Data strategy, data quality and technology in compliance.
At the end of March, the Dun & Bradstreet Risk and Compliance team sponsored and attended the AML and ABC Forum, at the Leonardo Royal Hotel in London.
Attended by over 150 compliance professionals, the event was designed to enable the financial services industry to benchmark compliance processes and understand the impact of regulatory developments in AML & ABC.
Over the course of the two-day event, delegates heard from speakers in the banking, insurance, investment, and legal industries, as well as regulators. On day 1, Dun & Bradstreet’s own compliance expert, Neil Isherwood, participated in a panel session on ‘KYC Processes – Automation, ongoing KYC and Data Accuracy’, alongside presenters from Invesco, GB Bank and Singer Capital Markets.
Discussion topics ranged from crypto assets, cyber payment fraud and CDD models to regulation, Brexit and ESG. Of particular interest were specific examples of financial crime and how this is evolving. We heard about cases involving the Italian healthcare system, straightforward phishing resulting in huge corporate fraud, as well as instances where different organisations worked together to move money and disguise the illicit origins. These cases demonstrate the increasing levels of sophistication being employed by financial crime gangs, and highlight the co-operation needed by regulators, regulated entities, data and solution providers to combat this type of activity.
One of the core themes of the event was how the right data strategy, data quality and technology can provide answers to some of the key challenges delegates were facing in their compliance efforts.
Some of the key takeaways and advice from the event are summarised below:
Risk Appetite and Risk Based Approach
Despite blanket regulation, each business will face its own, specific risks and must develop a suitable customer due diligence process to mitigate these as much as possible. This risk profile and the aligned compliance procedures will inform which organisations are low risk – and therefore require only standard KYC reviews – vs which need enhanced due diligence.
Researching, agreeing and having buy in from all relevant stakeholders on the organisation’s risk appetite is crucial. Deciding risk appetite and compliance policies should not be completely "thrown over to compliance", as this could lead to divergence of what the board level says and what the policies consider.
Senior managers must share their views on and help to shape the compliance process – and as part of this, should explicitly understand the risks associated with not allocating sufficient resources and budget to compliance programs.
It's also important to look beyond senior management and get buy in from operational levels too - at some point the policy will need to translate to actual workable solutions with users translating the output and risk presented.
Ongoing maintenance and refinement
Due diligence cannot be a one-off activity that is only completed when a new third-party is onboarded. Even annual reviews are no longer enough and if organisations are only responding to threats/typologies coming through regulation, they are already too late – criminals will have already moved on to new methods. Moreover, changes in firmographic, beneficial ownership, sanctions and other information may be missed if screening is only done on an annual basis, which can affect the organisation’s risk profile if not monitored for. There should be a process of constant review, assessment and refinement applied.
This topic was very much at the forefront at the event – particularly the notion that organisations need to have a digital strategy to collect, ingest, maintain, and analyse client data. The foundation of due diligence is "knowing your customer" – only with that knowledge can you asses if a pattern looks odd or not.
Much was discussed around legacy systems, and the difficulties faced in wrangling multiple siloed data-sets. Having access to wider, more comprehensive data (e.g. data that is matched, enriched, regularly updated and that links transactions to relationships) can uncover more insight in to any strange patterns.
Lean on technology
With the ever-increasing requirements on compliance teams, there is a clear need for systems and platforms to help bring together and streamline processes. This is more crucial now than ever as corporate customers demand a similar experience to B2C and the speed and ease of onboarding is becoming a key competitive area. Automated risk reviews, configurable workflows and enhanced false positive matching and more can all help in this area.
Technology can also help provide operational data in terms of efficiency, highlighting for example which parts of the compliance process are taking too long, which operatives are less efficient etc.
The UK's departure from the EU has created more headaches. Financial Institutions are now moving to models where they need 2 booking hubs, one in the UK and one in the EU, and hence must now manage the slow divergence of requirements.
This has resulted in more complexity, more spend, more systems, but NOT in increased detection of risk. It also means more work managing discussions with multiple regulators, that do not seem overly concerned with what each other are doing. Having a single solution – or at least a single view of the third-party being onboarded - is important here as language and system barriers are likely.
Dun & Bradstreet can help support your KYC and due diligence processes. For a demo of how we can help with compliance data or technology, please contact us here.