THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK

Transcription

1 THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK ANGELA S M IRWIN KIM-KWANG RAYMOND CHOO Statement of intent This paper examines the technological challenges faced by financial institutions in setting up, managing and maintaining an effective Know Your Customer (KYC), Customer Due Diligence (CDD) and Customer Identification Program (CIP); as well as the future of money laundering and terrorist financing risk management with a focus on technologies.

2 About the authors Dr Angela S M Irwin s background and tertiary education is in information and communication technology and information system management. Dr Irwin graduated from the University of South Australia s Information Assurance Research Group, and her Ph.D. thesis is entitled Money Laundering and Terrorism Financing in Virtual Environments: A Feasibility Study. She is the leading expert on money laundering and terrorism financing in virtual environments, and has published several articles in the Journal of Money Laundering Control, the World s only peer-reviewed journal in the prevention, identification and prosecution of money laundering. Dr Kim-Kwang Raymond Choo is a Fulbright Scholar and Senior Lecturer at the University of South Australia. He has (co)authored a number of publications in the areas of anti-money laundering, cyber and information security, and digital forensics including a book published in Springer s Advances in Information Security book series and a book entitled Cloud Storage Forensics, 1st Edition to be published by Syngress, an imprint of Elsevier. He has been an invited speaker for a number of events (e.g UNODC-ITU Asia-Pacific Regional Workshop on Fighting Cybercrime), and delivered Keynote/Plenary Speeches at ECPAT Taiwan 2008 Conference on Criminal Problems and Intervention Strategy, 2010 International Conference on Applied Linguistics and 2011 Economic Crime Asia Conference, and Invited Lecture at the Bangladesh Institute of International and Strategic Studies. In 2009, he was named one of 10 Emerging Leaders in the Innovation category of The Weekend Australian Magazine / Microsoft s Next 100 series. He is also the recipient of several awards including the 2010 Australian Capital Territory (ACT) Pearcey Award for Taking a risk and making a difference in the development of the Australian ICT industry, 2008 Australia Day Achievement Medallion in recognition of his dedication and contribution to the Australian Institute of Criminology, and through it to the public service of the nation, British Computer Society s Wilkes Award for the best paper published in the 2007 volume of the Computer Journal, and the Best Student Paper Award by the 2005 Australasian Conference on Information Security and Privacy. Angela S M Irwin Kim-Kwang Raymond Choo 2 THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK November 2013

3 CONTENTS Executive Summary...4 INTRODUCTION...5 ESSENTIAL ELEMENTS OF AN EFFECTIVE KYC/CDD SYSTEM AND CIP...6 THE CURRENT STATE OF DATA ANALYSIS IN FINANCIAL INSTITUTIONS...7 CLOUD COMPUTING...9 THE WAY FORWARD: A THREE-PRONGED APPROACH THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK November 2013

4 EXECUTIVE SUMMARY Knowing a customer well helps a financial institution to manage their risks and meet regulatory requirements. However, it is one of the major challenges faced by financial institutions every day. Despite increased investment in AML/CTF systems, the systems in place by many financial institutions fall well below the standard necessary to deal with current or future regulatory demands placed on the industry. This paper discuss the challenges faced by financial institutions and how cloud computing and big data analytics may help financial institutions to better position themselves to more effectively deal with vast amounts of data and their ever-changing regulatory environment. This paper also discusses a three-pronged approach which may be used to ensure the effective use of up-to-date intelligence, make careful predictions about future trends in information and communication technology (ICT) and the scale of money laundering and terrorism financing risk landscape and ensure that appropriate controls are in place to ensure the resilience of AML/CTF strategy. 4 THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK November 2013

