Roadmap for Compliance Services · Roadmap for Compliance Services SWIFT’s offering on financial crime ... Relationship Management Application ... Bank A initiates the relationship

Roadmap for Compliance Services

SWIFT’s offering on financial crime

International Conference on Payments System

Michimaru Onizuka

Abuja, 16 September 2013

Purpose

• Support banks with services in the area of compliance with a

focus on financial crime, and more specifically Sanctions, Anti-

Money Laundering (AML) and Know Your Customer (KYC)

activities.

• Initially discussed with the community through SWIFT’s

Governance (December 2012) and the feedback was very

positive.

• Further engagement on the overall evolution and execution of

this roadmap with the community ongoing.

International Payments System Conference - SWIFT compliance initiatives, 16 September 2013 2

SWIFT compliance initiatives – 3 live services

International Payments System Conference - SWIFT compliance initiatives, 16 September 2013

3

Sanctions KYC AML

Processing

services

Traffic

analysis

Standards

Data

repository

Screening Testing Traffic restriction

(RMA)

Live

Development

Qualification

Exploration

Payments

data quality

assessment

FATF rec 16

Business Intelligence for Compliance

SWIFT compliance initiatives – 3 new initiatives

under development or qualification

Sanctions KYC AML

Processing

services

Traffic

analysis

Standards

Data

repository

KYC registry on

SWIFT

membership

Screening Testing Traffic restriction

(RMA)

Live

Development

Qualification

Exploration

4


Payments

data quality

assessment

FATF rec 16

Business intelligence for Compliance

Sanctions list service

SWIFT compliance initiatives: 2 more

initiatives under exploration

Sanctions KYC AML

Processing

services

Traffic

analysis

Standards

Data

repository

KYC registry on

SWIFT

membership

AML testing &

tuning Screening Testing Traffic restriction

(RMA)

Live

Development

Qualification

Exploration

5


Guiding principles

• Customer-driven, non-competitive services;

• Leveraging SWIFT’s assets, to offer truly distinctive value;

• Cohesive offering with products that are reinforcing each other, essential

building-blocks of a possible – longer term – integrated financial crime

utility;

• Reinforcing SWIFT core business;

• Act fast – be bold;

• Liability. The ultimate responsibility of ensuring that banks’ systems work

and are efficient, and the correct interpretation of data provided always

remain with the banks;

• Governance. Guidance from the Sanctions Advisory Group, Board

approval as appropriate;

• SWIFT Data Retrieval policy. SWIFT will only retrieve, use, and disclose

traffic or message data in accordance with the SWIFT Data Retrieval

Policy, and in compliance with applicable laws and regulations.

6


Sanction Screening

7 International Payments System Conference - SWIFT compliance initiatives, 16 September 2013

Your institution

• Screening engine & user interface

• Centrally hosted and operated by SWIFT

• No local software installation & integration

• Real-time

• Sanctions List update service

Sanctions screening over SWIFT

Your correspondents

8 International Payments System Conference - SWIFT compliance initiatives, 16 September 2013

0

20

40

60

80

100

120

Q1 2012 Q2 2012 Q3 2012 Q4 2012 Q1 2013 Q2 2013 Q3 2013*

AME

AP

EMEA

Sanctions Screening – Customer ramp up

45

63

85

22

Total Live : 54

Total Test : 58

Total : 112

Volume : 500,000 transactions per month

96

112

9


Sanctions Testing


Banks are facing a Sanctions challenge

How do you ensure your screening solution works ?

How do you demonstrate you understand your screening solution and thus how it mitigates risks?

Can you make it more Effective? more Efficient?

11


Sanctions Screening Environment

Formats

Settings Lists

Settings • Threshold • Algorithms • Rules

Formats • Data structure • Fields • Records

Lists • Sanctions lists • Good-Guys lists • Private lists • Additional risk info

Filter Matching

Logic

Investigation

Processes

Logic • Matching methods • Fuzzy logic • Edit distance

methods

Process • Investigation tools • Operational model • Training

12


RMA


RMA and RMA Plus Features

• RMA (Relationship Management Application) allows you to

control who can send you authenticated FIN traffic, by setting

up a one-way communication channel. Traffic from

unauthorised counterparties is blocked at the sender-side,

shielding you from unwanted messages.

