Women At The Helm
The AML/KYC regulatory landscape continues to impose greater costs to financial institutions as they begin to collect, refresh, and analyze more and more customer data. RPA can be a usefull tool to deal with this regulations.
The AML/KYC regulatory landscape continues to impose greater costs to financial institutions as they begin to collect, refresh, and analyze more and more customer data. New Customer Due Diligence (CDD) requirements set forth by the Financial Crimes Enforcement Network (FinCen) include the Final Rule for beneficial ownership and control, and with effect from May 11, 2018, and the EU 5th AML Directive, which also mandates beneficial ownership collection for legal entity customers. Fines for AML and KYC deficiencies have topped billions of USD for both US and EU banks for lack of sufficient AML/KYC programs, failure to file Suspicious Activity Reports (SARs), CDD deficiencies, and other violations.
The implications for financial institutions go well beyond additional documentation for customers to complete. The current AML/KYC regulatory framework calls for the implementation of a substantial framework to collect and analyze customer data on both a retroactive and ongoing basis. The quantity of data, depth of diligence, and need to regularly update records will increase substantially as institutions put into practice onboarding programs to comply with FinCen and other regulatory directives. KYC reported that every bank in 2016, published by Thomson Reuters, estimated that banks were spending each about $60 million annually on KYC, with some banks spending up to $340 million.
A typical AML/KYC Compliance program includes procedures and requirements for both initial onboarding and periodic refresh processes for both KYC documentation and required due diligence procedures. Key Concepts include:
Data – The collection and regular refresh of customer information including Beneficial Ownership, Controlling Person(s) and Legal entity status. Proper data management also includes maintaining both accuracy and completeness of all customer data.
Monitoring – Ongoing review of customer activity, the identification of potential AML risk factors, and changing regulatory landscape.
Enhanced Due Diligence – Media, Politically Exposed Persons (PEPs), and sanctions screening to be completed on an ongoing basis. The thorough execution of Transaction reviews and filing of Suspicious Activity Reports (SARs).
All three components have inherently repetitive workflows that follow consistent, though often complex steps. An effective program can be developed through automation into a more robust set of solutions.
Robotic Process Automation (RPA) is the use of software tools to carry out repeatable tasks typically previously completed by humans. The repetitive nature of onboarding KYC/AML compliance programs makes it particularly attractive for RPA solutions. While many of the tasks that are part of the program are fairly nuanced, they are systematic and can be followed by a set of automated steps. By limiting human involvement, organizations can achieve a higher level of consistency and rigor, while keeping headcount and other costs lower.
RPA is an essential part of scaling AML/KYC projects across businesses and geographies and integrating AML/KYC compliance into the respective business lines. Each of the aforementioned parts of the AML/KYC program can benefit from mapping processes to automated workflow and implementing the appropriate tools and governance for ongoing use.
Financial institutions are required to collect information and documentation on customers both at onboarding and during regular refreshes. Automated solutions such as Optimal Character Recognition (OCR) and the use of paperless records can facilitate both data collection and management. For information that requires more regular refreshes - such as Beneficial Ownership, Controlling persons, and authorized signors/traders - paperless records allow banking customers to be prompted to update information or provide attestations. Paperless records need to be controlled through secure portals. Secure portals would also limit data leakage of sensitive personal information.
To streamline collection of the AML/KYC information at initial onboarding, banks can employ shared “KYC utilities”. These systems act as a central intermediary to collect and verify the KYC information and documentation used and shared between counterparties. Examples include Depository Trust & Clearing Corp and Accelus Org ID (Thomson Reuters).
With a greater number of users, booking points, and CRM systems, comes an inherent compromise in data quality. By limiting the human element of updating data on individual customers and tying the source of the data directly to the system, data accuracy and completeness can be improved significantly. Proper governance of a CRM system across booking points and different teams in a bank may also require system checks.
Smarter solutions exist to increase the scalability of the KYC program while mitigating the inevitable compromises over data quality. These solutions include integrating the source of KYC data directly into the CRM system.