5 INTRODUCTION Financial institutions are in a time of growing business uncertainty, changing geo-political environment and ever-increasing regulatory scrutiny. Know your customer (KYC) and Customer Due Diligence (CDD) policies are becoming increasingly important globally as a tool to prevent money laundering, terrorism financing, financial fraud and identity theft. Knowing a customer well helps a financial institution to manage their risks and meet regulatory requirements. However, it is one of the major challenges faced by financial institutions every day. In addition, as regulatory definitions are neither globally consistent nor prescriptive, financial institutions are at risk of being held to different standards dependent upon their jurisdiction and regulatory environment 1. The USA Patriot Act, for example, requires that financial institutions develop a Customer Identification Program (CIP) appropriate to the size of its business. For large organizations with millions of account holders and businesses in more than 160 countries and jurisdictions worldwide, this can be an extremely complex task and a massive undertaking. Although financial institutions must quickly and effectively assess, align and implement an organizational best-fit customer compliance solution, in the case of an organization such as Citibank, a corporation-wide KYC solution is extremely difficult to envisage and implement. The staggering volume and complexity of data in such an organization also serves to complicate the issue further. Customer identification is the critical first step in anti-money laundering / counter terrorism financing (AML/CTF). A CIP includes the collection and analysis of basic identity information, and is usually part of wider KYC controls. A CIP also includes the checking of customers, and the transactions they perform, against hundreds of industry watch lists, politically exposed person (PEP) 2 lists and internal lists. It also includes the determination of the customer s risk in terms of propensity to commit money laundering, terrorism financing, financial fraud or identity theft, the creation of an expectation of a customer s transactional behaviour and the monitoring of a customer s transactions against their expected behaviour and recorded profile, as well as that of their peers. Financial institutions are required to manage their KYC and CDD compliance throughout the entire customer life-cycle, from customer onboarding through on-going due diligence. This can be done with the help of KYC/CDD solutions which operate in a stand-alone environment or as an integrated solution within the financial institution s existing technology infrastructure. Due to the constantly changing environment in which they operate, financial institutions are required to constantly update their AML/CTF transaction monitoring efforts, CIP and AML/ CTF processes, and make greater investment in monitoring systems. For example, between 2009 and 2010, financial institutions were reported to have implemented more than 1,200 new AML/CTF transaction monitoring systems. Despite increased investment in AML/CTF systems, AML/CTF transaction monitoring efforts in many organizations fall below the optimal standard. 1 For an overview of the legal framework and compliance, and enforcement outcomes of the AML/CTF regimes across countries with disparate legal traditions, namely the European Union (the United Kingdom, France, Germany and Belgium), Asia (the Republic of China (Taiwan), Hong Kong and Singapore), the United States and Australia, see Walters J, Budd C, Smith RG, Choo K-K R, McCusker R & Rees D Anti-money laundering and counter-terrorism financing across the globe: A comparative study of regulatory action. Research and public policy No 113, Canberra: Australian Institute of Criminology. documents/4/e/e/%7b4ee0eeca db-80a1-743cfce5d58e%7drpp113.pdf 2 Choo K-K R Challenges in dealing with politically exposed persons. Trends & Issues in Crime and Criminal Justice 386: THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK November 2013

6 This paper looks at the information and communication technology (ICT) challenges faced by financial institutions in setting up, managing and maintaining an effective KYC/ CDD and CIP. It examines how ICT is currently being implemented by financial institutions in the KYC/CDD and customer identification domains and explores how software and data might be better optimised to more effectively meet increasingly complex regulatory and compliance demands. It also discusses how technology can help financial institutions to simplify KYC/CDD and customer identification even though the number of customers, and the amount of information available on those customers, grows considerably each year. ESSENTIAL ELEMENTS OF AN EFFECTIVE KYC/CDD SYSTEM AND CIP There is great disparity in terms of the type of AML/CTF compliance software utilised by financial institutions in order to meet regulatory demands. For example, some financial institutions use complete end-to-end solutions, whilst others use software that focuses exclusively on targeting one part of the problem such as dealing solely with KYC, CDD, suspicious activity monitoring, case management or watch-list filtering. Some financial institutions use the most rudimentary tools such as and spread sheet tools to meet their regulatory requirements. Since these tools are not designed for AML/CTF purposes, they are not scalable and deliver results which lead to inconsistent decision-making. In reality, the AML/CTF systems in place by many financial institutions may fall well below the standard necessary to deal with current or future regulatory demands placed on the industry. For example, many AML/CTF systems cannot support segmented monitoring of customers and peer groups or produce cross-channel views of illicit behaviour. These systems may also lack the flexibility to deploy new monitoring strategies and are unable to scale to growing transaction volumes. In addition, many systems lack integration, which makes the sharing of information between systems extremely difficult or impossible. Members of compliance staff are often forced to query transaction systems and enter information into systems manually, thereby increasing the chances of human error. The following paragraphs discuss the essential elements of an effective KYC/CDD system and CIP, which will help financial institutions to better position themselves to successfully deal with complex regulatory demands imposed on their industry. It is believed that the ideal AML/CTF solution increases efficiency through streamlined automated workflows, rapid data collection, efficient alert management and prioritization, advanced case management, ad-hoc investigation, integrated research tools and comprehensive, centralized audit trails and reporting, whilst also satisfying local and global regulatory requirements. An effective KYC/CDD program also includes the use of detailed scanning and matching solutions. These are essential as financial institutions must be able to find, match and link similar entities, and discover hidden relationships between seemingly unconnected people, places and things. The scanning and matching solution should be able to search data where it lives, in its native format, without the need for normalization 3 or the building of an intermediate data warehouse. It should also be able to search data across disparate departmental silos and cross organizational boundaries, access hundreds of watch lists, and be able to integrate easily with existing KYC/ CDD solutions. The scanning and matching solutions must be able to perform millions of queries on hundreds of millions of rows of data across dozens of datasets, provide an auto alert 3 Normalization is the process of organizing the fields and tables of a relational database to minimize redundancy and dependency. Normalization usually involves dividing large tables into smaller (and less redundant) tables and defining relationships between them. 6 THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK November 2013

