Whatever relationship you’re in, it can take time to get to know someone very well. More importantly, attitudes and behaviours can change over time.
For banks and financial institutions getting to know and understand customers’ financial habits well in a bid to detect suspicious activities promptly, it is a process fraught with challenges:
1. The sheer number of customers and volume of transactions present the perfect opportunity for criminals to hide illicit activities.
Because legacy systems still used in incumbents were never built to cope with the ever increasing number of transactions that modern technology and digital banking have enabled, spotting suspicious transactions timeously can be very difficult and time consuming.
2. Sophisticated money launderers and criminals know how to work the system and can almost always pass the onboarding and KYC checks.
A common tactic is to use money mules to access verified bank accounts. Purchasing old or distressed companies that have a verified banking history is another.
3. There’s every chance money laundering will go undetected – or even unreported – if AML policies and procedures are not robust and regularly reviewed.
In what’s described as probably the largest ever money laundering scandal in history, the Danske Bank fell foul of money laundering regulations after thousands of suspicious non-resident customers were identified as responsible for €200bn (£180bn) of transactions over a nine-year period. The transactions occurred despite the bank believing that the high-risks represented by non-resident customers were mitigated by its anti-money laundering procedures.
How quickly and effectively can your AML systems, processes and procedures detect suspicious client and transaction activity?
There are many strategies that come into play but one that perhaps offers the biggest scope for improving the effectiveness of AML strategies, without a complete overhaul of current systems, is to implement and automate a process to review client activity on an ongoing, rather than periodic, basis.
The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 requires banks to regularly and individually risk assess customers through “ongoing monitoring of its business relationships on a risk-sensitive basis.”
The regulations define this process as “scrutinising transactions to ensure they are consistent with what the firm knows about the customer; and taking steps to ensure that the firm’s knowledge about the business relationship remains current.”
‘Knowing your customer’ is not just the administrative process that’s completed at the beginning of the customer journey.
Knowing your customer, for it to be truly effective, requires continual profiling throughout the customer’s life so you can identify (ideally in real-time) when unexpected changes in behaviour occur. It’s crucial to understand the cause of the change – and more importantly, if it is potentially suspicious.
There may be a legitimate reason why there is an unusual pattern of transactions or the transaction has no apparent economic or legal purpose.
Understanding this reason however may require enhanced customer due diligence and a full 360-degree view of the customer – which necessitates the analysis of customer identities, associations; transaction patterns and behaviours.
To gain this insight a compliance officer would typically need to:
- Check the consistency of client activity against previously collected KYC data
- Identify any anomalous activities or activities outside those previously expected
- Determine if new activities are legitimate
- Refresh client risk-level based on the changes identified in the review
- Where appropriate, get further documentation from the client to support additional activities
- Approve and update the KYC profile of the client
There is no doubt this is a time-consuming process with an enormous amount of data collecting and crunching. The depth of the data makes it particularly difficult to analyse activity effectively - particularly if the client has multiple financial activities.
What’s more, as well as being inefficient, in the absence of near real-time monitoring, this manual, often inconsistent process is almost always slow to identify and respond to any suspicious changes. (In fact any suspicious changes would only be picked up during a review process.)
Corporate risk policies also play an important role as these determine the frequency with which client accounts are reviewed.
When you consider that in some financial institutions, low risk customer reviews may only be performed once every three years; and once a year for high risk customers, there is plenty of time for money laundering to go undetected.
It would make sense then automate the ongoing activity review for your clients so that you gain oversight of suspicious activities as they happen.
That’s exactly what we have developed at Napier.
We saw that if you were able to automate the review of your clients and their accounts, you would be able to complete the task more frequently, faster and have a better chance of spotting suspicious activity before it’s too late.
Compatible with all current systems, (you just need to feed it the relevant transaction data), our Client Activity Review product uses advanced analytics and rulesets to automate the review of clients and their accounts against their expected behaviour to fulfil regulatory requirements efficiently with a full audit trail.
Activity or transactions that fall outside the expected behaviour of a client will be highlighted automatically. For example you may have a client who is expected to transact cash payments from their account reflecting the level of the salary they receive on a monthly basis. However, if it then is found they have transacted millions of Euros to third parties in different countries then the client’s account will be flagged automatically using the traffic light system to highlight that an urgent review is required. A red flag, for example, indicates a significant change in activity which requires immediate action.
The key benefit of automated client activity reviews is that the system is triggered by data that is at odds with the client’s expected behaviour, which means you can take action immediately.
You can complete more suspicious activity checks, more often.
Rather than wading through huge amounts of data to determine if any changes in activity have occurred, analysts can focus on reviewing suspicious flagged activities to understand why they’ve occurred. And then determine the urgency of follow-up action which means the need for laborious tasks is greatly reduced, and the efficiency and effectiveness of AML efforts is greatly improved.
You can adjust risk appetite knowing you can support your decisions .
We all know that a low AML risk appetite can restrict business. A greater risk appetite when accepting new customers can ultimately lead to higher margins. But this needs to be balanced against the risks that non-compliance brings such as large fines, penalties and irreparable reputational damage. In the US the average sanction breach fine in 2018 was $10.2 million.
However, do bear in mind that any adjustment in risk appetite must be effectively underpinned by robust AML policies and procedures. These then ought to be supported by a well configured system that reflects these policies to create a fully controlled AML framework. Moreover, your risk appetite should demonstrate that all applicable guidance has been considered and acted upon; and be regularly audited and updated to reflect the changing nature of financial crime.
The fact that our Client Activity Review flags dubious transactions on a daily basis* is a great benefit as this means detecting suspicious activity as it happens provides you with the confidence that immediate action can be taken.
*Flagged transactional reports can be created as frequently as you choose, whether that be on a daily, weekly or monthly basis.
You can transform how you approach client activity reviews .
Traditionally, client activity reviews are diarised in line with the risk-level ascribed to a client. However, because our review system automatically monitors every client’s activity on a daily basis, it removes the need to have time regulated reviews based upon risk. Rather it can highlight changes in behaviour immediately independent of risk level and review dates.
Importantly, by easily linking into KYC systems, KYC and transaction monitoring become integral to each other. Client activity account reviews therefore bring these often-disparate departments together in a highly automated way.
Updated 22 June 2020