While regulators and law enforcement officials around the world have found it difficult to convict individuals because of fraud stemming from the global financial crisis, they have been busy doling out some eye-watering fines relating to anti-money-laundering (AML) and know-your-customer (KYC) infractions.
Over the last 18 months, Taiwan’s Mega Bank was hit with a $180 million fine for such offenses, an unnamed Canadian bank was fined $1.1 million, Barclays Bank settled for a massive $2.4 billion haul, Aegis Capital was brought in for $950,000, the Hong Kong authorities told the State Bank of India to fork out $970,000, and India’s Kamalakshi Finance had its trading halted. These are just a handful of penalties dished out by global regulators and many of the industry’s largest banks have been guilty of one AML/KYC infraction or another since 2010.
Banks are increasingly worried about AML/KYC processes as fines cut into all aspects of the organization; an infraction on the retail side will hurt the institutional side, and vice versa. But it’s a daunting task. Do you genuinely know your customer? Do you understand where the money is coming from? What is the source of wealth? Are there substantial concentrations in a particular fund from a particular investor? Who is that investor? What’s the structure of that investor? After all, the difference between a high net-worth investor (HNWI) from a foreign entity versus Calpers investing money is quite different, and the levels of due diligence needed change accordingly.
A Team Effort
It is possible that a centralized utility could be a more efficient way for the banks and regulators to share AML data and prevent the occurrence of such activities, which have been increasingly difficult to handle. Panelists at this year’s Sydney Financial Information and Technology Summit, a Waters-run event, indicated that Australia might look to build a utility to help with AML/KYC needs. (Australia uses the acronym CFT—combating the financing of terrorism—instead of KYC.)
Dipen Mehta, global head of data, architecture and innovation at Standard Chartered, says having a central utility would make it easier for banks to detect potential fraudulent activities, whereas individually, those transactions might not be enough to trace and label as possibly malicious.
“If we can share the data and there’s a centralized utility around that managed by a regulator—though I know it’s not the regulator’s role—to which all data on these transactions from a certain counterparty against Westpac, Standard Chartered, ANZ, and so on, can be tracked, I’d be able to get a much more interesting picture and it’s clearer to pinpoint any fraudulent activity,” said Mehta, speaking at a Waters conference in April.
Maria Milosavljevic, CIO at the Australia Transaction Reports and Analysis Centre (Austrac), an Australian government unit tasked with financial transaction surveillance to prevent money laundering and tax evasion, questioned whether it is the regulator’s role to establish such a unit.
“We are also asking that question: Is it the regulator’s role? Should we be doing it? Should we be working more on it? Within law enforcement, we second people from agency to agency so that we share knowledge. Why not share more between the private sector, and not just from the private sector into Austrac, but also from Austrac into the private sector?” she asked.
Value of the Utility Approach
Matthew Stauffer, CEO of Clarient Global, says that a utility approach would enable the industry to manage data as a strategic asset across firms to better service clients and make smarter business decisions. “A single source of client data and documents, or a global utility, would bring significant benefits to the industry, in Asia and around the world,” he said. “Today, firms are challenged with managing duplicative, costly, bilateral document exchange processes that reach far beyond AML and KYC compliance, and extend to the entire client lifecycle.”
Users of this model, he added, would benefit from enhanced risk management and increased efficiency and compliance capabilities, as well as a reduction in costs resulting from multiple, siloed data programs across different business lines.
Milosavljevic said that Australia’s New Payments Platform (NPP) is one service that Austrac is considering discussing with the industry, adding that there are also many other potential options. According to the Australian Payments Clearing Association, the NPP is an industry initiative to develop new national infrastructure for fast, flexible, data-rich payments in Australia.
In 2012, the Reserve Bank of Australia (RBA) published a review setting out objectives for the Australian payments system, including the ability for users to make real-time payments, and send more complete remittance information with payments. The review led to the proposal of the NPP to meet those objectives.
