correspondant banking compliance and swift financial crime compliance services
TRANSCRIPT
1
Correspondent Banking Compliance and SWIFT Financial Crime Compliance Services
Naofumi Sukegawa, CAMS Director, Compliance Services, Asia Pacific, SWIFT Mumbai, 2 June 2016
Agenda: Correspondent Banking Compliance and SWIFT Financial Crime Compliance Services
SWIFT 2020 and the Compliance focus
Challenge in Correspondent Banking Business
• Optimizing current RMA relationships
• Efficient and Effective bank counterparty KYC
• Maintain good relationships with your correspondent banks(Avoid ”De-Risking”)
Key Take Aways:
• It is important to strike a balance between Effectiveness and Efficiency in combatting global financial crime.
• Compliance is becoming a competitive advantage in these days.
• By using SWIFT Compliance Services, you can easily reduce your compliance operational cost, whilst improving your overall compliance capabilities.
SWIFT Financial Crime Compliance Services
Who Are We? A global cooperative owned by its member banks providing core secure financial messaging services to the global financial community
27 million Transactions messages exchanged on average
between financial institutions globally every day
11,000+ SWIFT users
200+ Countries and territories
Key Industry Compliance Challenges Today
Ever increasing and changing regulations
Significant costs in complying with regulations
Penalties for non compliance
All geographies / All types of players impacted
Lots of duplication for universal challenges
Lots of different, costly, complex solutions
No competitive advantage for banks
Community issues calling for community solutions …
SWIFT 2020 – strategic priorities
Many-to-Many Market Infrastructures
Messaging
Integration & Interfaces
Shared Services
Expand and deepen offerings for Market Infrastructures
Grow and strengthen core
Build our Financial Crime Compliance portfolio
Financial Crime Compliance Roadmap
Standards
Data repositories
Traffic analysis
Quality assurance
Processing services
Sanctions KYC AML
Sanctions list management service
KYC Registry
Compliance Analytics
Sanctions Testing (testing / tuning of transaction & client systems)
AML testing & tuning
FATF 16 information quality
Client/Name screening
Sanctions Screening Traffic Restriction (RMA)
Live Qualification Exploration
Community-inspired financial crime compliance solutions
Sanctions Screening
Hosted solution for cost-effective compliance with sanctions regulations
Sanctions Testing
Maximise the effectiveness and efficiency of banks’ sanctions environment
The KYC Registry
One global source of KYC information for correspondent banking
Compliance Analytics
Enhanced understanding & management of financial crime-related risk
Three new services being introduced in 2016
List Management (Sep)
Sanctions list distribution and management service, also allowing banks to manage sanctions, PEP and private lists
Payments Data Quality FATF16 (Sep)
Post-fact reporting tool to help banks identify and address possible violations of FATF Recommendation 16 (originator and beneficiary fields quality)
Name Screening (Dec)
On-line portal for checking individual names against sanctions and PEP lists (Batch version in 2017)
FCC Roadmap : Toward three inter-connected Utilities
Sanctions Analytics/AML KYC
Interconnected Utilities leveraging commonalities and data between the products & services
Financial Crime Compliance Utility
Comprehensive Service offering
e.g. • Transaction
screening • Sanctions Testing • List Management • Name/Client
Screening
e.g. • KYC Registry • KYC Market Place
e.g. • Compliance Analytics
(evolving toward Bank-to-bank monitoring)
• FATF 16
For ALL SWIFT users (small AND large) over time
Optimizing Current RMA relationships
What is RMA
RMA (Relationship Management Application) is a SWIFT mechanism to control the traffic you want to accept from your correspondents and vice-versa
Request
Authorization
Rejection
Revocation
Bank A Bank B
1
2
3
3’
1
2
3
3’
Bank A initiates the relationship by requesting an autorisation to bank B
Bank B Opens the relationship by sending an autorisation to Bank A
Bank A closes the relationship by sending a rejection to bank B
Bank B closes the relationship by revoking Bank A authorisation
Sender Receiver
The Challenges
2. No one has ever reviewed RMA relationships.
3. IBD(Sales Team) take responsibility on Correspondent Banking Compliance
1. There is no internal policy on how to manage RMA relationships.
RMA Best Practice
2nd RMA Analysis
3rd RMA Clean-up
1st Standard Operating Procedures
750k +
50% Of total number of outstanding RMA relations is dormant on average
Dormant relations with APAC BICs
16
Step 1: Setup Standard Operating Procedures
How to create new correspondent banking relations?
