As the threat of money laundering and terrorism financing in Australia and New Zealand continues to evolve, maintaining visibility and ensuring you have sufficient information on your customer portfolio is vital.
With recent AML breaches from high profile financial institutions on both sides of the Tasman, regulators are now being far more active in investigating AML compliance practices, targeting KYC obligations and putting strain on compliance teams.
In illion’s recent PEP & Sanctions webinar and blog, the increasing importance of being able to demonstrate a clear understanding of how your monitoring system works when regulators visit was highlighted by Neil Marshall, Partner Manager of UK-based FinScan.
In June 2020, the UK’s Financial Conduct Authority fined Commerzbank AG (London Branch) £37,805,400 for failing to put adequate anti-money laundering (AML) systems and controls in place between October 2012 and September 2017. Commerzbank London was aware of these weaknesses and failed to take reasonable and effective steps to fix them.
The FCA’s investigation identified failings in a number of areas, including Commerzbank London’s failure to:
- Conduct timely periodic due diligence on its clients, which resulted in a significant number of existing clients not being subject to timely know-your-customer (KYC) checks.
- Adequately identify and assess the risks associated with politically exposed persons (PEPs) or adhere strictly to the bank’s policy on verifying beneficial ownership of clients, including high-risk clients, from independent and reliable sources; and
- Have adequate policies and procedures in place when undertaking customer due diligence on clients. Commerzbank therefore breached Principle 3 of the FCA’s Principles for Businesses, which requires firms to have adequate risk management systems in place.
The need to have adequate risk management systems in place is a given. If you cannot explain your AML/CTF processes and procedures in detail (how does your match algorithm work, for instance?) then, in the eyes of a regulator you do not have an adequate process in place, which means you are not compliant.
Learning from others
History repeats itself and we can learn much from others’ mistakes. Being fully aware of what’s going on with your clients is the first step towards having a sound system – and protecting your company against illegal transactions.
One of the starting points is your data. It’s a rapidly perishable commodity and if you don’t nourish it and care for it, it will deteriorate quickly. Even if you identified your customers correctly during onboarding, you will need to continue to update their data as situations change quickly.
Non-individuals present a higher risk than individuals, especially with changes of management teams or structure, which can be different even the day after onboarding.
In today’s rapidly changing world, the need to know your customer – and keep on knowing them – is therefore key.
Taking a strong data-driven approach illion can move quickly to identify areas of risk, recommend actions to uplift your customer data and help you meet your AML/KYC obligations. We provide a cost-effective approach for all Customer Data and Uplift requirements:
- Benefit from a holistic portfolio overview assessment which identifies the areas of risk across multiple siloed legacy systems and allows a planned, risk-based approach to be developed.
- Maximise customer data uplift effort by utilising the depth and breadth of illion’s most comprehensive data assets.
- Verify or re-verify your client’s data and documentation against multiple sources using GreenID, illion’s market leading electronic ID verification solution.
- Perform matching and verification of non-individual customers against relevant registries, including identification of directors and resolution of beneficial ownership.
- Identify high-risk entity types such as charities and money remitters and any other cash intensive (elevated AML risk) businesses.
- Collect and/or validate additional Information via illion’s Digital Tech Solutions or OCR Technology where a data driven approach is not possible.
- Screen all customers against extensive PEP and sanctions lists.
- Introduce Ongoing Customer Monitoring to maintain customer databases in real-time.
Regulators expect reporting entities to be reviewing their customer’s details, account activity and transaction behaviour – all these steps are the foundation for a sound AML system. Demonstrating recent remediation activities like this will be viewed positively.