IDENTITY MONITORING: KEEPING A FINGER ON THE PULSE OF CLIENT IDENTITY CHANGES

Similar documents
SPECIAL REPORT: KYC AND AML POLICY IMPLEMENTING BEST PRACTICE IN AN EVER-CHANGING REGULATORY ENVIRONMENT

ACCELUS ORG ID KYC MANAGED SERVICE

THOMSON REUTERS ACCELUS. Know Your Customer (KYC), Kontrol Your Costs (KYC) and Keep Your Customers (KYC) happy

ACCELUS ORG ID FOR CLIENTS OF FINANCIAL INSTITUTIONS

KNOW YOUR THIRD PARTY

SFC AML/CFT Seminar Governance, PEPs & Transaction Monitoring. Philip Rodd

Policy on Prevention of Money Laundering and Terrorist Financing ABH Holding S.A.

INTEGRITY DUE DILIGENCE GUIDELINES FOR LENDING TRANSACTIONS

THOMSON REUTERS ACCELUS

Wolfsberg Anti-Money Laundering Principles for Correspondent Banking

The proposed Fourth Money Laundering Directive

CLIENT ON-BOARDING: THE SOLUTION LANDSCAPE

A guide to reducing the cost of AML compliance with electronic identity verification

AN INTEGRATED APPROACH TO COMPLIANCE AND RISK MANAGEMENT IS THE BEST WAY FORWARD BY MARTIN WOODS OCTOBER 2011

Stop losing customers to outdated KYC processes

Know Your Customer (KYC), Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)

O C T O B E R

Admiral Markets. ID Verification solution: Overview. Case Study

Autoridade Bancária e de Pagamentos de Timor-Leste Banking and Payments Authority of Timor-Leste

AML Topics Using analytics to get the most from your transaction monitoring system

Wolfsberg Statement Anti-Money Laundering Guidance for Mutual Funds and Other Pooled Investment Vehicles

LexisNexis UK Anti-Money Laundering (AML) White paper

Product. AML Risk Manager for Life Insurance Complete End-to-End AML Coverage for Life Insurance

Wolfsberg Statement on AML Screening, Monitoring and Searching (2009)

A Critical Need: The Importance of AML Compliance for Broker-Dealers

AML & CFT Innovations to Mitigate Risks Lessons from the e-money

How small banks manage money laundering and sanctions risk

HIGH-RISK COUNTRIES IN AML MONITORING

COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved.

Ultimate Beneficial Ownership The Implications of Not Knowing

AUSTRAC. supervision strategy

Sanctions risk: what is the regulatory challenge for compliance officers?

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

Fifth annual survey. Look before you leap Navigating risks in emerging markets

Financial services regulatory compliance. Changing demands require the right perspective

Ultimate Beneficial Ownership An AML-CTF Challenge: Approaches, Issues, and Challenges

FSA reports on how banks deal with high-risk customers, correspondent banking relationships and wire transfers

Anti-Money Laundering and Counter- Terrorism Financial Policy

Wolfsberg Frequently Asked Questions ( FAQs ) on Selected Anti-Money Laundering Issues in the Context of Investment and Commercial Banking

ANTI-MONEY LAUNDERING AND COUNTER-TERRORISM FINANCING (AML AND CTF) PROGRAM PART A

ANTI-MONEY LANDERING & COUNTER TERRORISM FINANCING POLICY

Wolfsberg Frequently Asked Questions ( FAQs ) on Politically Exposed Persons ( PEPs )

N a t i o n a l F u n e r a l D i r e c t o r s A s s o c i a t i o n

Information Technology Audit Considerations When Designing Audit Coverage For AML Applications

Module 4. Risk assessment for your AML/CTF program

Client Update Fourth Anti-Money Laundering Directive Comes Into Force

Egmont Group Plenary St Petersburg July 2012 Anti money laundering in new payment technologies

Financial services firms approach to UK financial sanctions. Financial Services Authority

Wolfsberg Anti-Money Laundering Principles for Private Banking (2012)

By MoneyGram Payment Systems, Inc. Anti-Money Laundering and Counter-Terrorism Financing Regime Review

ACCOUNTANTS AND TAX ADVISORS

Accountability: Data Governance for the Evolving Digital Marketplace 1

The Wolfsberg Group Anti-Money Laundering Questionnaire. Financial Institution Name. 8 Canada Square, London E14 5HQ

Note: This sectoral guidance is incomplete on its own. It must be read in conjunction with the main guidance set out in Part I of the Guidance.