• RMA Plus goes one step further, and also allows you to control

exactly what message types each correspondent can send you.

Unwanted messages will be blocked at the sender level, even if

your correspondent does not have the RMA Plus option.



RMA, setting up a ‘technical’ relation before

exchanging transactions over SWIFT

Request

RMA: Relationship Management Application

Authorization

Rejection

Revocation

Bank A Bank B

1

2

3

3’

1

2

3

3’

Bank A initiates the relationship by requesting an autorisation to bank B

Bank B Opens the relationship by sending an autorisation to Bank A

Bank A closes the relationship by sending a rejection to bank B

Bank B closes the relationship by revoking Bank A authorisation

Sender Receiver

RMA Plus in a Compliance context

• Banks are currently reviewing their correspondent banking

network.

• They need to implement controls in line with the output of their

KYC assessments and better monitor the transactions they are

processing.

• The risk of processing unwanted traffic from some

counterparties leads them to closing down some relationships.

RMA Plus allows to create MT-specific (i.e. business segment

specific) authorisations for each correspondent.

e.g. OK for Trade but not for Payments


BI for Compliance


BI for Compliance addresses questions in

multiple areas

• Are there any abnormal/unusual trends in my traffic patterns?

vs previous behaviour? vs total SWIFT?

• Group overview: what are my branches up to?

• Do I monitor the transactions I need to have in scope?

• Are my AML thresholds set correctly?

• With whom do I have occasional / unusual high value transactions?

• Do I apply my risk policies correctly? Am I focusing on the right

businesses? Areas? Branches?

• Do I perform the right level of KYC on my correspondents?

• Do any of my branches still have business with sanctioned

countries / institutions?

• Do I have dormant relations?

• What are the new relationships with high risk areas? What is the

evolution of my market share in high risk corridors?

18


Group Compliance

AML

CFT

Audit

Sanctions

Correspondent banking

How many unused or dormant relations

do I have in my correspondent network?

DEMOXXJJ 310 45% 42%

DEMOXXII 330 15% 61%

DEMOXXHH 430 28% 67%

DEMOXXAA 860 34% 52%

DEMOXXGG 400 50% 38%

DEMOXXFF 450 40% 31%

DEMOXXEE 630 40% 44%

DEMOXXDD 590 41% 58%

DEMOXXCC 630 48% 29%

DEMOXXBB 670 30% 48%

14%

22%

24%

2%

16%

29%

13%

5%

24%

13% 320 47% 38%

360 83% 17%

400 63% 20%

460 35% 54%

490 35% 49%

500 22% 64%

510 51% 39%

550 25% 47%

600 15% 52%

830 42% 46%

16%

11%

18%

16%

12%

33%

27%

10%

14%

Active relationships

Unused relationships

Dormant

Inbound Outbound

Did I do my KYC for each of these relations ?

Do I need these relations ?

Branch DEMOXXJJ has

created 310 outbound

RMA relations of which

45% are active and 13%

are dormant.

19


How can I better tune my AML thresholds

based on value of transactions per branch ?

20% 10%

100%

0 - 500 500-2500 2500-10k 10k-50k 50k-100k 100k-1mln >1mln

Branch 8

Branch 7 50%

Branch 6

Branch 5

Branch 4

Branch 3

Branch 2

Branch 1

Overall 15% 25% 15% 10% 5%

Value range (USD)

Branch 7 has 50% of its transactions in the range 0 – 500 USD. If

the AML threshold is set above 500 USD, a large share of overall

transactions will not be monitored.

20


0

5

10

15

20

25

30

35

40

45

50

55Country A - Country B

Jan Apr May Jul Aug Sept Feb Mar Jun

Why does my activity share in high risk

corridors suddenly increase?

The activity share goes from 30% to over

50% in only 9 months. Better performance on

the business side or have my competitors

decided to withdraw from this corridor?

MT103

activity share

%

Also leverage country of origin / destination

21


Which of my correspondents have grown

exceptionally fast during previous month?