7 when a hidden relationship or pattern has been found, and have an intuitive content-rich or visualization interface for viewing results. Although scanning and matching technologies can be a valuable asset to an effective KYC/ CDD program, it can be very difficult or impossible for typical screening tools to make links between people, places and things when clerical errors, language barriers, and deliberate misrepresentation of information is introduced into the system. To reduce operational workload, screening tools must also be able to return a low number of false positive results. Watch-list filtering solutions should be used to provide financial institutions with enterprisewide, multi-jurisdictional and multi-business unit coverage for screening customers and transactions against sanctions, PEP and internal lists and manage regulatory requests. To minimize the risk of missing sanctions violations or high-risk customers, intelligent analytical solutions and intelligent learning systems can be utilised by financial institutions. However, the cost of these types of systems can be prohibitive to many small to medium-sized financial institutions. These organizations often turn to third party sanctions screening services to conduct watch-list filtering. A financial institution s customer identification program must include risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable. Intelligent risk-based scoring and screening systems should be used to identify customers with high risk profiles and high-risk behaviour. Risk scoring and screening should be integrated, automated, systematic and multi-factor 4. This ensures consistent decision making, increased operational transparency and reduces inconsistency in compliance processes. A dynamic and efficient risk-based scoring and screening system creates efficiency by focusing operation teams on high-risk customers and fully automating the process for low-risk customers. Although the tools and systems put in place to deal with a financial institution s AML/CTF compliance can have an impact on the success of those efforts, the financial institution s ability to manage and analyze data is of equal importance. This is becoming increasingly more important as the amount of data involved in conducting effective KYC/CDD and CIP activities continues to grow. THE CURRENT STATE OF DATA ANALYSIS IN FINANCIAL INSTITUTIONS Today, organizations are experiencing an unprecedented rise in the growth of data volume, variety and velocity. None more so than those in the financial services industry. However, there appears to be a misconception that financial institutions use sophisticated online and offline techniques to intelligently assess who their customers are and what their customers need. In reality, the financial services industry, big banks in particular, are far from this ideal state. This is confirmed in a recent study carried out by Oracle, a multi-national information technology corporation 5, who surveyed 333 North American C-level executives to understand their organizations preparedness to manage the data deluge and their ability to extract intelligence to improve operations, capitalise on new opportunities and create new revenue streams. Results from the financial service sector show that there is much room for improvement in how financial institutions, in the United States at least, collect, analyze and leverage the vast amounts of information that they collect on a daily basis. 4 Financial institutions in most countries are subject to exacting regulatory requirements and it would be advisable for the institutions to ensure that the systems comply with applicable regulatory obligations (e.g. data privacy laws) and industry standards. 5 From Overload to Impact: An Industry Scorecard on Big Data Business Challenges, Available at dialogue/ns/dlgwelcome.jsp?p_ext=y&p_dlg_id= &src= &act=4 (Last accessed 8 October 2013) 7 THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK November 2013