Product. Onboard Advisor Minimize Account Risk Through a Single, Integrated Onboarding Solution

Purpose of this document

EPIF POSITION PAPER ON ACCESS TO BANK SERVICES FOR PAYMENT INSTITUTIONS

ACCELUS COMPLIANCE MANAGER FOR FINANCIAL SERVICES

You Can t Afford the Risks

THOMSON REUTERS ACCELUS. The FCA: A Game Changer

National Occupational Standards. Compliance

one admin. one tool. Providing instant access to hundreds of industry leading verification tools.

Meeting Identity Theft Red Flags Regulations with IBM Fraud, Risk & Compliance Solutions

Anti-Money Laundering and Anti-Bribery and Corruption Systems and Controls: Asset Management and Platform Firms

DEVELOPING AN AML (ANTI-MONEY LAUNDERING) PROGRAM:

Cyber Security. A professional qualification awarded in association with University of Manchester Business School

BRAZIL BENEFICIAL OWNERSHIP TRANSPARENCY

Enhanced Customer Due Diligence ADVISORY / FINANCIAL SERVICES

Cyber Security - What Would a Breach Really Mean for your Business?

Anti-money laundering and countering the financing of terrorism the Reserve Bank s supervisory approach

Financial crime: a guide for firms Part 1: A firm s guide to preventing financial crime

FINANCIAL SERVICES FLASH REPORT

Complete Financial Crime and Compliance Management

The 2006 FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual:

Wolfsberg Statement Guidance on a Risk Based Approach for Managing Money Laundering Risks

Wolfsberg Statement Guidance on a Risk Based Approach for Managing Money Laundering Risks

North America Account Opening Guide

Appendix A DRAFT INFORMATION MANAGEMENT PLAN

An Oracle White Paper October An Integrated Approach to Fighting Financial Crime: Leveraging Investments in AML and Fraud Solutions

Risk Based Approach putting it into practice

Banks management of high money-laundering risk situations

FINRA E-Learning Courses

Wolfsberg Frequently Asked Questions ("FAQs") on Correspondent Banking

Legislative Review and Mutual Evaluation Criminal Law and Law Enforcement Branch Attorney-General's Department 4 National Circuit BARTON ACT 2600

Lincoln Financial Group. FTC/SEC Red Flags Identity Theft Prevention Program

Managing Regulatory Compliance and AML Risk in a Virtual Currency World

ING DIRECT Customer Identification Procedures for Brokers

Regulatory Change Management:

Proposed reform to strengthen Customer Due Diligence

Transcription:

IDENTITY MONITORING: KEEPING A FINGER ON THE PULSE OF CLIENT IDENTITY CHANGES By Neil Jeans The views and opinions expressed in this paper are those of the authors and do not necessarily reflect the official policy or position of Thomson Reuters.

