PROACTIVE VS. REACTIVE IN YOUR INVESTIGATIVE PROCESS / CUSTOMER DUE DILIGENCE Customer Risk Ranking Norberto Molina, VP, BSA/AML Manager Banco Popular de Puerto Rico PUBLIC - 1
Customer Risk Ranking - Topics Benefits / Features Transaction Surveillance & Monitoring (TSM) complements Customer Risk Ranking (CRR) Customer Risk Assessment CRR Roles & Responsibilities Triggers for High Risk Classification Reasonability Analysis CRR Drives Customer Due Diligence (CDD) PUBLIC - 2
Benefits / Features Customer Risk Ranking System based on score given to multiple factors, most of which are obtained during the account opening process which are based on the type of business and expected activity Customer risk categories established based on NAICS and/or profile information All existing customers risk ranked Process for periodic risk rating evaluations of the whole customer base through a Reasonability Analysis module within the application that allows for Dynamic Review of Customer Risk Risk score will be adjusted throughout the life of the relationship as a result of changes to the initial customer / account profile information and additional factors such as SARs filed, Subpoenas, 314(a), and adverse media information Documents are kept in a sole repository providing single data source Complete audit trail 3
TSM Complements CRR Customer Risk Ranking (CRR) Customer categories and risk ranking Enhance Due Diligence tool Document Initial & Periodic visit Automated Reasonability Analysis Monitoring of customer s expected profile W/T, Cash, ACH, Checks Provides periodic Visit Plan Continuous assessments of customer risk profile Account Transactional Surveillance & Monitoring (TSM) AML tool for the detection and analysis of unusual activities Exceptions based on total account profile and/or report parameters Monitoring of transactional profile CRR drives Customer Due Diligence Program 4
Customer Risk Assessment At account Opening Dynamic Script model sets risk score based on NAICS and other risk factors: Low risk (0 to 74 points) Medium (75 to 99) High (100 or more) Commercial Customers Initial Visit within 45 days required for certain business categories Consumer Customer Ranking based on product profile and demographics, including citizenship, occupation, country of residence, and PEP status Quarterly Reasonability Alerts Periodic Site Visit Periodic Profile Review Automated Analysis Customer that require a visit calculated for all customers will be reviewed by BM /RO based on account open date Those with a variance score of 100 pts. or more generate Alerts to analyze the situations that generated the profile deviation enabling documentation of customer profile activity variance Maintain the information up to date through communication with customers so profiles don t go stale Before the visit is performed, the officer will review the RA to confirm during the site visit any events / transactions that might have increased the customer score in the RA Customers with aggravating factors such as: Private ATM, Remote Deposit Capture, Money Service Business Agent, or Monthly Cash Deposits of over $25K will require a site visit Customer risk score triggers*: 12 mo 500+ 18 mo 300 to 499 24 mo 100 to 299 30 mo 75 to 99 ** 36 mo 1 to 74 ** *Aggravating factors override ** Business Customers Review is performed by a centralized unit to confirm score increase due to RA Document customer profile variance and / or update Customer Profile If reasonability is not attained, the Unit will contact the BM / RO to request reasonability information and / or site visit Customers with aggravating factors such as: Private ATMs, Remote Deposit Capture, MSBs agents or Monthly Cash Deposits over $25K will require a site visit. 5
Roles & Responsibilities Branch Platform: Complete KYC and KYA script at account opening Branch Assistant Manager: Perform Quality Review Branch Manager/CBC or Corporate Responsible Officer: For High Risk Customers complete CDD / EDD process, including Site Visit (if needed) Document within CRR KYC/KYA profile changes as a result of conclusions due to reasonability analysis alerts and / or site visits Branches / Corporate Retail & Corporate Centralized Units Review of Quarterly Reasonability Analysis for the whole customer base Periodic review of High Risk customers that do not require a site visit Periodic update of SARs, 314(a), PEPs, Subpoenas, and Adverse media data Quality Review of new High Risk customers (with & without initial visit) Quality Review of Reasonability Analysis performed to High Risk Customers Quality review of Quarterly Alerts of the whole customer base Periodic reports (Cash, W/T, ACH, ATM, RDC) BSA/AML CRR Unit CRR BSA Liaisons Perform Quality Review of Branch Process for all new accounts that scored High Risk Perform Quality Review of Reasonability Analysis Alert responses Perform follow up process of initial and periodic visit schedules Compliance support imbedded in the business units 6
Customer Risk Rating NAICS Triggers for High Risk Classification Auto (Motor Vehicles dealers & Auto Parts) Correspondent Banking Accounts Cash Intensive Business GAS (Gas stations, Gasoline distribution) Import/Export Non Bank Financial Institution Non Governmental Organization & Charities Private Post Office Professional Service Provider Contractor / Developers Third-party Payment Processors 7
Reasonability Analysis Screens 8
Reasonability Analysis Customer Score Impact Overall Risk before RA Overall Risk after RA 9
CRR Drives CDD - Summary Customer risk rated at time of on-boarding Could trigger an initial visit based on risk score, type of business and or services provided Background check according to CIP and or International Customer Alerts Transactional Surveillance and Monitoring Transactional Alerts - Historical vs. Actual Activity Customer Risk Ranking EDD Alerts - Expected vs. Actual Activity Quarterly Periodic Review - Customer Base Periodic Review for High Risk Customers Risk Level determines CDD Periodic Review intervals 10 Dynamic Assessment of CRR is essential!