Best Practices in Customer Due Diligence NetPractice is now Fiserv Neil Katkov Senior Analyst at Celent Duration: 37 minutes 2 2009 Fiserv. All Rights Reserved.
Introduction About NetPractice Best-practice user community Committed to providing useful resources, training and networking services Foster personal growth, and increase member s ability to control risk. www.netpractice.fiserv.com www.netpractice.fiserv.com 3 2009 Fiserv. All Rights Reserved.
Introduction Neil Katkov, PhD Neil Katkov, PhD Neil Katkov, based in the firm's Tokyo office, is Senior Vice President of Celent's Asia Research group. His areas of expertise include the Asian financial services industry, financial services distribution channels, and compliance issues including anti-money laundering and business continuity planning. Dr. Katkov produces Celent's popular reports on IT spending trends in the Asian banking, securities, and insurance industries. He regularly advises leading financial institutions and technology vendors on their business, technology, and compliance strategies. Dr. Katkov is widely quoted in the press, including The New York Times, The Wall Street Journal, The Financial Times, BusinessWeek, Newsweek, Time, and The Banker. He has appeared on CNBC and CNN, and is a popular speaker at conferences in North America, Asia, and Europe. www.celent.com nkatkov@celent.com 4 2009 Fiserv. All Rights Reserved.
26 March 2009 Best Practices in Customer Due Diligence Neil Katkov Senior Vice President nkatkov@celent.com A member of the Oliver Wyman Group www.oliverwyman.com
About Celent Independent IT Strategy Research for Financial Services Firms Banking Securities & Investments Insurance Syndicated Research Overviews/Market Trends/Surveys Case Studies Vendor Comparisons Ongoing Advisory Services Custom Research & Strategy Consulting 2008 Oliver Wyman www.oliverwyman.com 6
IT spending on compliance-related systems is rising Banks are being bombarded by compliance and regulatory requirements: Banks are allocating significant funds to these projects due to their time-sensitivity as well as their importance to the organization Banks are challenged to meet requirements in a timely manner while effectively running and growing the rest of the operation The impact of the spending is to the point where IT budgets are strained and the banks have little breathing room Places other IT projects on the back burner Can jeopardize the competitiveness of the banks offering There are too many requirements sharing the same limited IT pot In this environment, financial institutions need more than ever to find efficient solutions to KYC/CDD requirements 2008 Oliver Wyman www.oliverwyman.com 7
AML requirements in the US: USA Patriot Act Section 312. Clarifies special due diligence for correspondent accounts and private banking accounts. Section 326 is driving demand for KYC and customer due diligence solutions, as well as ID verification database services Section 314. Facilitates the sharing of information between government agencies and financial institutions. Section 314 is driving demand for AML transaction monitoring as well as reporting tools. Section 326. Sets forth the minimum requirements financial institutions must meet to identify their customers. Section 326 is driving demand for KYC and customer due diligence solutions, as well as ID verification database services Section 352. Requires all financial institutions to establish a four-point anti-money laundering program. Section 352 is driving demand for AML transaction monitoring and watchlist filtering tools. 2008 Oliver Wyman www.oliverwyman.com 8
AML regulations in Europe: 3rd EU ML Directive - Bans anonymous financial accounts; requires financial institutions to identify the beneficial owner of an account. - This article is driving demand for KYC and customer due diligence solutions. - Requires FIs to determine if a customer is a PEP, and implement enhanced monitoring of PEPs. - This article is driving demand for enhanced AML databases such as World- Check. - Requires large or suspicious transactions and patterns of transactions to be investigated for possible money laundering, and reported to that jurisdiction s FIU (financial investigative unit). - This article among others is driving demand for transaction monitoring solutions. - Applies risk-based approach to customer due diligence: simplified customer due diligence can be applied to low-risk customers. - This article is driving demand for risk scoring capabilities in KYC solutions. - Subsidiaries of FIs covered by the directive should comply with the directive even when they operate outside the EU. - This article is driving demand for AML solutions with multi-geography capabilities. 2008 Oliver Wyman www.oliverwyman.com 9
Risk-based approach for compliance and efficiency Risked-based approach focuses on the account level. This involves assigning a risk score to accounts (both retail and institutional) based on factors such as type of business and geography Clients are asked to describe their business, source of funds, expected transaction frequency, beneficiaries of account, purpose of investment and expected investment levels (for securities accounts), etc. This can be used to generate a profile of expected account behavior. If actual account activity differs from the expected profile, this is deemed suspicious activity and is investigated Accounts deemed high risk are subjected to extra customer due diligence scrutiny at account opening. Activity in high risk accounts is regularly monitored by AML analysts Firms can spend less time on lower risk accounts, for more efficiency in their AML programs AML technology can automate the process of assessing risk levels, flagging accounts with high-risk features, and continuous monitoring of specific accounts 2008 Oliver Wyman www.oliverwyman.com 10
CCD/KYC modules are an increasingly key part of an AML technology approach FINANCIAL INSTITUTION Alerts Data Warehouse Fraud Solution AML Solution Case Mgmt Data Analysis Transaction Monitoring Watch list filtering: checking account holders, beneficiaries, and transactions against terrorist, criminal and other blocked-persons watch lists published by various government agencies. Customer Due Diligence/account setup: Also called onboarding or KYC, involves performing due diligence on new customers, including ID verification and risk profiling. Risk scores should be integrated with ongoing transaction monitoring activities. Customer Due Diligence/KYC Source: Celent 2008 Oliver Wyman www.oliverwyman.com 11