8 The main findings to come out of the study, in relation to the financial services industry, is that 94% of those surveyed are collecting and managing more business information today than they did two years ago. Of those who are collecting and managing more information, the average increase in business information collected and managed is 75%. When asked to grade how prepared their organization was for the data deluge (A to F, where F is the lowest grade), 25% of financial service organizations gave their organization a D or F, 56% gave their organization a C or lower and only 3% gave their organization an A. When asked what their biggest data management gripes were, the number one issue was that information was no longer relevant by the time that it got to their business managers (38%), closely followed by the right systems not being in place to effectively deal with data management issues (34%) and the systems on the market not being designed to meet the specific industry needs of their industry (34%). Based on the average revenue of the organizations surveyed, it is estimated that 12% of average annual revenue (USD 64.6M) was lost as a result of not being able to fully leverage the information collected. Almost all, 91% of the financial services organizations used industry-specific applications and software to help leverage information to make strategic decisions. However, when asked to select the top three applications which they felt had room for improvement, financial management (34%), customer relationship management (34%) and regulatory compliance (34%) were cited by most financial services executives. In order to improve information optimization, almost half of the financial services organizations questioned said that they most needed more customised systems/applications to meet the needs of their industry (47%). A significant number (38%) also felt that they needed greater ability to translate information into actionable insight. The same number (38%) also felt that they needed improved tools to collect more accurate information. Although over a third of executives claimed that improvements were necessary for applications that dealt with regulatory compliance, a similar number (38%) felt that regulatory compliance was an area that they did the best job of leveraging data to move their organization forward. Closely followed by customer service (34%) and sales and marketing (31%). When asked to select the top three areas that their organization could benefit most from better business intelligence or analytical capabilities, risk management (44%), alignment of risk and finance (41%) and regulatory compliance (41%) were cited by most executives. Finally, when asked how prepared their organization was to deal with the analytical needs associated with financial reform and new regulatory requirements, only 28% claimed to be very prepared. The highest number (63%), claimed to be somewhat prepared. The rest were not very prepared (6%) or unsure (3%). This survey confirms that it is early days for the effective adoption and utilization of high level analytics in financial institutions. There are a number of technologies and tools that may be used by financial institutions to help them more effectively address the issues and challenges associated with identifying customers, performing KYC and CDD activities and reducing their exposure to risk, whilst at the same time comply with ever-changing regulatory requirements. These are cloud computing and big data analytics. The following sections discuss the challenges faced by financial institutions and how cloud computing and big data analytics may help financial institutions to 8 THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK November 2013

9 better position themselves to more effectively deal with vast amounts of data and their everchanging regulatory environment. CLOUD COMPUTING In a typical financial institution, the data required to effectively perform effective customer identification is usually distributed throughout various systems, locations and departments, often worldwide. In many cases, these systems are old legacy applications which cannot adapt quickly, or at all, to changing market or regulatory conditions. These systems often do not provide a holistic view of the customer, integrate well with other applications, or offer the ability to collaborate in real time. The costs associated with application decommissioning, data migration and the implementation of new technology can be extremely expensive. However, financial institutions that do not make significant investment in their technology and infrastructure may lose the ability to compete in an extremely competitive environment. Many of these challenges can be addressed by cloud computing. Cloud computing allows extremely large amounts data to be stored, accessed and analyzed from a centralized location once rather than having to access and analyze that data from numerous department-centric and siloed databases via data warehouses. This obviously has cost saving advantages, due to the fact that less hardware is being managed, and allows for seamless interaction with the data held within. Cloud computing also has the advantage that as the amount of data grows or decreases, the cloud can be expanded and scaled in size to fit. Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources such as networks, servers, storage, applications and services 6. Cloud computing resources can be rapidly provisioned and released with minimal management effort or service provider interaction. The benefits of using cloud computing include significant cost savings on IT infrastructure, software and licensing fees, faster and more responsive upgrade functionalities, the possibility of a more globalized workforce, streamlined processes and operational efficiencies, improved accessibility and business continuity, flexibility in work practices and more effective collaboration allowing financial institutions to communicate and share more easily outside traditional methods. A number of major technology service providers are aiming their cloud-based services at financial institutions and a number of financial institutions are among the many organizations that are closely examining cloud-based IT solutions to determine whether or not to move all, or at least part, of their IT infrastructure into the cloud. However, there are a number of key concerns that must be considered and resolved before cloud computing becomes a viable option. These concerns include data privacy, data and system security, data protection and integrity, business continuity and contingency planning, and liability/ risk management. Moving to the cloud can be an extremely complex undertaking, especially when you add into the mix issues relating to regulatory oversight of cloud computing. Although authoritative financial regulatory guidance on cloud computing activities for regulated financial organizations is still somewhat sparse, it is evolving. Financial regulatory agencies have indicated, however, that the same regulatory requirements and standards which apply to financial organization third-party technology outsourcing activities also apply to cloud computing activities 7. 6 Jansen, W & Grance, T (2011) Guidelines on Security and Privacy in Public Cloud Computing, Gaithersburg, MD: National Institute of Standards and Technology. 7 Horn, C M & Ford, C (2012) Are financial institutions ready for cloud computing? Available at (Last accessed 19 September 2013) 9 THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK November 2013