High risk counter-party?
A case assigned to RMA Manager
No
Yes
Senior Management
Approval
Due Diligence
Business justification
Senior Management
Approval
Due Diligence
SWIFT Compliance Consulting Services
RMA Authorisations Tasks
• Create
• Close
• On-going monitoring
Responsibility Assignment Matrix
• Who is responsible?
• Who is accountable?
• Who is consulted?
• Who is informed?
Controls
Step 2: RMA Analysis
Link with FIN authenticated
transactions to define the RMA status
• Three possible
statuses:
• Active
• Dormant
• Unused
Decide on the authorizations “to be
removed”
• Process and assistance to facilitate the bulk removal of selected unused RMA relationships
Data Collection
RMA Analysis
Business Evaluation
Overview of existing RMA’s inbound and
outbound
• Institution provides the list of RMA in XML
• Workshop implementation best practices
Key Findings Review
Key findings
• List “hot items”
among RMA correspondence
1 2 3 4
17
18
Step 3: RMA Clean-up Services
Link with FIN authenticated
transactions to define the RMA status
• Three possible
statuses:
• Active
• Dormant
• Unused
Remove list of identified RMA’s automatically from your interface
• Process and assistance to facilitate the bulk removal of selected unused RMA relationships
Data Collection
RMA Analysis
RMA Clean-up
Overview of existing RMA’s inbound and
outbound
• Institution provides the list of RMA in XML
• Workshop implementation best practices
Key Findings Review
Key findings
• List “hot items”
among RMA correspondence (overview of usage with details at BIC level)
Business Evaluation
1 2 3 4
The Benefits
Better understand Correspondent Relationships
Find out dormant/unused RMAs to reduce risks & KYC costs Avoid Unwanted / Unexpected Traffic
19
Efficient Bank Counterparty KYC
Challenges in Correspondent Banking Relationship Management
1.3 million Banking Relationships • 1.3m relationships by 7,000 correspondent
banks over SWIFT
• Everyone wants different things, data quality often poor
• Much time and effort needed by compliance and relationship managers to collate the information
• Evolving regulatory requirements
• Different in different countries
• Correspondent banks de-risking; reducing relationships to reduce risk & cost of KYC processes
Industry standard and platform needed, accessible to all
SWIFT KYC Registry: The Industry KYC Utility
SWIFT’s KYC Registry: the solution to KYC correspondent banking challenges
Community request to build it
Working group set up to design it
Single Standard agreed
Data validation to ensure quality
A feature-rich easy to use platform
Unique value-added content
Free to enter your data and share it
SWIFT KYC Registry: Bilateral exchange to Central Repository
A standard set of KYC data
Category I - Identification of the customer Licenses and Proof of Regulation, Certificate of Incorporation, et cetera Legal name, auditor, regulator, addresses
Category II – Ownership and management structure Declaration of key UBO and shareholders : full names and identifying data Board of Directors Lists: full names and identifying data Group structure Annual Reports, Shareholder listings, certified group and organizational charts
Category III – Type of business and client base Revenue breakdown by legal entity Operating geographies and customer verticals
Category IV – Compliance information Enhanced AML Questions AML docs: e.g. AML Controls, Wolfsberg Questionnaire, US Patriot Act
Category V – Tax information TIN, GIIN,FATCA information & proof of registration, documentation
Is your institution on board yet?