Identity Monitoring: Keeping a Finger on the Pulse of Client Identity Changes 2 EXECUTIVE SUMMARY Banks and financial institutions (FIs) have a legal obligation to create and maintain a complete and accurate identity profile for each client with whom they do business. But circumstances change over time and client identity information that is not maintained on a continual basis degrades. Many banks only address this degrading of information periodically, by operating an information refresh schedule. This is costly and time-consuming and also contributes to a poor client experience. More importantly, holding outdated information in the gap between refreshes can expose a bank to a myriad of risks. Dynamic identity monitoring can solve these challenges by detecting changes as they occur and flagging information that may warrant further investigation and, in doing so, trigger more frequent refreshes. The result is that information is continually updated and risks are mitigated. WHAT IS IDENTITY MONITORING? Identity monitoring is part of the ongoing due diligence required by regulations around the globe, and is a dynamic process that identifies changes in client identity information. Banks currently undertake identity monitoring through structured periodic refresh cycles based on the assessed risk of each client. These cycles are scheduled over a number of years. However, changes in a client s identity can occur more frequently than the periodic refresh cycle operated by most banks, and whilst not all changes are material in nature, more dynamic identity monitoring can throw up red flags and highlight cases where further investigation would be prudent. WHY IS IT IMPORTANT? Let s take a step backwards. When a new client is on-boarded, they furnish their bank or FI with the necessary identity documentation as required by law. Over time, however, this information becomes stale and records become progressively less accurate. Although banks and FIs do monitor client accounts, to date this monitoring activity has been largely transactional in nature, with a complete refresh and remediation performed at intervals perhaps every three or five years, for example. These refresh and remediation exercises are costly and timeconsuming both the effort and the costs are incurred in peaks and troughs. Moreover, they are a negative experience for the client as mountains of information are once again requested. But perhaps most importantly of all, in the period between each refresh and remediation exercise, client information is continually degrading and potentially leaving banks and FIs non-compliant and therefore at risk. Dynamic identity monitoring effectively removes the need for costly periodic refreshes, since client information is kept current. By constantly identifying and flagging changes as they happen, identity monitoring keeps client identity information up-to-date at all times, the client experience improves and banks remain compliant. IF IDENTITY SCREENING IS ALREADY BEING DONE, WHY IS MONITORING NECESSARY? Identity monitoring is performed in addition to ongoing screening (which assesses sanctions, PEP, adverse information, and negative media risk surrounding an end-client) and the processes work hand-in-hand to ensure the effective maintenance of client records. The two are, however distinct functions. Screening involves checking data that you already have. For example, if there are five parties related to an account, they must all be screened against PEP lists. Monitoring, on the other hand, will pick up a change in identity data, including the parties related to the account. Both are ongoing procedures and the changes identified by monitoring will inform the screening activity being undertaken. A good example is that of a foreign student opening a bank account. The bank performs the necessary on-boarding procedures (including identity verification) at the time the account is opened, but only refreshes the account information every five years. During the refresh process five years later, the bank finds that the student has returned to their home country, become a senior politician and has posed a PEP risk for years. This sort of scenario is commonplace and highlights the unintended risks of refreshing identity information on a periodic basis only. The essence is this: identity monitoring helps banks to understand changing risks and highlights every change as it happens, because any change could be important. REAL LIFE BENEFITS Dynamic identity monitoring delivers several important benefits. For example, when identity theft occurs, fraudsters will alter certain information (such as log in information or contact details) in order to allow them access to the victim s accounts. This sort of change will immediately be flagged if a dynamic identity monitoring procedure is in place. Whilst a change of this nature may be perfectly legitimate, it can also be an early warning sign and can help to prevent identity theft and account takeover. In addition, banks and FIs that have credit relationships with clients benefit if they are made aware of changes to the client s circumstances, because any material change in circumstance may alter the way in which a client is viewed in terms of credit risk. Identity monitoring also helps banks to manage other risks. A significant change to a customer s circumstances, for example, if they become a politically exposed person (PEP), could leave the bank exposed to compliance risk. If this information is in the public domain, but the bank is not yet aware of the development because it is waiting for the next periodic refresh, this could attract regulatory scrutiny and leave the bank vulnerable to potentially severe reputational risk.

Identity Monitoring: Keeping a Finger on the Pulse of Client Identity Changes 3 THE REGULATORY DRIVERS OF DYNAMIC IDENTITY MONITORING The plethora of regulations globally in this space is increasingly daunting. Whilst there has always been a regulatory requirement to conduct ongoing due diligence, organizations can expect this requirement to increase substantially over the next 18 months or so. Central to the regulatory changes affecting identity information are the 2012 FATF Recommendations, which are already starting to filter into regulations around the globe. In Europe, the country by country implementation of the 4th EU Anti- Money Laundering (AML) Directive has consequences for all organizations within the EU insomuch as the regulated sector will be required to place greater emphasis on identifying and mitigating risk on an ongoing basis. In the US, the Financial Crimes Enforcement Network (FinCEN) s proposed rules document also indicates a move towards more stringent ongoing client due diligence requirements, including more information about beneficial ownership. Other countries around the globe are also moving to amend legislation in line with the FATF Recommendations. It is clear from the above that it is increasingly crucial for banks and FIs to keep their client information current and that they therefore need to find new ways to enhance and streamline procedures in order to stay ahead of the regulatory curve. TECHNOLOGICAL ADVANCES Innovative solutions that leverage the enormous power of technology are available to help with the substantial challenge of tracking every change to every customer s information. To date we have seen reliance on hard copy documentation, which presents an array of challenges, including secure delivery and storage, as well as the ability to use the information when undertaking ongoing due diligence. This reliance on hard copies is steadily changing as advances in technology mean that our ability to mine vast amounts of online data is growing exponentially. In this age of digitalization, more and more individuals and legal entities have a digital footprint. If we could project 10 years into the future, we could well encounter a world where online footprints including Facebook, Twitter and LinkedIn, when combined with the connectivity of multiple data points in the online space, are robust enough to be used to identify and verify a client without the need for any hard copy documentation. DEVELOPING SOLUTIONS In response to the intense regulatory scrutiny on financial institutions, the market has leveraged these technological developments and a number of KYC providers now have the ability to build a complete online record of a client using publically available information (for example, from Companies House). When choosing a preferred KYC partner, financial institutions should consider the provider s ability to enhance the scheduled periodic KYC refresh by dynamic identity monitoring and eventdriven refresh. An ideal KYC partner should be able to manage and control this process within a robust structure no matter how small the change. As Fig. 1 illustrates, an ideal process flow would include client data being automatically evaluated against a vast set of databases on a daily basis, with all identity changes being flagged for manual review. While not all changes will be material, some can lead to modification of the required due diligence level or to risk flags being associated with the record. Thomson Reuters has been helping financial institutions reduce the complexity associated with the client identity monitoring process for a number of years. This new approach to ongoing client identity monitoring is already bringing new insights into the challenges faced in maintaining accurate and current information about clients identities. Fig. 1: An ideal process flow for dynamic identity monitoring Internal Identity Data Sources External Official Primary Sources Stock Exchanges, Regulators, Registries External Internet Sources Web/General News/Social Media Internal Media Sources & Publications External Identity Data Sources Automated Monitoring Review Sometimes changes into Potentially Valid Events Actionable Updates Action A range of internal and external sources are automatically monitored on an ongoing basis. Events flagged within agreed accuracy tolerance levels are passed to an Analyst. The relevant fields are fully updated and the record republished once the relevant source document proves the change. Research Analyst

