By Reetu Khosla, Director of Risk, Fraud and Compliance Solutions, Pegasystems
2012 saw several well known financial institutions hit with extremely heavy fines and being publicly pilloried in the media for allowing money laundering and similar malpractices to occur either deliberately or inadvertently. Many others also had to set aside funds to cover potential settlements linked to money laundering cases and investigations.
Industry commentators say the global banking industry should be braced for even more fines in 2013 especially as regulators in the USA and Europe seem keen to show they are serious about cracking down on banking malpractices and any failures in reporting on suspicious transactions, customers and behaviors.
These substantial penalties against both minor and major banking institutions are despite the fact that the industry recognizes anti-money laundering (AML) can affect practically every aspect of their operations from securities fraud to suspicious money movements. Indeed it’s been estimated that global spending by banks on AML is around $5 billion per annum with operational costs accounting for the majority of the spending (Source: Celent).
Nonetheless offshore tax havens, Ponzi schemes, sanctions violations and collusion have proven to be tougher to detect and stop than expected. While there are several reasons why this has happened, a significant reason is how ever more complex AML has become to enforce.
Just consider what’s involved. While it seems sensible, giving employees the tools to spot potential links between seemingly unrelated events becomes extremely difficult if they have to check across many hundreds of transactions. This is exacerbated when the transactions happen in different countries and pull in many different accounts, account holders and events.
So naturally financial service providers have often adopted an approach of doing ‘just enough’ to meet regulatory demands and ‘just in time’ to avoid penalties for non-compliance. This reflects how AML compliance is about striking a difficult balance between minimizing costs and risks of non-compliance. However, taking a manual, decentralized approach to compliance is no longer sustainable, especially considering the sheer magnitude of new regulatory demands and the determination of the regulators to investigate and punish.
But, how can institutions best proceed in re-evaluating processes and systems to support their AML compliance goals?
A starting point lies in how financial institutions’ Know Your Customer (KYC) processes and rules are defined and operated. These tend to require serious updating as many institutions have loose internal controls around KYC that can be bypassed. However, KYC to meet regulatory obligations risks impacting on how fast customers are onboarded. For instance, it already takes 30 to 60 days for some investment managers to onboard a new client. With tighter KYC requirements, as well proposed Ultimate Beneficial Owner and FATCA rules and other regulatory requirements this process could be further stretched resulting in further delays for customers, in addition to increasing time to revenue.
To address this, financial organisations need to apply a rules-driven and risk-based approach that takes into account variations in risks by customer, product and country specific requirements. This requires them to find the best ways to manage complex global KYC processes to not only ensure compliance to complex KYC requirements in multiple lines of business, geographies and products, but also to minimize the impact on the customer experience and time to on-board them.
Clearly there is no silver bullet solution to managing all risk within any organisation but there are proven technology platforms available that can help. The most effective ones allow for specialization by country, product and risk specific requirements without replacing existing back-end systems. Advanced, agile technologies integrate seamlessly with existing applications and core systems of record, maximizing previous technology investments. This also ensures new AML functionalities can be brought online much faster than having to wait for the installation of a new standalone system.
This approach can enable benefits well beyond compliance alone. For instance, rules-driven KYC technology not only ensures compliance to complex global, regional and product specific regulatory requirements, but it also can be leveraged for faster on-boarding, obtaining a 360-degree customer view and ultimately faster time to revenue.
A rules-based dynamic case management approach answers the other critical requirement for AML compliance – change. This is especially true for large-scale global financial services firms for whom the technology must be agile enough to change as rules and risks change, including acquisitions, new product offerings and new geographies. New regulations aren’t set in stone, frequently are revised and can take time to come into sharp focus. This makes it even more difficult for an organisation to know exactly how to comply as evidenced by the current confusion over Foreign Account Tax Compliance Act (FACTA) for example.
Overall these new rules-based, dynamic case management technology platforms enable compliance efforts to become more efficient, and just as importantly, tailored to specific geographic and business needs. For example, a global financial services institution might have to comply with a different set of laws in Europe than in Asia Pacific and the USA. Agile, rules-driven technology provides a platform to look at risk holistically and meet multiple regulatory requirements on one platform. The value of this is shown when global institutions utilize rules-driven KYC technology to not only meet AML-specific KYC requirements, but also KYC-specific suitability requirements in other regional jurisdictions such as MiFID in Europe and FINRA rules in the U.S.
This unified capability will be further tested globally to meet new regulatory demands such new FATCA requirements. Non-American institutions will need to identify and track multiple complex relationships, including direct and indirect relationships with U.S. citizens and then drive due diligence to classify customers and meet the internal and external tax reporting requirements. However it develops, FACTA should be supported on the same KYC platform through simply extending it to accommodate the new requirements.
These efficiencies are also passed onto the customer with an improved experience of their banking relationship. The same unified KYC technology that’s ensuring compliance also ensures the same customer has consistent due diligence, minimizes the repetition of documentation requests, risk rating and disposition globally while significantly improving time to revenue.
Complex global financial institutions now realize implementing unified, agile technology is the only sound approach to meet ever-increasing regulatory demands, while maintaining costs and reducing customer impact. In 2013 we will undoubtedly see more and more institutions follow this approach as they look to overcome these compliance challenges.