In 2014, 12 authorized deposit-taking institutions (ADIs) committed funding to build and operate the NPP. NPP Australia also signed a 12-year contract with global messaging service provider Swift to design, build and operate the basic infrastructure. The platform is in its fourth phase—“build and internal test”—and is set to be operational by early to mid-2017. It will be an open-access infrastructure for Australian payments, to which all ADIs can connect either directly or indirectly through other members, providing a wide variety of fast, data-rich payments for their account holders. ADIs can choose to join the NPP at any time. “The NPP going live next year might be a perfect opportunity for us to get together to say, ‘let’s build these risk engines together rather than every bank working in isolation and Austrac working in isolation,’” said Milosavljevic.
Clarient Entity Hub, a client data and document utility, is an industry-owned governance model that prioritizes product development. However, Stauffer said there are issues that need to be considered before adopting a utility for AML data. These include the accuracy of client data within the utility, as well as security and privacy.
“First, by leveraging a common global service, users benefit from standardized, consistent client data. Specifically, Clarient Entity Hub provides automated field verification controls to assist with accuracy, as well as a team of reference data experts that review submitted data, ensuring that the data has been verified, validated and is accurate,” he said.
According to Stauffer, users also need to ensure that the utility leverages proven information security policies and procedures, as well as promotes confidentiality and enhances controls through a comprehensive workflow, advanced permission model and strict access controls.
Knowing the source of data is helpful, but one should be mindful that data can be corrupted, which lowers its quality, observed Paul Ormonde-James, chief data officer and head of business intelligence at NIB Health Funds, a health and medical insurance firm. Those using the data are the ones ultimately responsible for its quality, according to Ormonde-James. “This is possible by setting out parameters that guide the question of who does what, at what level, and at what frequency,” he said.
Standard Chartered’s Mehta added that there are definitely dependencies along the chain, so the linearity of that data is important. “Our approach has been that there’s a person responsible for that piece of information,” he explained. “If you don’t know the lineage of the data, you’re in charge of capturing that data in all of those fields, then going out and taking a census of all downstream systems and figuring out who is using what data,” he said.
As a financial intelligence agency, Austrac has a slightly different emphasis on data quality issues, explained Milosavljevic. “We are reaching out and saying that we all collectively own this problem,” she said. “The data that is required to solve these problems is owned by all of us. Therefore, if all of these problems are collectively owned, how do we address them? How do we build solutions that identify anomalous behavior despite data quality? How do we build more resilient solutions?”
Traditionally, regulated entities are required to report to regulators, who then identify the important data and the necessary action to take, she added. However, Austrac questions whether this method actually solves the problem. “We are now starting to talk more with banks about their processes,” said Milosavljevic. “Banks have processes to identify risk, and we are also talking about identifying risk. They have a lot in place around KYC, and that’s very important.”
Regs Set to Grow
Regulatory regimes around the world are requiring increased regulatory oversight. Darren Thomas, head of Markit’s Counterparty Manager unit, tells Waters that as new regulatory mandates come into effect, AML/KYC is also being looked at in greater depth.
He adds that stricter rules on AML and KYC will require firms to deal with counterparties that are not on the sanction list and therefore not violate AML/KYC laws. Mifid II, for example, requires a number of different fields and trader information, as well as counterparty information.
Securities Financing Transaction Regulation (SFTR) requires transparency and trade reporting that will include AML/KYC data. Foreign exchange (FX) business conduct rules require more of a global approach with respect to how people conduct themselves in the FX markets, and that could mean declaring with counterparties how they’ll interact with the market.
Foreign Account Tax Compliance Act (Fatca) compliance will, in the short term, require collecting documentation and creating tax profiles for all trading entities. “The banks are very interested in getting support for that,” Thomas says.
Regulators across the globe have come to the realization that they need more whip and less carrot when getting firms to alter their behavior when it comes to the parties they deal with. There’s a noble pursuit underpinning these rules, but it has also created massive headaches, not to mention the cost to capital markets firms for non-compliance.
It makes sense that the next step could be a utility that oversees all this. The utility model has caught on in the US, even for KYC, as more firms look toward utilities, or, in other cases, managed services. But as was noted previously, the ultimate responsibility will fall to firms, even if a utility does establish itself in Australia to help them in their efforts.