Identity Monitoring: Keeping a Finger on the Pulse of Client Identity Changes 4 Over the last 9 months for example the following changes in identity information for a sample of 5,000 client records that Thomson Reuters monitored, have been detected: 30% are changes in directors or controllers, 20% are changes in ownership or ultimate beneficial owners, 17% are changes in the address or location of business operations, 10% are changes in the name of the entity, 5% are changes in regulatory status, 3% are changes in private/public (listed) status, and 3% are merger and other corporate actions Most people would agree that changes to this type of information could materially affect the identity of the client, and therefore a bank or FI s ability to demonstrate that it continues to know its client. They could also potentially impact the risk profile of the client. We all appreciate that identity data goes stale over time, but KYC service providers should have the ability to see exactly how quickly it degenerates. Based on the empirical evidence from Thomson Reuters, it is likely that within 18 months to 2 years most records will hold out of date or inaccurate data if they are not actively monitored. A KYC managed service provider should be able to offer this level of ongoing client identity monitoring on an out of the box basis. This requires a significant investment in technology and the ability to leverage that capability into a unique, dynamic identity monitoring service with the ability to detect every change and to identify, investigate and manage all material changes. CONCLUSION Whilst periodic refresh/remediation of client identity records is a major undertaking, ongoing monitoring keeps your data fresh, removing many of the headaches associated with a once-off refresh. Not only are the peaks and troughs smoothed out, but costs and effort are also balanced and the client experience improves. But perhaps most importantly, banks and FIs are constantly aware of changes to client identity information as they happen, meaning that they can take appropriate action if necessary. Adopting a more dynamic and efficient approach to the client identity data refresh process is to the benefit of all stakeholders the bank, the client and the regulator. This much is certain: there will be increased regulatory scrutiny in the coming months and years, and keeping ahead of this anticipated regulatory curve is the prudent approach. In 10 or 20 years time, it is highly likely that ongoing dynamic identity monitoring will be standard practice. My advice is therefore simple: start now. Fig. 2: Common client identity information changes

Identity Monitoring: Keeping a Finger on the Pulse of Client Identity Changes 5 About the Author NEIL JEANS Neil has a unique background in financial crime risk management with extensive experience in AML/CTF, sanctions and anti-bribery across banking products and services, spanning over 20 years. Neil has worked as a Police Officer investigating financial crime, including domestic and international fraud and money laundering. As a financial services regulator, Neil was central to developing the anti-money laundering regulation and handbook, as well as the supervision techniques for the UK FSA (FCA) in the late 1990 s/early 2000 s. Neil has also worked at senior levels managing AML, sanctions and anti-bribery risk management and compliance across Europe, the US, Latin America, Asia and Australia. This included three major European financial services companies (ABN Amro, UBS, and Santander) and one major Australian bank (National Australia Bank). Neil was a member of the UK Joint Money Laundering Steering Group (JMLSG) Board responsible for the major revision of AML guidance published in 2006; he was also a founding member of the SWIFT Sanctions Advisory Group, representing Asia Pacific banks. Neil also regularly participated in the Private Sector Expert forum of the Financial Action Task Force (FATF). In addition, Neil is a Member of the Faculty and teaches the ICA (Post Graduate) Australian AML Diploma. Neil has been working with Thomson Reuters, advising on the design, development, and build of Accelus Org ID since May 2013. RISK MANAGEMENT SOLUTIONS FROM THOMSON REUTERS Risk Management Solutions bring together trusted regulatory, customer and pricing data, intuitive software and expert insight and services an unrivaled combination in the industry that empowers professionals and enterprises to confidently anticipate and act on risks and make smarter decisions that accelerate business performance. For more information, contact your representative or visit us online at risk.thomsonreuters.com 2015 Thomson Reuters GRC03216_MKT/7-15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information