AML compliance has been at the forefront to fight the threat of global terrorism. No wonder Governments across the world take it seriously. In 2018, U.S. Bancorp agreed to pay $613 million in penalties for a faulty KYC AML check.
According to the American Banker, U.S. Bancorp had already provided for $600 million in its books, related to expected enforcement action by regulators. Not financial loss, such non-compliance erodes customer trust and confidence, too. Many times, the reasons for non-compliance go beyond intent. It is an operational issue.
For example, OakNorth Bank had disconnected screening systems. One team handled anti-money laundering checks and another handled customer screening checks. Its screening and continuous monitoring processes to determine if customers are a Politically Exposed Person (PEP) were in place for its savings activities. OakNorth Bank did not have an option. It had to integrate its current tech stack and condense data into a single view, for compliance.
Technology has created a world of extraordinary economic opportunity. It has connected businesses and customers over traditional boundaries of language and geography. On the flip side, it has also aided the growth of global terrorism and crime. This has increased the danger and complexity of doing business around the world.
Businesses are under pressure to identify, assess, and comprehend exactly who they’re doing business with, to battle the international threat of terrorism and financial crime. Banks and financial institutions are facing this situation for KYC AML check.
KYC is a subset of AML
It is understandable that AML and KYC are often confused. It is partly because the two acronyms are used together in the context of compliance and financial fraud. AML is a broader discipline that encompasses KYC. Here is a quick capture.
AML refers to the procedures taken by financial institutions and governments. It is to prevent and combat financial crimes, including money laundering and terrorism financing. In the fight against organized crime and terrorism, anti-money laundering (AML) procedures are an important part of any financial compliance program. According to the United Nations, between $800 billion and $2 trillion (2–5% of global GDP) is laundered each year around the world.
The process of authenticating a customer’s identification is KYC, or “Know Your Customer.” To use a company’s service, each client must supply credentials such as identification documents. KYC verification procedures assist with anti-money laundering. It gives a framework for financial institutions to meet ever-changing regulations. It applies to Fintech also. Because Fintech firms provide financial services, AML regulations need them to authenticate their customers’ identities before providing their services. This ensures they are dealing with legitimate businesses.
KYC AML check best practices
What is the need for KYC AML check best practices? How do you measure success?
The clear response is that you avoid a penalty for non-compliance with regulations. It also keeps laundered funds out of the financial system. Thus, protecting civil society from crimes.
Is the above enough? Should banks stop with the minimum compliance requirements? Are there methods to improve the business while complying with? There is value to leverage best practices that are dependable, efficient, and cost-effective.
Comply 100% to the Current AML Regime
AML compliance is the least minimum banks must achieve. Slip-ups invite hefty fines. Reputation also suffers. The cost of non-compliance far exceeds the cost of compliance. Banks can add value to this ‘cost’ function by getting more business insights out of compliance. Banks can make operational improvements with technology to comply better at a lesser cost. The current AML compliance regime in the United States covers the following.
- Reporting – Financial institutions file currency reports and report suspicious transactions through Suspicious Activity Reports (SAR)
- “Follow the money” thereby maintaining a paper trail by keeping appropriate records of financial transactions.
- Internal controls in line with the Banking Secrecy Act (BSA)
A shared Know Your Customer/Customer Due Diligence (KYC/CDD)
The Signzy blog has written at length about KYC. The need for identity verification cannot be overemphasized. Rogue identities, false identities, and misrepresented identities, all can put paid to the proper functioning of the global financial system. KYC is the first and the most critical step, to prevent the entry of rogue elements.
Banks are expected to have a robust customer identification program. Banks should demand government-issued identification. They should also examine whether extra information is required. This information could include occupation, employer, and business affiliations. For low-risk customers, simplified due diligence is enough. But, in other high-risk cases, basic and sometimes enhanced due diligence (EDD) becomes necessary. This comes at an increased cost of business to banks.
Banks are pooling resources to tackle customer due diligence (CDD) requirements. Statutory bodies like The Financial Crimes Enforcement Network (FinCEN) are also supporting these initiatives. It seems logical. If one Bank has made all the efforts to KYC, other banks can piggyback. Such a shared KYC improves risk management and financial inclusion. This shared KYC can be executed in the following ways:
- Centralized agency approach that pools KYC across banks,
- Multilateral information sharing across banks,
- A combination of the above
Customer data sharing guidelines and internal compliance requirements especially for global banks might hinder such initiatives.
