October 2017

Tackling financial crime is no longer the responsibility of individual banks alone. Solving this industry-wide problem relies on financial institutions working collaboratively on effective and efficient solutions in a resource-constrained world. SWIFT’s Luc Meurant talks to flow’s Janet Du Chenne about how the industry is coming together to protect its cash management businesses and the correspondent banking network from criminals with the help of utilities

What are the latest developments in the area of financial crime compliance?

I would highlight four key developments. First, financial crime compliance is an area that no financial institution can ignore if it intends to remain an active, relevant player in the global financial system. And a simple ‘tick-box’ approach to financial crime compliance is no longer enough. In addition to having effective sanctions, anti-money laundering (AML) and counter terrorist financing (CTF) systems and processes in place, regulators expect banks to demonstrate a deep understanding of how their compliance systems work. In some cases, executives are expected to provide written attestation that the rules are being followed and can be held personally accountable when violations take place. Plus, the threat of cybercrime means that regulators are taking a closer look at cybersecurity, with the potential for new regulation to follow.

Furthermore, we see an ever-increasing focus on transparency between banks. In recent years, concerns about the lack of transparency have led some banks to terminate correspondent banking relationships as part of a process known as ‘de-risking’. This typically occurs when correspondent banks in highly regulated markets cannot obtain the necessary information about their respondents in higher-risk jurisdictions, or when the cost of performing this due diligence outweighs the business benefits of maintaining the correspondent relationship. A number of regulatory bodies and industry groups have recognised that financial exclusion is a potential unintended consequence of de-risking and are working with the industry to address this. SWIFT is doing its part by developing utility solutions such as The KYC Registry and Sanctions Screening, both of which help banks increase transparency and reduce the overall cost of compliance.

Skyrocketing compliance costs is the third major development. Banks are spending billions of dollars each year on compliance, with no end in sight. While fines may grab the headlines, the cost of putting people, processes and systems in place to comply with regulation and address enforcement actions is exponentially higher. Take sanctions compliance as an example. The size and complexity of sanctions lists continue to increase, as do the costs of screening and monitoring systems and the number of ‘false positive’ alerts those systems generate – which then need to be investigated by human analysts. Only a small fraction of those alerts actually involve illicit activity, demonstrating that there is room for huge gains in efficiency. Sanctions and AML requirements also differ from jurisdiction to jurisdiction, further complicating the issue and driving up costs.

Finally, compliance utilities such as the SWIFT KYC Registry – of which Deutsche Bank was a founding member – are demonstrating their value by helping banks share information more efficiently, standardise processes and mutualise costs. Banks – and regulators – increasingly recognise the important role that compliance utilities can play in terms of increasing transparency while reducing cost and risk. At SWIFT we are extending our utility model beyond KYC to also cover sanctions and AML/fraud compliance.

What are the main drivers behind these developments?

We see three main triggers.

First, a number of high-profile cases have resulted in heavy fines for non-compliance. This has led banks – regardless of whether or not they have been fined – to invest heavily to remediate existing issues and prevent future violations.

Second, regulatory scrutiny continues to increase, and data and reporting requirements continue to grow. There is more pressure for banks to demonstrate the effectiveness of their compliance programmes.

Third, new regulation, such as the EU Funds Transfer Regulation 2015 (EU FTR 2015) and the New York Department of Financial Services (DFS) Banking Division Transaction Monitoring and Filtering Program Requirements and Certifications, while regional in nature, have global implications due to the interconnected nature of correspondent banking.

All of these result in major cost – and potential risk – for the correspondent banking industry. Banks are constantly trying to make their compliance programmes more efficient without compromising effectiveness – and in some cases are exiting certain markets and business lines to reduce cost and risk.

"Banks are spending billions of dollars each year on compliance, with no end in sight"

How can utilities help?

Utilities can deliver major efficiency gains by enabling banks to standardise repetitive processes, mutualise costs and develop shared best practices. Compliance is not a competitive space for banks and the industry as a whole benefits by every player getting compliance right. The utility model supports this by providing for greater transparency, and enabling banks to access compliance systems and tools at far lower cost than if they had to develop, install and maintain these on their own. It also helps banks streamline redundant processes – and learn from each other how to work more efficiently.

The SWIFT KYC Registry illustrates this perfectly.1 SWIFT has 7,000 members with correspondent banking activities and these have about 1.3 million bilateral relationships. This implies 1.3 million exchanges of KYC data and documents on a regular basis – a massive amount of manual activity. SWIFT worked with Deutsche Bank and other leading players to create a secure, global online repository where banks can upload an industry standard set of KYC information and share it with their counterparties. Instead of having to email, fax or post information to dozens or even hundreds of different counterparties, Registry members now upload their information once and share it with each counterparty at the click of a button – delivering major cost and efficiency gains. And we are aligning the KYC Registry content ‘baseline’ with the updated Wolfsberg AML questionnaire,2 further supporting industry standardisation and best practices.

How is SWIFT helping banks fight financial crime?

SWIFT’s position at the heart of the global financial community makes us uniquely suited to help banks address their compliance challenges. We are working hand-in-hand with our community to address evolving regulatory requirements. SWIFT-led user groups provide an opportunity for banks to share best practices and co-create sanctions, know your customer (KYC) and compliance analytics solutions. SWIFT data is an important asset for banks’ compliance programmes and SWIFT continues to develop new tools that help them leverage their data for more effective, efficient compliance.

As cybersecurity has come to the forefront, SWIFT’s Customer Security Programme (CSP) is part of a strategic, community-wide response to evolving cyber threats and specific cyber incidents affecting member banks. As part of this programme, SWIFT is developing a means for banks to block fraudulent payments before they are sent, reducing the risk of cybercrime-related losses.

Separate from, but similar to, SWIFT’s KYC Registry, The KYC Registry Security Attestation Application is a new tool designed for users to submit their self-attestation data which confirms their organisation’s level of compliance with SWIFT’s customer security controls.

At Sibos 2017 in Toronto, we will announce the expansion of our Name Screening solution to cover batch screening of customer databases. This means that small-to-mid-sized financial institutions and corporations can now rely on SWIFT’s hosted screening solutions for transactions (Sanctions Screening) and customers, suppliers and employees (Name Screening).

In 2018, SWIFT will introduce Payment Controls as part of its Customer Security Programme. Payment Controls will provide in-network screening of payment messages before they are sent, enabling institutions to identify, investigate, block and prevent fraudulent or out-of-policy payments in real time. 

In parallel, we will continue to investigate the role that new technologies such as artificial intelligence, machine learning and robotics could play as we further expand our sanctions, KYC and analytics/fraud/AML solutions portfolio.

Throughout this process, we will continue to work closely with our customers to ensure that the solutions we develop address their needs. Deutsche Bank is a best-in-class player, helping us shape these improvements for the community.

Luc Meurant is Head of SWIFT’s Financial Crime Compliance Services Division

________________________________________
Sources:

1 See http://bit.ly/1UVffI6 at swift.com
2 See http://bit.ly/2j6pUVv at wolfsberg-principles.com for progress on these revisions

You might be interested in

This website uses cookies in order to improve user experience. If you close this box or continue browsing, we will assume you agree with this. For more information about the cookies we use or to find out how you can disable cookies, click here.