Featured Product

    Addressing Heightened KYC Risk with Data and Automation

    May 2020

    Addressing Heightened KYC Risk with Data and Automation

    Written by Regulation Asia.

    Managing KYC risk assessment in a sea of increasingly complex data sets calls for smart automated solutions to manage alerts. 

    In recent years, AML and KYC requirements have become increasingly complex across jurisdictions, leading to significant geographical differences. Meanwhile, regulators around the world are increasingly placing the onus on financial institutions to uncover bad actors as they take a more systematic approach to preventing financial crime.

    At the same time, fines against financial institutions for AML and sanctions violations are only increasing. Last year was the second biggest year on record for these types of penalties, with USD 8.35 billion in fines issued for non-compliance with AML, KYC and sanctions regulations, accounting for over 60% of total global penalties against financial institutions.

    The threat of penalties - and the associated reputational and legal risk - has led to increasing demands from financial institutions for more effective and risk-sensitive onboarding and due diligence processes, highlighting a more fundamental need for greater operational efficiency in risk assessment processes.

    Meanwhile, the Covid-19 pandemic has emboldened criminals to try to circumvent standard KYC controls at financial institutions to exploit economic uncertainty and remote working arrangements, as reflected in multiple warnings issued by regulators asking financial institutions to stay alert to emerging financial crime risks. 

    Evolving landscape

    To add to this, global regulations around AML, KYC and sanctions are only increasing. In the European Union (EU), member states were required to transpose the 5th AML Directive in national legislation from January this year, while the 6th Directive is to be transposed by December 2020. This follows on from a raft of earlier regulations that have only added to the KYC burden for financial institutions - including the General Data Protection Regulation (GDPR), MiFID II, Dodd-Frank, and FATCA, to name a few.

    Notably, EU regulators are on a path towards harmonising the AML/CFT rules that are implemented across member states, as described in a May 2020 action plan which set out concrete measures to be taken over the next twelve months.

    The plan includes a single EU rulebook, to be proposed in Q1 2021, which is expected to include new measures to facilitate remote customer identification, verification, and onboarding, in addition to tougher enforcement against violations.

    Meanwhile, regulators in Asia Pacific are also continually refining their KYC regulations, alongside a shift towards digital banking and technology-powered financial services that increasingly raises the need for faster onboarding and account opening processes. This 'need for speed' - to meet the demands of today's customer - implicitly requires better risk assessment and mitigation tools.

    In addition, sanctions regimes are increasingly being used by governments to ensure foreign policy and economic goals. The increasing numbers of sanctions breach investigations, and the concomitant fines and reputational damage, mean that organisations also need to implement robust sanctions screening programmes that are able to respond to frequent sanctions changes in an agile fashion.

    KYC complexity 

    Given these developments, it is becoming increasingly important for financial services firms to uncover ownership and control data of legal entities, extending down the chain to direct and indirect subsidiaries, up the chain to shareholders and the ultimate beneficial owners, and across to other companies in the same corporate group and other connected individuals.

    Take, for example, the 50 Percent Rule, which is how OFAC (Office of Foreign Assets Control) determines whether entities not appearing on its SDN List (Specially Designated Nationals and Blocked Persons List) are considered 'blocked' because of an ownership link with entities that do appear on the List.

    Non-SDN List persons and companies are considered blocked entities by OFAC if they are at least 50 percent owned by any SDN listed entity. While these persons and companies do not appear on the official SDN list, they are still considered blocked entities and US persons and financial institutions are prohibited from transacting with them.

    Non-US financial institutions can also face repercussions for transacting with such entities, given recent guidance from US authorities that their correspondent accounts in the US could be targeted for sanctions violations, including a failure to detect a blocked entity.

    Delving into the level of granularity required to identify entities that are owned by each company on the SDN List can be complex, as many of the data sources needed to identify ownership and control relationships consist of data, news and other signals that need to be matched to an appropriate entity. In addition, monitoring and oversight of this vast spectrum of data can present a challenge for individual firms.

    Complicating matters further is the fact that KYC screening processes at some firms can yield up to 98% false positives, which consume compliance officers' time and resources as they assess the nature of each alert individually, and largely manually, even before a formal investigation is opened.

    In order to manage the complexities of AML, KYC and sanctions compliance, financial firms face a choice: either a massive increase in manpower dedicated to scanning increasingly complex data sets, or finding a solution that will perform some of these functions and allow existing compliance staff to focus on evaluating and investigating verified risk alerts.

    ​Entity level data 

    One such solution increasingly gaining popularity among financial institutions is Compliance Catalyst - a centralised, automated risk assessment platform powered by Orbis, a database containing information on more than 365 million public and private companies - in every country.

    Both Compliance Catalyst and Orbis are offered by entity data and software specialist Bureau van Dijk, a Moody's Analytics company, which has been investing heavily in solutions to better meet evolving regulatory requirements and the changing needs of financial institutions.

    Orbis coverage has increased by 22% over the past year and 75% over the past three years - offering additional data on companies' financials, corporate ownership structures, beneficial ownership information, and even data on individuals with which the companies are associated.

    Compliance Catalyst uses Orbis data to automate and streamline KYC, AML and sanctions research, making client onboarding and customer due diligence more efficient for compliance officers, while also allowing audit capabilities and significant automation to help identify risk quickly, and ultimately offering greater certainty of the risk any given business relationship may present.

    Amid heightened uncertainty in today's environment, financial institutions increasingly need access to complete and accurate entity level data to enhance their ability to assess risk.

    Given the current operational challenges firms already face, enabling additional efficiencies through automation will not only minimise the potential for AML and sanctions violations - and the associated penalties and reputational and legal risks. It also enables quicker onboarding and account opening, a key strategic advantage financial institutions need to ward off competition.

    More information on Compliance Catalyst is available here.

    More information on Orbis is available here