Enriched AML databases are the final piece of the CDD puzzle Risk officers point to the KYC/onboarding area as a major source of concern and are looking for solutions to help. Databases add value to this process Regulators in both the US and Europe are emphasizing risk assessment of customers and customer due diligence, making KYC programs and on boarding the focus of new AML activity. Making a positive identification of a name or customer is proving to be a serious pain point in AML programs Databases provide value in both these areas (watchlist screening and KYC/risk assessment) and facilitate positive identification Natural language processing technology can help too Many institutions still rely on simple watchlists, but enriched databases are becoming the standard for KYC and watchlist filtering 2008 Oliver Wyman www.oliverwyman.com 12
CDD/KYC: incorporating the front office into the AML plan Integrating account opening KYC and transaction monitoring modules is the most efficient way to implement a risk-based approach At account opening, customers are assigned a risk score (how risky is this customer?) and a risk profile (based on the customer's personal and business profile, what kind of activity is expected or typical?) This information is passed to the transaction monitoring module, which will a) track all activity of a high-risk customer, if desired, and b) flag activity that is out of keeping with the risk profile of any customer The transaction monitoring module risk scores every transaction as well as customer/accounts and generates alerts based on these scores. Risk profiles of customers/accounts can be adjusted based on such results to, for example, track a customer re-categorized as high-risk due to recent activity 2008 Oliver Wyman www.oliverwyman.com 13
However challenges face financial firms in implementing an integrated customer due diligence approach Streamlining front-office customer due diligence at account opening using ID tools and enriched databases Integrating AML onboarding (KYC checks on new customers) and account opening work flow Effectively training front-office staff in AML awareness Effectively integrating suspicious activity cases arising from the front-office (that is, generated manually) with cases generated by AML software Manual alerts generated by front-office staff when they notice a suspicious customer or transaction: need to input these alerts into AML systems for analysis and case management below) 2008 Oliver Wyman www.oliverwyman.com 14
Thank you. Neil Katkov nkatkov@celent.com Information infojapan@celent.com 2008 Oliver Wyman www.oliverwyman.com 15
Risk scoring your customers: Dynamic Risk Scoring Risk per customer is analyzed on 4 characteristics: Customer Geographic Product Behavioral Dynamic Risk Scoring module Risk score customer by using rules Risk classification Low, medium, high Recalculate risk scores and compare on a regular base 16 2009 Fiserv. All Rights Reserved.
Customer Characteristics Sample rules: Is customer a company in a high risk industry? Is customer known as a Politically Exposed Person (PEP)? Was the account opened Face-To-Face? Is Relationship with Customer more than 1 year? Is Customer a Cash Based Business? Is Account opened by Delegation? Etc. 17 2009 Fiserv. All Rights Reserved.
Sample Risk Scoring Table Risk Scoring Rule Defined Score Sample Score Customer Flagged Country 20 20 PEP 80 80 Flagged Customer 80 0 Short duration relationship 20 0 Acc. opened by distance 10 10 Numbered account 80 0 Private banking 20 20 Total score 310 130 18 2009 Fiserv. All Rights Reserved.
Continuous Due Diligence the power of dynamic risk scoring Customer on-boarding Continuous Due Diligence Customer Info Capture high medium low Customer Acceptance Customer Validation (Dynamic) Risk Scoring Continuous Monitoring Watch List Checking reclassify: high medium low Investigation 19 2009 Fiserv. All Rights Reserved.
Sharing Experience Better Return-On-Investment Methodology SECURE Best Practices and Technology Dynamic Risk Scoring Peer Group Analysis De/Centralization Data Integration Watchlist Mgt. Scenarios & Rules Risk Based Priority given to at-risk customers Smart Detection Leverage experience & advanced detection technology Basic Compliance use of simple rules 20 2009 Fiserv. All Rights Reserved.
Risk-based Approach to List Matching Risk-based Approach to List Matching Claude Baksh Assistant Vice President, Regulatory Compliance & Money Laundering Reporting Officer Sun Life Financial (Canada)
Manual alerts generated by front-office staff when they notice a suspicious customer or transaction Manual Alert Related Alerts, Cases and Reports Customer Profile Analysis Automated Alert Investigation List Matching Peer Group Analysis Decision Process Close Alert Open Case Further Investigation High-risk Country Analysis Transaction Analysis 22 2009 Fiserv. All Rights Reserved.
Case: On-Going Due Diligence Dynamic risk scoring European retail bank International bank with branches in UK, Belgium, Netherlands, Spain. Identify high-risk customers (3 rd EU Dir.) Classification into high, medium, low based on face-to-face contact, PEP, country etc Risk classification used for detection Optimized to needs of each bank Maximize ROI On-going customer due diligence (client screening) 23 2009 Fiserv. All Rights Reserved.
Benefits Identify the risk represented by a customer Demonstrate an effective risk based customer due diligence process to the regulators Monitor customers not only during customer acceptance but on an on-going basis Rely on a proven technical solution delivered by experienced AML specialists 24 2009 Fiserv. All Rights Reserved.
Questions and answers For more information: www.aml.fiserv.com www.netpractice.fiserv.com To receive a complimentary copy of our magazine please send your postal address details to: netpractice@fiserv.com Get a free copy of NetPractice Exchange now! 25 2009 Fiserv. All Rights Reserved.
Thank you and Goodbye For more information: www.aml.fiserv.com www.netpractice.fiserv.com 26 2009 Fiserv. All Rights Reserved.