10 Cloud computing is essentially the acquisition of IT services through a new delivery channel. Therefore, the risk management, compliance and liability reduction principles that apply to financial institutions general technology service activities apply with equal force to their cloud computing activities, regardless of the types of services or applications that they may want to access through the cloud. This also applies to the public, private or hybrid nature of the cloud platform that they may seek to access. It is believed that, at least in the short term, the financial institution market for broad-scale cloud IT services may be limited primarily to those financial institutions that are prepared to purchase a highly-customized but significantly more expensive private or semi-private cloud platform 3. But cloud technology offers the promise of very significant economies, and ready access to a wide array of on-demand IT services, that are strongly attractive to the financial institution community, and there are some indications that the technology service provider community may be arousing to the need to adapt their products and services to the demands of their regulated financial institution clients. It is clear that financial institutions need to unify platforms and reduce the number of applications used in their organization to become more agile and IT architecture needs to become more focussed on simplification. It is believed that cloud computing would be a significant step in this direction. Great benefits can be gained when the adaptability of the cloud are combined. A holistic view of the customer and the risk that they pose becomes possible. The challenges posed by distance are removed in cloud computing, for example a corporation-wide AML/CTF, KYC/ CDD and CIP can be implemented as easily in a global organization as it can in a local one. It is also much easier to disseminate information to and collaborate with staff from different branches anywhere in the world. Due to the centralized nature of cloud computing and big data analytics, efficient alert management and prioritization, advanced case management and ad-hoc investigation can be carried out on a larger amount of data in a fraction of the time. Scanning and matching solutions become much more efficient and effective as data can be searched where it lives rather than having to normalize the data and create data warehouses in order to query and search the data to find matches and relationships between places, people and things. THE WAY FORWARD: A THREE-PRONGED APPROACH Money laundering and terrorism financing are detrimental to a nation s economic growth and development. Criminals and terrorists will go to great lengths and constantly seek to exploit new areas and opportunities to manipulate and exploit vulnerabilities and opportunities whether these be in law enforcement, political, regulatory, business, economic, legal or online environments. Their only limitation is that of the imagination. Countering money laundering and terrorism financing activities is a multifaceted endeavor, and is defined not only by human, process and technical perfection but rather by an ability to manage these imperfections. Money laundering and terrorism financing risks and windows of vulnerability evolve over time, partly in response to defensive actions or crime displacement. Although the speed of change in ICT development and adoption means that history may offer limited guidance about the future threat landscape, understanding the risk landscape is crucial to a financial institution s AML/CTF strategy. Data is the foundation of the AML/CTF strategy, and information and intelligence contribute to the financial institution s understanding of current money laundering and terrorism financing risks and the need to report suspicious activity. 10 THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK November 2013