A key part of an effective KYC program is a robust and scalable monitoring system. Monitoring should be conducted in a way that both fulfils current Customer Due Diligence (CDD) while helping inform and improve KYC/AML procedures.
AML/KYC compliance is inherently dynamic from the regulatory environment, adverse media, and sanctions information. All inputs impact the AML risk framework. Automated screening techniques using Natural Language Processing (NLP) can be used to monitor real time for changes in relevant regulations in all jurisdictions that may affect a bank. Automated solutions can be used to determine which regulatory frameworks are most relevant to the institution while helping guide important policy changes. Similarly, NLP tools can be used to categorize relevant media and news regarding fines and penalties imposed on peer institutions. To address regulatory updates across the financial services industry, Sia Partners has developed RegWatch, a customizable screening bot. It currently helps monitor regulatory updates that may impact banks.
As financial crime continues to evolve with cryptocurrencies and other changes to the global payments network, banks are burdened with the task of leveraging their knowledge of their clients to mitigate AML risk. However, customer-level data can only go so far when it comes to AML risk; banks must consider global factors such as terrorist activity, geopolitical unrest, and market changes. Powerful automated screening tools that have the ability to classify both qualitative and quantitative data and gather negative news, will allow banks to broaden the scope of their AML program while remaining efficient and targeted in their investigative efforts.
Typically, the most resource intensive aspect of the KYC process is conducting Enhanced Due Diligence on bank customers. Enhanced Due Diligence is typically reserved for those accounts that pose a potentially heightened risk of Money Laundering. Depending on a bank’s business activities and AML policy, EDD may be performed on a fairly large portion of accounts. This process normally includes additional sanctions/adverse media/ PEP screening, analysis of financial statements and transaction reviews. Automation tools can greatly improve the efficiency and efficacy of EDD while ensuring consistency across customers.
In order to streamline the screening process, vendor APIs and automated web scrapers can be used to integrate background screening into the Customer Relationship Management (CRM) system, allowing for fully automated due diligence including regular updates. By using smarter automated alternatives to manual searches, the bank can dramatically decrease the time and resources it takes to onboard/review a client while ensuring completeness and consistency across the program. Smart screening solutions will also decrease the level of subjectivity when it comes to interpreting results while freeing up resources for cases that demand an enhanced level of scrutiny. By leveraging high-level programming languages such as Python and Visual Basic, the searching and processing of results can be automated. Natural Language Processing (NLP) can be used to dispose of false positives and search for material hits. NLP frameworks such as named entity recognition and topic segmentation can also be utilized to classify media sources in ways that go beyond Google String Searches which automate the use of existing vendor products.
Core to AML compliance is a rigorous transaction monitoring program that employs a comprehensive dataset of KYC information and transaction data. Automated solutions, which digest and analyze transaction data can improve the scale of transaction monitoring by automating the majority of the data analysis. While certain transactions and customers require some level of staff analysis, the majority of the analysis could - and should - be automated.
Machine Learning (ML) frameworks can recognize patterns in transaction activity across products and geographies. Academic research reveals how techniques such as Radial Basis Function (RBF) Neural Networks and Dynamic Bayesian Networks have been successful at classifying Money Laundering transactions. To better classify activity conjunction with ML tools, KYC information such as industry, primary counterparties, and financial statements.
The US and EU banks have been receiving billion dollar fines for AML and KYC violations.
The pressure imposed by the risk of enforcement action on banks along with along with current AML/KYC regulations, require implementation of substantial framework to continuously collect and analyze data.
Every AML/KYC program has three key components: Data, Monitoring, and Enhanced Due Diligence.By using RPA in these three main areas, human involvement will be limited making AML/KYC programs more efficient while minimizing risks arising from manual procedures.
Going forward, RPA can provide a greater level of consistency and rigor while keeping ongoing costs low. Accordingly, banks need to embrace automation to help manage the significant AMC/KYC regulatory risk.