Embed Size (px)
Citation preview
1
Financial Crime Compliance Roadmap
Standards
Data repositories
Traffic analysis
Quality assurance
Processing services
Sanctions KYC AML
Sanctions list
management service
KYC Registry
Compliance Analytics
Sanctions Testing
(testing / tuning of transaction & client systems) AML testing & tuning
FATF 16 information quality
Client/Name screening
Sanctions Screening Traffic Restriction (RMA)
Live Qualification Exploration
Compliance Analytics
Thomas Preston
Geneva
3/5/15
Financial crime risk has changed
Need to know …. need to know everything, everywhere
Introducing Compliance Analytics
Unique database of transactions
Global view of activity and risk
Focus on the country Mars
What do you want to know ?
• What is my activity ?
• Which of my entities
interact ?
• How does it evolve ?
• Who are my main
counterparties ?
• What is my activity share ?
1. Mars sends
2. To my entities in
3. Flows originate in
4. For beneficiaries in
What are the originating and beneficiary countries ?
What is the value I am receiving from counterparties
in Mars ?
• What is the proportion of
low / high value messages?
• How do these proportions
evolve over time?
• Are there any outliers?
Did I open RMA’s with counterparties in Mars ?
• Up to BIC8 level
• Status of the RMA
• Newly created over time
How do we make it easy for you ?
• Select and filter what you want to see
• Save views and come back to them later
• Download graphs and underlying data
• Consult a list of pre-configured reports
Pre-configured reports provide a shortcut
Key benefits
• Global dataset
• Benchmarking
• Community approach
• No integration
A quick and easy route to comply with sanctions regulations
Sanctions Screening
Sanctions Fines
18
Sanction Fines
• Transactions to Sudan (as well as Cuba and Iran) enabled via Data Stripping
(2014) – OFAC –French Bank
• Transaction to Iran and Sudan by replacing the BIC with the name of the bank
(2013) – OFAC – UK Bank
• Lack of verification on name of beneficial owner against EU list
(2013) – Finansinspektionen – Nordic bank
• Data stripping on payments to Iran and Cuba, to hide the origin of the funds
(2012) – OFAC – Dutch Bank
Sanctions Impact
Global review of banking
relationships both on profitability
and on compliance
The pressure to adhere to anti-
money laundering standards,
has resulted ‘in higher
operational costs for trade and
export finance business’ (ICC)
Why is sanctions compliance so complex?
40,000
4 billion +
20% Names and aliases on lists
Correspondent relationship
terminated over the past
year by just one US Bank
Possible fuzzy logic combinations
3,000 New aliases in a single EU
update on 19 July 2011
500 40,000 Names and aliases
on lists
1 day Average interval of
list updates
4 billion + Possible fuzzy logic
combinations
Your institution
Your correspondents
Sanctions Screening – remember what it is?
• Screening engine & user interface
• Sanctions List update service with enhancements
• Minimum/no installation or integration required
• Centrally hosted and operated by SWIFT for SWIFT users
• Real-time
Implementation options
Copy option
Transparent routing of FIN
transactions using FIN-Copy
Few weeks
Zero
Limited
FIN Cat 1, 2, 4, 7
Connector option
Query/response of all transaction
types through API calls
Few Months
Limited
Unlimited
All transaction types
Your institution Your correspondent
1
2
3 Your institution Your correspondent
1 2
3
Scope
Flexibility
Footprint
Timeframe
Transactions
Screened
Granularity
on what is
filtered
Installation
& integration
Time to
compliance
The end-user experience is the same. The technical layer changes.