A look at where we are…
Over200 Countries
97 INSC entities
2510 Entities registered
700 APAC entities
Further efficiency on Bank Counter Party KYC
Managing correspondents in a many-to-many world
RMA as mechanism to control WHO and WHEN can send you traffic
Preventing ‘unwanted traffic’
Managing the correspondent’s business
RMA Plus as mechanism to control not only WHO and WHEN but also WHAT a correspondent can send to you
Example, for FIN:
- Authorisations only apply to authenticated traffic
- Authorisations can be granular to the level of MT/MT category
RMA
RMA Plus
Step 2: RMA Analysis
Link with FIN authenticated
transactions to define the RMA status
• Three possible
statuses by Message Type(MT):
• Active
• Dormant
• Unused
Decide on the authorizations “to be
removed”
• Process and assistance to facilitate the bulk removal of selected unused RMA relationships
Data Collection
RMA Analysis
Business Evaluation
Overview of existing RMA’s inbound and
outbound
• Institution provides the list of RMA in XML
• Workshop implementation best practices
Key Findings Review
Key findings
• List “hot items”
among RMA correspondence
1 2 3 4
27
Effective Bank Counterparty KYC
29
The challenge
Understanding your customer entails understanding its transactions end-to-end, including flows in which you are not directly involved. The SWIFT Traffic Profile provides transparency on a bank’s behavior over the SWIFT network by highlighting activity with high-risk or sanctioned jurisdictions. Factual and objective data support the due diligence activities and foster ongoing risk monitoring.
Legacy due diligence tools are no longer sufficient to address Regulator’s expectations to ‘know your customer’s customer’. The decision to enter or maintain a correspondent relationship is sometimes taken based on incomplete or incorrect information, hiding downstream correspondent risks posed by the business network of your counterparties.
Is your counterparty exposed to high-risk or sanctioned jurisdictions?
Which jurisdictions does the exposure come from?
Which institutions does the exposure come from?
The solution
30
The SWIFT Traffic Profile addresses the Know Your Customer’s Customer challenge by providing transparency on your customer’s activity over the SWIFT network with high-risk or sanctioned jurisdictions.
?
?
?
?
?
?
?
?
YOU YOUR CUSTOMER
YOUR CUSTOMER’S CUSTOMERS
YOUR CUSTOMER’S DOWNSTREAM
CORRESPONDENTS
SWIFT TRAFFIC PROFILE
3 2
31
I wonder where one of my existing counterparties is engaged in transactions involving entities in sanctioned jurisdictions. How can I obtain factual and objective evidence to support my business decisions to stay or exit a relationship?
I want to enter into a new relationship with a correspondent in an emerging market. How do I assess the risk posed by its customer network before engaging in that relationship? I am aware of past
exposure of one of my counterparties to high risk countries. How do I monitor the evolution of its risk profile over time?
1
3
2
1 Substantiate on-boarding due diligence
Uncover hidden risks posed by your customer’s downstream correspondents
Monitor your customer’s risk profile
Maintain good relationships with your correspondent banks(Avoid ”De-Risking”)
33
Challenges at maintaining good relationships with your correspondent banks
1. “De-Risking” is one of the global trend.
2. It is not that easy to understand your correspondent bank’s up-to-date activities accurately.
3. The compliance cost in transaction banking continues to increase on a daily basis, it is not easy to improve operational efficiency, limiting costs and enhancing compliance levels at the same time.
Complex Sanctions Environment
40,000 names on lists
4 Billion fuzzy combinations
15.5 Billion $ fines levied on financial institutions for violation of sanctions regulations
1 Day
Average interval between sanctions list updates for banks active globally
-50%
Decrease in number of correspondent relationships from some US banks
+100%
Increase in alerts every 4 years due to increase in SDNs and transaction numbers
+20%
Yearly increase in names and aliases on US OFAC list
Sanctions impact
• Fines are getting bigger, but more significantly: Cost of remediation exceeds amount of fine Includes limitation to business (e.g. no USD clearing) Regulators pay more attention to the quality of the screening
• Banks are terminating correspondent relationships due to:
Risk factor (weak financial crime controls ) Low return on relationship due to Cost of compliance
• Impacts large and small financial institutions
Especially smaller FIs due to the ever growing requirements Large FIs face increased regulatory scrutiny
460+ Clients
Globally
130+ countries
18 central banks
36
120+ Clients
in APAC
32 Clients in INSC
Sanctions Screening- SWIFT’s hosted screening service
Challenges of small institutions
Regulatory scrutiny and enforcement of sanctions policies is increasing
Increasing pressure from correspondents to be compliant
Available screening solutions complex and costly to maintain
Increasing challenges for low-volume financial institutions
SWIFT provides
• Screening engine & user interface
• Sanctions List update service with enhancements
• No additional footprint
• Centrally hosted and operated by SWIFT
• Real time
• Simple to configure and use
A fully managed service to screen all transactions 37
SWIFT Network
FIN copy
Outgoing transaction
Screening engine
Transaction is copied
Transaction is delivered (no hit or false positive)
Decision to deliver (no hit / false positive) or abort transaction (true hit)
Transaction abort notification (true hit)
1
2 4
5
5
3
Service user
Sending bank Receiving bank
Sanctions Portal
Managed by SWIFT
Service overview - as sender
Hit Reducing Rules Sanctions Screening
• Rules are pre-defined by SWIFT based on common practice
and customer feedback
• Each rule has a “condition” and an “effect”
• Not meant to provide any advice or recommendation
Suppress or Non-blocking:
• Suppress: when a “suppress” version of a rule is selected hits matching the rule condition will be completely suppressed*.