Average

Growth previous month

Confidence interval

Correspondent C showed a growth of 60%

for last month which fell outside of the

confidence interval of -45% and 52%

Correspondent A Correspondent B Correspondent C Correspondent D Correspondent E Correspondent F Correspondent G Correspondent H Correspondent I Correspondent J

Current Growth 25% -30% 14% 20% 70% -23% 60% 18% -6% -33%

Interval min -40% -40% -10% -45% -66% -46% -45% -80% -30% -100%

Interval max 30% 35% 10% 50% 73% 55% 52% 95% 33% 75%

Average -5% -3% 0% 2% 4% 4% 3% 8% 3% -13%

-100%

-50%

0%

50%

100%

-100%

-50%

0%

50%

100%

22


KYC


KYC Registry – Guiding principles

Focus on banks KYC (reach to more than 7,000 banks)

Leverage SWIFT membership process to collect ‘basic’ set of data

Provide enrichment based on SWIFT traffic data (SWIFT Profile)

Operated and secured according to SWIFT standards

A SWIFT-managed global KYC Registry

SWIFT proposes to create a global platform to centrally collect and

distribute up-to-date, standardised KYC information

Banks remain owner of their information and responsible for their KYC

process, criteria and results.

24


Scope – Services

Due diligence

Risk scoring

Name screening

Reporting and Monitoring

Document controls

Data & documentation repository

Regulatory watch & market practices

Data & Documentation Repository

• Collection of structured KYC data

• Collection of supporting documents

• Maintenance of data and documents

• Legal archiving of KYC information

Document controls

• Verification (completeness, accuracy, validity)

Reporting & monitoring

• KYC platform activity reporting and practices

• Audit trail

Value add and enrichment

• SWIFT Profile

• Connection with RMA status

• Interaction capability through APIs

Name screening

• List screening (PEP, blacklist checking)

• Alert management or bad press

Risk scoring

• SWIFT proposed risk score

• Communication of (non-)accepted

counterparties

Due diligence

• Due diligence around intermediaries

Regulatory watch & market practices

• Monitoring of legal/regulatory updates

Value add & enrichment SWIFT

KYC

Registry

25


Provide banks with a report based on analysis

of traffic to support and enhance fact-based

KYC assessment

Value-add – SWIFT Profile

• Objective and factual data to

support and focus KYC

assessment of your counterparties

• Estimate your risk based on your

counterparty’s relationships

(nested banks)

• Bring evidence of declared

behaviour (e.g. wolfsberg

questionnaire)

• Must be specific and transparent to

avoid unintended consequences or

misinterpretation.

• Must comply with data retrieval

policy and would be shared at

bank’s discretion

? KYC

26


Payments data quality

FATF Rec 16


FATF Recommendation 16

“Countries should ensure that financial institutions include required

and accurate originator information, and required beneficiary

information, on wire transfers and related messages, and that the

information remains with the wire transfer or related message throughout

the payment chain.

Countries should ensure that financial institutions monitor wire

transfers for the purpose of detecting those which lack required

originator and/or beneficiary information, and take appropriate

measures.”

Being transposed in European regulation by EU Commission directive

issued for comments on Feb 05, 2013

28


FATF Rec16 – Reporting on group, branches and

counterparties compliance with additional syntax checks

At a glance,

• spot your most offended and offending

branches

• identify your least compliant counterparties

• investigate reasons for validation failure

• monitor improvement measures effectiveness

Counterparties heat map

Branches validation results overview

• From a group overview to a transaction

specific validation result

• Filtering and flexible visualisation

capabilities to best suit to your needs

29


Next steps

The roadmap reflects our current assessment of possible

initiatives for SWIFT.

We will, however, continue to explore new, possible solutions to

help financial institutions and the community at large address the

operational implications of regulatory changes, and evolve this

compliance roadmap as opportunities arise.


Thank you!

Questions

Documents

Roadmap for Compliance Services · Roadmap for Compliance Services SWIFT’s offering on financial crime ... Relationship Management Application ... Bank A initiates the relationship