Risky business

The financial institutions are facing increasing pressure to comply with ant-money laundering (AML) legislation, especially with the introduction of the controversial Third AML Directive. FST asked Dharmesh Mistry, of edge IPK, and Dun & Bradstreet’s Malcolm Parker to discuss how Europe is coping with the regulations.

FST. Do you think the financial services industry is ready in Europe for the Third AML Directive?
DM. Financial Services companies on the whole in Europe are ready for the Third Directive from a compliance perspective. By that, they know what is required and what their internal policies to support the directive should be. However, enforcing practices in a uniform manner across an organisation can be a challenge especially for global organisations that have to satisfy multiple regulators. Typically, automation is the key to ensuring consistency in processes and managing SARs (suspicious activity reports) within agreed deadlines. Whilst there are many providers offering a variety of solutions, many organisations are only just understanding the need for flexibility to change in their solution. In addition to the issues created by overlapping regulations, the need to keep views of customer data within local data protection laws creates the need for a distributed records management capability.

MP. From our discussions with regulated businesses in the UK we’re seeing that it is those companies in sectors that have grown used to regulation that are most ready: financial services, accountants and tax advisers, for example. However, the new laws extend the number of regulated businesses widely, including for the first time estate agents, casinos and any business doing high value deals where a cash transaction may exceed €15,000. In these sectors we’ve seen a number of businesses with work still to do. However, there really is no excuse for any regulated business not to be ready for the new regulations. Their impact has been widely discussed, anyone who is affected should certainly know about it, and there is plenty of support available to help businesses ensure they comply.

FST. The Know Your Customer (KYC) requirements put a big burden on the industry. How do you think individual banks can best ensure they meet the requirements efficiently?
MP. In order to comply with the new regulations businesses must check the identity of their clients and potential clients. To do this the advice from the UK Government is to use online systems and ‘credible third-party sources’. For regulated businesses this potentially means juggling and co-ordinating data from multiple vendors and sources – a significant challenge and a major administrative burden. At D&B we have been working alongside some the UK’s top financial institutions and law firms for over 18 months to find out how our expertise in data capturing and then data cleansing and verification can be utilised by regulated businesses to make compliance as efficient as possible. Out of this we have developed a product set that is a simple, one-stop shop for businesses, specifically tailored to address the demands of the regulations.

DM. Banks can ensure they meet requirements efficiently in a number of ways. Be proactive; don’t wait for the regulators to knock on your door. Learn from others mistakes. A number of banks have already been penalised and had to resolve issues. They then had to be audited again by the regulators to satisfy them. This experience is invaluable – use people that have this experience. Use flexible technology because it is key to minimising human effort and ensuring consistency in processes. However, expect regulations and requirements to change continuously, hence it will be key that solution is flexible for change. Share from within. Many banks look to resolve the issue within product or customer segment silos, so there will be many AML projects. You also need to think broad. Validating customer identities and customer due diligence processes should be embedded with other ‘business as usual’ process such as account opening or account reviews. Finally, think opportunity not cost. Within the Trust division of ABN Amro they adopted an approach that looked at the benefits of due diligence and drove their projects from the benefits of enhanced customer data, rather than seeing the issue as a compliance cost.

FST. And what are the risks to institutions of getting this wrong?
DM. The financial services industry is well aware of the risks, however this is mostly communicated as fines imposed by the regulators. It is true these fines can be significant, such as ABN Amro’s of over US$100m, while the pending case against Lloyds TSB could be even greater. The full cost to an organisation can be two to three times that of the fine because regulators will want the organisation to fix the problem – often this results in expensive tactical projects to meet the regulators imposed deadlines. This is then followed by more expensive strategic projects. Also Senior executives can be jailed and AML fines and issues can affect credit ratings, thus affecting the cost of the bank’s financing and essentially it’s bottom line.

MP. The price of failing to comply with the legislation is potentially very steep – up to 14 years in prison and an unlimited fine for anyone found complicit in conducting or facilitating the transfer of criminal proceeds. Simply failing to alert the authorities to money laundering where there are ‘reasonable grounds for suspicion’ could mean up to five years in prison and an unlimited fine. Then add in the costs of litigation for damages, along with the damage to reputation that a business could suffer if it is shown not to have acted adequately to prevent criminals laundering money, and ‘getting it wrong’ fails to be an option.

FST. What do you think the future holds in this space? Do you think the new regulations get the balance right for the industry?
MP. Criminals and terrorists will always need funding and they will always be testing the system to find ways of laundering money. As we work to close down criminals’ activity in one area they will simply shift their focus elsewhere. So while this legislation gets the balance right for now, in future there will inevitably be a need for guidance or laws to cut off the criminals’ next scheme.

What is worth remembering with all of this legislation is that it is good business practice to know whom you are dealing with. No company wants to deal with criminals or terrorists, so putting in place adequate checks just makes sense.

DM. Change is the only guarantee for the future. Most of this change will be driven by feedback from banks, learnings from audits by the regulators and changes in the behaviour of terrorist and criminal customers. Increased automation will reduce the effort of ensuring compliance and many areas of automation will become much more smarter – for example customer profiling, SARs management and transaction monitoring. However, the solutions for flexible due diligence management exist today and will be used extensively in the future.

FST. What solutions does your company offer in this space?
DM. Using our flagship product edgeConnect, we have developed an enterprise KYC solution which is now implemented in multiple business units in over 30 countries for a leading international bank. This solution provides the benefit of an efficient, fully automated KYC process from beginning to end through packaged templates, combined with a highly configurable platform that provides flexibility at a level usually associated with a bespoke system.

The edge IPK solution are as follows enables consistent audited processes to be adopted across an enterprise whilst providing the flexibility for both global and local requirements - regulatory, rules, presentation, branding and language. It can be implemented rapidly as a right first time solution as well as enabling KYC to be turned into a competitive advantage by providing valuable customer information that can be integrated with a CRM system for cross selling This solution will enable changes to be performed quickly throughout the global enterprise while the cost of development and ongoing maintenance of this solution is drastically reduced in comparison with traditional approaches.

MP. At D&B we’ve been working closely with regulated businesses ahead of the start of the new legislation to see how we can best draw on our data management expertise to alleviate the administrative burden posed by the new law. The D&B AML Report provides all the essential client information a company with UK business customers needs in order to meet the requirements of the new legislation. For international compliance, businesses should use the D&B KYC Report. Both reports capture data from multiple sources: Companies House or their international equivalent, global financial regulators, stock exchanges and sanctions lists as well as D&B’s own country risk assessments and database of 120 million businesses worldwide. By doing this D&B is able to provide a simple, concise, reliable, one-stop shop for compliance with money laundering legislation.

About the contributors
Malcolm Parker has worked for D&B for five years. His current responsibilities include definition and control of major investments, compliance matters and new product development. Previously he was a freelance consultant, a director of a SME project consultancy and worked in senior management positions at Halifax PLC for 20 years.

Dharmesh Mistry is Chief Technology Officer at edge IPK. He leads the technology team, having previously successfully delivered many online financial services solutions, including the UK’s first Java Internet Bank for The Co-operative Bank. Prior to co-founding edge IPK, Mistry worked for Lloyds and NatWest, developing leading edge IT solutions and providing business consulting. Recently, he has led implementations for KYC solutions into ABN Amro and Deutsche Bank.