11 It is, therefore, essential to canvass global developments of the criminal, political, regulatory and business environments that may give rise to money laundering and terrorism financing activities, as, clearly, many of the risks are based in global features of the criminal economy and the global threat landscape. This is also consistent with Felson s 8 evolutionary perspective on criminal phenomena where he highlighted the importance of understanding the interplay of the perpetrator and the surroundings (also termed as crime ecology); as well as the practice of intelligence analysis, which involves a continuous cycle of tasking, collection, collation, analysis, dissemination and feedback 9. The fundamental aim of the three-pronged approach is to ensure the effective use of up-todate intelligence (broadly defined) in a combined top-down/bottom-up approach to provide situational awareness, make careful predictions about future trends in ICT and scale of the money laundering and terrorism financing risk landscape at both localized and international levels, the impact of money laundering and terrorism on society and the financial institution, and to ensure that appropriate controls (e.g. resources and investment) are made to ensure the resilience of the AML/CTF strategy. An ongoing environmental scan and systematic money laundering / terrorism financing risk analysis of the existing and emerging payment technologies, and their implications for governments, financial institutions and other key stakeholders will provide a better sense of the money laundering and terrorism financing risks posed by these technologies. This would also facilitate policymakers, AML/CTF regulators, financial intelligence and law enforcement units and other key stakeholders in identifying the main vulnerabilities, evaluating and exploring strategies that would best utilize existing resources within governments to address identified vulnerabilities. At a strategic level the findings about new and changing money laundering and terrorism financing threats or opportunities will allow policy makers and other key stakeholders to reach a level of consensus and decide on broad AML/CTF strategies, policies and resources in a timely fashion. At the operational level (e.g. investigations), findings about new or changing patterns of money laundering and terrorism financing activities, both domestically and internationally, will support operational units in their decisions about focusing scarce government resources in the most effective way. In addition, once the scale of money laundering and terrorism financing activities is known, the macroeconomic effects and the impact and effectiveness of existing AML/CTF policy and People Technology Process legislative responses can be evaluated 10. It is also important to invest and conduct more strategic research and evaluation that can 8 Felson, M (2006) Crime and nature. SAGE Publications 9 Ratcliffe, J (2003) Intelligence-led policing. Trends & Issues in Crime and Criminal Justice 248: Choo, K-K R (2013) New payment methods: A Review of FATF Mutual Evaluation Reports. Computers & Security 36(2013): THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK November 2013

12 provide policy and practice-relevant evidence, and help address specific gaps in knowledge concerning the risk of money laundering and terrorism financing activities. For example, the importance of research in the fight against organised crime was highlighted in a 2007 Australian Parliamentary Inquiry into the future impact of serious and organised crime on Australian society, where concerns were raised about...the increasing use of technology, transnational connections and fluidity of organised crime groups [that] will make law enforcement s task of policing organised crime s illicit activities more difficult. In the inquiry, the Australian Crime Commission...called for a greater involvement and contribution by academia to the body of research informing Australia s policy and operational choices in fighting organised crime and suggested that a lot more work could be done to fill in some of the gaps [such as] the value of organised crime markets, which is about the revenue derived by organised crime in pursuit of illegal activity To deal with organised crime, to assist in forming policy and to have better operational responses, you have to look at the problem itself and understand organised crime markets Parliamentary Joint Committee on the Australian Crime Commission (2007). Inquiry into the future impact of serious and organised crime on Australian society. Canberra: Parliament House 12 THE FUTURE OF TECHNOLOGY IN CUSTOMER IDENTIFICATION & RELATIONSHIP RISK November 2013

13 THOMSON REUTERS ACCELUS The Thomson Reuters Governance, Risk & Compliance (GRC) business delivers a comprehensive set of solutions designed to empower audit, risk and compliance professionals, business leaders, and the Boards they serve to reliably achieve business objectives, address uncertainty, and act with integrity. Thomson Reuters Accelus connects business transactions, strategy and operations to the everchanging regulatory environment, enabling firms to manage business risk. A comprehensive platform supported by a range of applications and trusted regulatory and risk intelligence data, Accelus brings together market-leading solutions for governance, risk and compliance management, global regulatory intelligence, financial crime, anti-bribery and corruption, enhanced due diligence, training and e-learning, and board of director and disclosure services. Thomson Reuters has been named as a category leader in the Chartis RiskTech Quadrant For Operational Risk Management Systems, category leader in the Chartis RiskTech Quadrant for Enterprise Governance, Risk and Compliance Systems and has been positioned by Gartner, Inc. in its Leaders Quadrant of the Enterprise Governance, Risk and Compliance Platforms Magic Quadrant. Thomson Reuters was also named as Operational Risk Software Provider of the Year Award in the Operational Risk and Regulation Awards For more information, visit accelus.thomsonreuters.com 2013 Thomson Reuters GRC00667/11-13