• Non-blocking: when a “Non-blocking” version of a rule is selected hits matching the rule condition will be flagged as “non-blocking”.
• Reduces obvious False Positives
• Lowers the number of hits you need to review
• Enables a more efficient operational process
Screening & Audit Report
Screening Report
Audit Report:
• Copy of each alerted transaction
• Hit details
• Comments and final status
• Audit log of all transactions screened
• Audit log of all operators activity and decisions
Quality assurance Report
• Periodical quality assurance checks on effectiveness of the service
• Verifies that lists used mirror regulatory sources
• Measures exact and fuzzy matching capabilities
• Provides details on filter configuration and related impact
Effectiveness and Efficiency check
Effectiveness
• Provide assurance that your filter works
• Measure system’s fuzzy matching performance
• Assess coverage of sanctions lists
• Align screening system to your risk appetite
Efficiency
• Reduce false positives through iterative testing
• Build optimisation tests into your processes
• Understand parameter changes
• Manage and tune rules and “good-guy” lists
Testing Meeting regulatory demands
Tuning Managing cost and resources
WITH
42
Formats
Settings
Lists
Automate • Repeat • Compare • Monitor
Define test objective
Download test files
Process test files
Upload hit results
View test results
Peer assessment is also available
Sanctions Testing process
43
44
Compliance Analytics leveraging SWIFT traffic data for risk monitoring
45
Typical areas where Compliance Analytics will bring value
Risk Assessments Customer Due Diligence
Sanctions Compliance Investigations
Transaction Monitoring
Metrics and dashboarding
Enterprise risk assessment
Correspondent risk assessment
Country reviews
Compare anticipatory behavior against country standards
Periodic reviews to ensure activity is in line with anticipated risk
Event driven reviews
RMA monitoring
Identify flows originating/ ending in country with sanctions
Reconciliation with sanctions filter alerts
Exposure to newly sanctioned entities or countries
De-risking
Nesting
Bad press on specific entities
Volume reconciliation
System tuning
Key Performance & Risk indicators
46
Illustration of payment flows
103
Receiving bank BIC: BANKDEFF
Sending bank BIC: BANKCA2T
Originating BIC8 BIC: ORIGMX66
Beneficiary BIC8 BIC: BENEPL44
52A 57A
Beneficiary Customer
Ordering Customer
50* 59*
Transaction reference (field 20) is the link to identify the underlying transactions details
Sender Receiver
* Not available in Compliance Analytics
Dashboard Function and Alert Function
48
Monitoring RMA relationships
• How many RMAs have been created the last month? • Who are the counterparties? • In which country are they located?
• How many RMAs do I have per entity? • What is the status of these RMA? • To which country/ counterparty do these RMA relate?
Overview RMA
Newly Created RMA
Closed RMA
• How many RMA have been closed over the last 12 months? • Who are the counterparties? In which countries?
Compliance Analytics
Enhanced understanding and management of correspondent banking risk
Institution-wide risk assessment
• Understand payment patterns
• Enhance correspondent reviews
• Align to policy
Zero footprint
• Immediately accessible
• Consolidated rich, accurate dataset
• Interactive tools and reports
Mitigates emerging risk
• Track relationships and understand RMA status
• Understand risk concentration
Monitors payment flows
• To and from your institution
• Identify anomalies & nested activity
• Compare to peers
49
Key Take Aways:
• It is important to strike a balance between Effectiveness and Efficiency in combatting global financial crime.
• Compliance is becoming a competitive advantage in these days.
• By using SWIFT Compliance Services, you can easily reduce your compliance operational cost, whilst improving your overall compliance capabilities.
www.swift.com
Open Day Thailand, 26 April 2016 51