Reporting and Audit
Approximately, $85 trillion was the global GDP in 2020. The United States accounted for almost one-fourth of it. It is a staggering amount of money. Banks and financial institutions are instrumental to money flows that eventually contribute to the world economy.
Imagine, keeping a track of billions of transactions that make up the world economy. It is a tall task. This scale throws up the following challenges.
- Automation – Because manual steps for this sheer scale are prone to errors of omission and commission
- Documentation – To maintain paper-trail to help ‘follow the money.’
- Monitoring – To ensure compliance and proactive identification of high-risk transactions
It is virtually impossible to use manual methods to meet the sheer volume of compliance reporting and audit requirements. Other than feasibility, other factors emerge too – mistakes and time. Banks use AML software to automate all their AML compliance activities. The software also prepares them to scale compliance with the change in rules and regulations. Such software is custom-built with preferred vendors. Banks also develop this internally with their technology teams. AML automation software boosts speed, efficiency, and prepares the organization to handle increasing volumes of data.
AML compliance features are designed to enable law enforcement agencies to pursue investigations for civil and criminal penalties if warranted. The features are detailed enough to provide evidence useful in prosecuting money laundering and other financial crimes. This requires institutions to collect, store and analyze large amounts of KYC data as part of the customer onboarding process. Additionally, there is the need to store data related to transactions in line with the typologies that form part of the law/guidelines. The overall idea is that Banks should be competent to furnish necessary information via reporting, or when called for. AML Software ensures that no transaction howsoever trivial goes unnoticed and undocumented.
Monitoring is a nightmare. Because it isn’t just compliance that a bank has to deal with. Internal risk measures are also at play. From a regulatory perspective, the activities that Banks have to monitor are broad. It includes,
- Illegal activities
- Suspicious transactions
- Transactions above financial thresholds
- Unusual activity
AML software can address most of the hygiene ‘black and white’ monitoring requirements. It is the ambiguous ‘grey area’ activities that need more sophistication. Machine learning models (ML) can come to the rescue here. ML models can continuously learn from structured and unstructured data, thereby flagging suspicious and unusual transactions. This will ensure proactive compliance and aggressive redressal of risks.
Correct False Positives
A Dow Jones-sponsored ACAMS [CAMS (Certified Anti-Money Laundering Specialist) is the global gold standard in AML certifications] survey done a few years ago reveals that false positives are one of the most challenging aspects of KYC AML checks for bank compliance teams. False positives are a drain on a bank’s resources in its pursuit to track down money-laundering criminals. It is not difficult to understand why false positives are a problem.
Historically, rule-based models in line with regulations, flag off customer activities. It is usually based on value and frequency. Money laundering criminals are far smarter than that. Soon, bank systems tend to lag in detecting suspicious behaviors by account holders.
Continuously evolving customer risk-rating models could be one way to solve this problem. Mckinsey proposed a framework on how banks can approach building their customer risk-rating models. The best practices proposed by Mckinsey include simple ideas like data quality and simple model architecture. The best practices also include advanced ones like network science tools. Mckinsey goes on to identify the maturity level of the institutions implementing such customer risk-rating models. The maturity levels – Horizon 1,2,3 – indicate the effectiveness and efficiency of the implementing institutions. Banks would do well to reflect on how they can move up the maturity curve in identifying false positives, thus boosting productivity.
Balance Customer Experience with Compliance
AML compliance is not a trade-off. It does interfere with customer experience. But, it isn’t something banks can de-prioritize. If a high-value customer’s transactions look unusual, that will need to be screened and reported. Even during the KYC process, it is important to manage customer expectations. Proper systems and trained personnel can help. Customer drop-outs are a fallout of such measures. Banks have to identify and invest in the right kind of digital onboarding software, to minimize dropouts. At the same time, banks should prepare to accept drop-outs as the intended outcomes of a larger compliance culture.
AML will evolve
Criminal interests will undoubtedly keep anti-money laundering professionals on their toes. A certificate program in anti-money laundering is a testimony to this. Over the last two decades, right from 9/11 to the credit crisis, AML has evolved for the better. New rules and regulations have gotten added to the AML playbook year after year. Banks in the US are exploring Blockchain technologies to stay ahead of the curve to balance the ever-increasing challenge of AML compliance and associated costs.
AML proponents have claimed that AML related restrictions have been successful in enabling the fight against terrorism since 9/11. Critics however demand more evidence. Let the debate continue.