Several top global banks have made it into the press again — for the wrong reasons, reasons to do with international money laundering schemes. From facilitating trading with companies in sanctioned countries, to moving cash for Russian launderers to channeling Mexican drug money, these banks were caught and assessed steep fines by regulators. Even worse is the reputational damage that comes from not .
These banks probably thought they were taking the “risk-based approach” that is at the center of most anti-money laundering (AML) regulations and know your customer (KYC) appraoches. But were they doing enough? Did they truly know the customer, their business and the relationship? Did they understand who stood behind the customer – where the funds were coming from?
Over the past years, regulatory pressure on banks has increased and resulted in more sophisticated risk-based approaches that require banks to consider much more information on the customer and implement effective measures to mitigate risks. Still, financial institutions often fear that a customer does not want to open an account if they are asked too many questions. So they only ask a limited set of questions and check third-party data sources to enrich the data with information such as beneficial owner, and to check against:
- Lists of politically exposed persons (PEPs)
- Sanction and watch lists
- Adverse media
- Data bases such as the Panama Papers, Bahamas Leaks, etc.
But still that’s not enough for an effective customer risk view. Financial institutions also have to classify a customer. Our recommendation is to use both:
- Rules-based risk classification that can put somebody into a high-risk segment if, for example, you detect any kind of business relationship with a high-risk country, or if there is inconsistent information provided by the customer or detected about the customer.
- Analytical methods to automatically find out if there’s something unusual (e.g., similarity to a previously filed customer). These are typically based on AI.
But the classification shouldn’t stop there. After onboarding, financial institutions have to have a transaction monitoring system in place to track each transaction for suspicious behavior. A mere rules-based monitoring should be complemented by powerful advanced analytics to be able to discover new, so far unknown patterns of crime.
Missing: An Enterprise Risk KYC View
Unfortunately, the important link between KYC actions during onboarding and the ongoing risk classification via transaction monitoring is still missing in many banks today. This causes two problems:
- No risk classification on an ongoing basis, although any single transaction of a customer might have an impact on the customer’s risk situation
- No detection of deviations in behavior when the customer’s real behavior does not match the KYC information and the information known about the customer
The result will be ineffective and inefficient controls with many false positives, and a heightened risk of missing the real unusual behavior for a client.
This is why we have not only integrated any kind of data into the KYC risk classification process supported by Siron® KYC, but also made any of the KYC information available in our transaction monitoring system, Siron® AML. This ensures our customers always know about the latest risk of any customer at any time.
Facilitating the entire KYC lifecycle process via modules of Siron®Anti-Financial Crime Solutions makes sure that the financial institution uses an audit-secure process at low cost that operates in the background and secures the reputation in an automatic and silent way.
Increased transparency on the customer’s business (especially in high risk areas) will be required soon. Looking at the upcoming 5th EU ML Directive we will see further data sources like central registries for beneficial owners and PEPs that also need to be integrated to track and manage customer risk throughout the life of the relationship effectively. Our job is to make this kind of enterprise-wide, cross-lifecycle view of a customer’s risk not only possible, but easy.