“We value the ability to use a secure,
automated system that ensures we are
compliant with the most up-to-date sanctions
lists.” Mohamed Isa AL Mutaweh, Chief Executive Officer & Member of the board
of Directors, Al Baraka Islamic Bank
24
Public Sanctions Lists available
Public Sanctions
Lists supported
AU – Australia Department of Foreign
Affairs
and Trade
AU - DFAT Countries Embargoes
AU - DFAT Iran Specified Entities List
CA – Canada Foreign Affairs and
International Trade
CA - FAIT Countries Embargoes
CA - Office of the Superintendent of
Financial Institutions
CA - OSFI - United Nations Act
Sanctions
CN - People's Republic of China -
Ministry of Public Security
EU - EUROPE Countries Embargoes
EU - European Official Journal
EU - Ukraine Restrictive Measures
FR - Journal Officiel français
HK - Hong Kong Monetary Authority
HK - HKMA Countries Embargoes
JP - Ministry of Finance
NL - Frozen Assets List - Dutch
Government
NZ - New Zealand Police
SG - Singapore MAS - Investor Alert List
CH - Switzerland Secrétariat d’Etat à
l’Economie
CH - SECO Countries Embargoes
UK - Her Majesty’s Treasury
UK - HMT Countries Embargoes
UK – HMT Ukraine Restrictive Measures
UN - United Nations
UN - UN Countries Embargoes
US - Office of Foreign Assets Control
SDN list
US - OFAC Palestinian Legislative
Council
US - OFAC Part 561 list
US - OFAC Foreign Sanctions Evaders
US – OFAC Sectoral Sanctions
Identifications
US - Financial Crimes Enforcement
Network
US - OFAC Countries Embargoes
35
Private Lists Good Guys List
Single entries and bulk capability
Sanctions Screening- Additional Lists
Data Enhancements
• List from regulator needs to be enhanced and
repaired
• 28 different ways of spelling Mohamed
• List repairs:
– DFAT000527 : ASSAD AHMAD BARAKAT
• City Name (FOX DO IGUACO) corrected to:
FOZ DO IGUAÇU
– OFAC004632 : BANK MARKAZI JOMHOURI
ISLAMI IRAN
• No BIC Code : added BMJIIRTH
Screening and Audit Report
Screening
Transactions
Downloading
Reports
Screening Report
Audit Report: Full Audit Trail
Evaluating
Results
True Hit
False Positive
Benefits
• Minimal (if any)
implementation
• Simple to use
• Cost efficient
• Compliance
eace of mind
Sanctions Testing
Thomas Preston
Geneva
3/5/15
In a world of unprecedented complexity and change:
• How can I be sure my screening solution protects my institution?
• How can I demonstrate to regulators that I understand my solution
and how it mitigates risks?
• How can I make my screening solution more effective – and more
efficient?
Banks face a sanctions compliance challenge
Sanctions Testing – 2015 – Confidentiality: Public
Effectiveness
• Provide assurance that your filter works
• Measure system’s fuzzy
matching performance
• Assess coverage of sanctions lists
• Align screening system to your
risk appetite
Efficiency
• Reduce false positives
through iterative testing
• Build optimisation tests into
your processes
• Understand parameter changes
• Manage and tune rules and “good-guy” lists
Testing Meeting regulatory demands
Tuning Managing cost and resources
Sanctions compliance – balancing priorities
with
Sanctions Testing – 2015 – Confidentiality: Public
Introducing
Sanctions Testing
from SWIFT
Sanctions Testing – 2015 – Confidentiality: Public
Formats
Settings
Lists
Automate • Repeat • Compare • Monitor
Sanctions Testing process
Define
test objective
Download
test files
Process
test files
Upload
hit results
View
test results
Sanctions Testing – 2015 – Confidentiality: Public
Common issues identified through testing
• Outdated lists
• Missing entry types
• Missing entries
• Language variants not screened correctly
• Deleted records still screened
Sanctions Lists
Quality
• List scope incorrect or not aligned with bank policy
• Inconsistent implementation across filters
• Entity and alias types screened unnecessarily
Screening
Policy
• Inconsistent screening performance across message types
• Message or file elements not screened properly
• Overreliance on specific fields (e.g. address or country)
Message
Types
• Poor fuzzy matching performance
• Line break, word order, sequences
• Poor performance against particular entries (short or long names, aliases)
• Character set matching issues
Filter
Weakness
Sanctions Testing – 2015 – Confidentiality: Public
The Assessment Portfolio
Scope &
Purpose
Tests
Deliverables
Audit Assessment Evaluation Assessment
Verification of filter performance
for internal audit, model
validation or in preparation for a
regulatory examination
Demonstrate that the filter aligns
to bank policy
Formal report
Filter environment discovery and
understanding to support
strategic decision making –
upgrades, tuning etc
Identify areas for effectiveness
and efficiency improvements
Findings and recommendations
Sanctions Testing – 2015 – Confidentiality: Public
Peer Assessment Reports
Exact Match
How does
my filter
compare?
