow response times and increase the likelihood of ill-conceived filters and suppressions that suppress real threats. Lastly, false positives have a chain reaction – various law enforcement agencies typically get alerted when banks file Suspicious Activity Reports (SAR) based on the false alerts and public safety is compromised. Better data, insight and analytics are essential because they help investigators focus more on suspicious activities and less on false positives.
AML systems: what they do
AML programs encompass many different aspects, establishing policies and procedures, training front-office staff, setting up reporting and analytics teams, etc. But, at a basic level, AML is really about knowing your customer:
* Identify your customer
* Assess the risks posed by your customer
* Monitor what your customer does based on the assessed risk
* Report any suspicious or unlawful activities
* Re-assess the identity and risk of your customer continually
The foundation of an effective AML practice is a Customer Identification Program (CIP).This is the requirement that a financial company knows its customers and the risks posed by those customers. At its simplest, this involves screening new and existing customers against various watchlists such as OFAC, PEP, and others. This type of screening may occur at various timeframes, when an account is opened, on an ongoing basis when watchlists are updated, or whenever a transaction takes place.
Identifying customers at a bank can be a complex undertaking. There are many different types of customers at a bank and an individual may play different roles in accounts and transactions. For example, an individual may have a simple checking account, but also be a partner in a separate business account, and yet be an advisor in a different trust account. Recent guidance from financial enforcement authorities also point to the challenges regarding accounts that have nominal owners that mask the identities of beneficial owners of those very accounts.
Identity data poses a separate set of challenges in CIP; customer identification data, such as names and addresses have variant but valid representations. Watchlists could be in a variety of languages and character sets, and so could customer data. The global nature of finance and financial crime requires robust algorithms to resolve identity information for ‘Know Your Customer’ purposes.
The next level of AML is to gain insight from transactions - to search for patterns, trends and linkages that provide more subtle indicators of suspicious behavior. For example, if all transactions of more than Rs 50,000 need to be reported, and a client begins to make multiple transactions for Rs 49,999, the system will flag those transactions as suspicious. AML systems must also incorporate expertise about the broader marketplace.
Numerous transactions for a particular commodity like scrap rail steel that uses prices far above market value is a typical indicator of money laundering. Also, this event insight process should capture sufficient market news and data to identify whether unusual transaction behavior is related to publicly available news or research by matching the symbol and stock name against a public Internet news source. It should also model how an individual or entity is likely to behave, based on previous behavior, industry peer group and geographical peer group, to see if anything deviates from the norm. For example, the number of wire transfers done by a small landscaping business may not appear unusual until compared with other similar landscapers.
(Next week - The importance of good data for AML)
- Trends In Information Management: An India Perspective
- Cyber Security Predictions For 2018
- SpiderOak CEO Warns Of 10 Cybersecurity Threats For 2018
- Uber Data Breach: Accountability, Corporate Ethics In Question
- 4 Big Data Trends To Watch In 2018
- Customer-Facing Web, Mobile Apps Pose Highest Security Risk: Study
- Stratus Unveils Edge Computing Strategy
- 70% Consumers Stop Following A Business After Data Breach: Study
- Big Data Gaining Grounds In Precision Medicine
- CISOs, Beware Of Crime-as-a-Service, IoT Threats In 2018