2017 – The Challenge to Keep Up
Financial institutions have been devoting considerable time and effort to move from a product-centric to a customer-centric orientation. Key to this strategic shift is achieving a single customer view (SCV), whereby information on all of a customer’s product relationships as well as interactions with the institution are readily available to both systems and personnel. Creating the SCV involves consolidating data from the firm’s various backend systems and touchpoints, and applying analytics to generate next best actions for call center reps, to support marketing and cross-sell strategies, predict fraud, and so on.
The SCV concept also has fundamental relevance to anti-money laundering compliance. For some years now, forward-looking institutions and AML solution providers have been working to create a single customer view for compliance. The essential idea is that visibility into a customer’s activities across all of a firm’s lines of business, products, and touchpoints can more readily unearth suspicious activity. But AML compliance takes the SCV concept much further than on the business side by seeking to understand the nature of customers as well as uncover relationships between entities, including relationships involving non-customers. This extends AML from looking not just for suspicious activities, but also for suspicious actors. In AML compliance, in other words, the single customer view is essential to effective KYC (know your customer) and CDD/ EDD (customer due diligence and enhanced due diligence).
Regulators too are now invoking the single customer view as a means to uncover not just activities but also actors. Indeed, the regulatory interest in SCV has perhaps been triggered by the UBO (ultimate beneficial owner) requirements which have been rolled out first in the EU and now in the US. Understanding the nature of and relationships among customers, accounts and beneficial owners necessarily involves not just an institution’s internal data, but also information obtained from a wide range of external sources. Data sourced for this purpose may include everything from public databases and official watchlists to media reports and social data.
From the AML compliance perspective, then, building a single customer view involves enabling visibility into transactions across the enterprise (that is, AML monitoring and analysis), as well as visibility into the nature of a customer and its relationships (KYC, CDD and EDD). And moreover connecting the dots between these two sides of the AML equation, so that AML monitoring helps assess the risk of customers, and KYC helps identify customers that might be at risk.
It is now more important than ever for financial institutions to achieve these ambitious capabilities, as 2017 will see a significant ramp-up (yet again) in AML regulation. The most influential regulatory bodies for AML compliance globally, including the US’ FinCEN, the European Commission, and the UK’s FCA, are all strengthening and extending their AML compliance rules. To cite just a few of the developments:
- FCA (Financial Conduct Authority): As of December 2016, financial institutions in the UK are required to submit a Financial Crime Report providing information on their AML programs and metrics (e.g., number of SARs filed). The FCR, unprecedented in its breadth, is intended to give the FCA a continual view into institutions’ AML efforts, rather than the traditional ad hoc examinations.
- EU: More stringent requirements for beneficial ownership, PEPs (politically exposed persons), and customer due diligence will be put in place by the 4th Anti Money Laundering Directive. Crucially, AML requirements must be implemented on an enterprise wide basis, which means on an international basis for multinational firms.
- US FinCEN issued revised and expanded guidance on reporting cyber related crime by means of SARs.
This brief list of only some of the new and recent regulation shows that financial institutions will need to enhance their record keeping and reporting capabilities, ensure that their AML programs are effective enterprise-wide and globally, and further integrate their AML and cybersecurity efforts. Additionally, institutions in the US and Europe will need to upgrade their CDD capabilities in order to meet the beneficial ownership regulations mentioned above.
Moreover, similar rules are being put in place by regulators around the globe. Most noteworthy are the beneficial ownership requirements being put in place in jurisdictions stretching from Australia to Singapore.
Another key theme in 2017 will be the maturation of AML compliance rules for e-commerce, alternative payments, and FinTech. This brings us back to the single customer view or, in the context of digital services, omni-channel. Digital technology is transforming lifestyles, which is also driving a need for new approaches to AML compliance. Digital services require the automation of KYC processes, and regulators in the EU as well as emerging markets such as Thailand and India are putting in place rules for online transactions and remote payments, often with the explicit aim of supporting the development of FinTech and other digital services.
Keeping up with AML compliance in 2017, then, means not only developing the capabilities to support today’s requirements, such as UBO and risk-based AML, but also to get ready for the emerging AML needs of the future.