Peer Upper Range
Peer Lower Range
Fuzzy Performance
Institution
Comprehensive
•Standard report and assessment approach
•Multiple peer performance dimensions
Helps you understand
•Relative performance
•Policy and technical implementation
•Risk appetite
SWIFT community
•Developed by and created for the SWIFT community
• Industry best practice
•Contribution basis
Am I in the
safe-zone?
Sanctions Testing – 2015 – Confidentiality: Public
Sanctions Testing
STANDARD Sanctions Testing
ENTERPRISE
Sanctions Testing portfolio
• Testing
• Defined tests
• 2 sanctions filters
• Monthly / quarterly tests
• Analyst tools & reporting
• Testing & Tuning
• Custom tests
• Group license
• Unlimited use
• Analyst tools & reporting
Functions
Flexibility
Scope
Frequency
Application
Sanctions Testing – 2014 –
Confidentiality: Public
PowerPoint Toolkit – 23 October 2008 – Confidentiality: restricted
38
Customer cases
Top Global Bank Improved response to regulatory pressure
Ch
alle
ng
es
Top global bank under regulatory pressure to improve compliance processes
Growing analytics team with limited internal sanctions testing capabilities
High volume payments and customer screening environments Increasing operational costs of investigations – needed evidence to back system efficiency improvements
So
lutio
n
Independent testing and assurance of payment filtering and customer screening environments
Automated validation of sanctions lists – moving from a manual, sample based validation approach to an automated, comprehensive, solution
Fuzzy analysis and characterisation of payment and customer filters
Be
ne
fits
Independent in-house testing function – capable of assessing impact and changes of filter optimisation strategies
Deeper insight and understanding of sanctions screening algorithms – improved response to regulators demand for model validation
Repurposed head count and improved quality for repetitive list validation processes
Top European Financial Institution Automation of Sanctions Testing
Ch
alle
ng
es
Top European bank looking to increase quality and reduce time and costs associated with sanctions testing
Internal technology barriers to overcome – sanctions testing was slow, complex and dependent on IT support
Dependent on costly external consultants to perform quarterly sanctions tests – with restricted scope and across limited lists.
So
lutio
n
Automated filter testing on every list change – to assess impact of sanctions changes and ensure compliance
Reduced dependency on technology team – automation allows a business consultant to complete a test at the touch of a button
Improved tracking and insight of sanctions list changes – through sanctions alerts, search and comparison
Be
ne
fits
Reduced cost and dependency on external consultants – in-housed the sanctions testing and assurance function
Continuous sanctions assurance through automation and re-testing on list change – rather than quarterly point-in-time tests
Better and more comprehensive testing – reduced time and effort allowed broader and more detailed testing of more lists
Top European Financial Institution Evidence to streamline technology and operations
Ch
alle
ng
es
Operating with multiple different vendor filters across multiple geographies and sanctions jurisdictions
No centralised screening function creating inconsistencies in compliance processes
Needed standard independent measurement approach to assess filter performance and to allow objective comparison
So
lutio
n
Objective filter performance comparison provided insight into filter operation and benefits
Comprehensive suite of sanctions tests tailored for each jurisdiction allowed local understanding of screening issues
Business risk appetite quantified as part of testing provided transparency and better alignment to business policy
Be
ne
fits
Definitive justification for centralization leading to operations and technology savings
Improved global consistency of implementation compliance policy
Implemented short term fixes before roll-out of a wider programme
Revalidation of outcomes through ongoing sanctions testing and as part of regulatory response
