Removing the Corporate Banking Camouflage Through Improved KYC and UBO Visibility

Anti-money laundering (AML) can be described as finding a needle in a haystack. But this analogy leaves out the considerable steps criminals go through to camouflage their activities. In corporate banking, finding the criminal among legitimate customers, like a needle in the haystack, is more difficult—because they have more tools to disguise their illegitimate activities.

The nature of corporate entities allows criminals to mask illegitimate transactions more effectively, hiding their true intentions. Criminals create multiple, separate legal entities, across multiple jurisdictions, and design multi-layered corporate structures. Deciphering ultimate beneficial ownership (UBO) and controllers in corporate structures can be a complex task for onboarding and KYC teams.

These challenges are compounded by the:

• Inconsistencies present in corporate reporting and record keeping across various jurisdictions
• Lack of regulatory or legislative focus from authorities (although this is changing)
• Ease of forming a corporation (often a low-cost process requiring little filing information and lacking validation)
• Ability to co-mingle illicit and legitimate funds
• Volume and variation of transactional volumes

With all these challenges combined, you start to see the scale of the task financial institutions (FIs) face. Corporate banking is a money laundering playground without effective AML programs in place.

The consequences of letting money laundering continue unimpeded far outweigh the difficulties of corporate banking AML. So how can FIs improve AML practices to better understand corporate entities and identify the money launderers among legitimate customers?

Know Your Customer (KYC) in Corporate Banking

The first step is understanding who you’re doing business with, otherwise known as Know Your Customer (KYC).

Building a holistic view of the customer, including their activities and relationships, allows FIs to create a single truth that feeds an accurate customer profile and risk modelling, strengthening AML controls. For this to be successful, FIs must break down existing silos and share information across departments. KYC must bring together the front and back offices, including AML, fraud, markets compliance, legal, Environmental Social and Governance (ESG) and credit teams, to work toward a shared goal of creating a centralized customer profile to help understand the customer and their associated risk.

With meaningful KYC processes in place, FIs can:

• Verify identities faster
• Understand corporate structures, controllers and UBOs
• Screen entities more effectively
• Comply with regulatory requirements
• Possess a deep understanding of customer risk profiles
• Mitigate financial crime risk
• Drive accurate ongoing monitoring of the corporate entity
• Promote a positive, more frictionless customer experience (CX)
• Drive revenue

Inadequate KYC contributes to AML failure.

According to Chuck Subrt, Fraud and AML Practice Director at Aite-Novarica, AML problems can typically be traced back to KYC failures:

“Ultimately, when organizations fail with KYC, that generally tends to be the root cause of a lot of AML deficiencies.”

Identifying the UBO

One of the biggest challenges of KYC, compounded by corporate transparency laws, is understanding UBOs. Gerald Byleveld, Head of Financial Crime and MLRO at Investec Limited, lays out the scale and wide-reaching challenge of UBO transparency:

“If you look at the consolidated FATF ratings, following the fourth round of mutual evaluations, they issued 365 reports and 209 of those on recommendation 24, which deals with ultimate beneficial ownership and transparency, were found to be partially or non-compliant.”

The large number of jurisdictions thought to be partially or non-compliant shows the systemic flaws in AML regulations and controls worldwide.

Regulations around the world are insufficient. They’re unable to prevent multitiered, multilayered, and multijurisdictional entities specifically designed to mask beneficial owners from FIs and law enforcement. The use of shell companies that exist only on paper without clear ties to specific individuals dilutes UBO transparency.

AML teams attempting to determine UBOs regularly have scant information available to them, often relying on information provided by the client. Validating this information using third-party data is often slow, sometimes taking weeks or months, manual, and challenging due to inaccessible, incomplete, or unverified corporate information, especially for private corporate entities. Investigating complex corporate structures takes weeks or even months complete.

Outcome-Based Compliance in a Fluctuating Regulatory Landscape

The money laundering risks in corporate banking often come back to regulation and the unclear nature of legislation worldwide. Carl Kemerrer, Senior Product Manager, X-Sight Entity Risk, NICE Actimize, sums up the regulatory landscape as:

“The regulations are trying to identify principle-based approaches to distinguish good actors from bad actors… around the world, they are well-intentioned but still not very standardized, they’re getting closer, and they’re getting better.”

Although regulations are moving in the right direction, many FIs are transitioning to outcome-based compliance rather than just checking the box. This requires a more proactive mindset and modernization of KYC practices.

“KYC processes at organizations can be quite manual, they’re onerous, tedious, and it certainly needs a lot of resources from all aspects of the organization. How can you optimize those processes to get insights much faster?” says Chuck Subrt.

The answer is this requires the combination of AI technology with good data that goes beyond the onboarding questionnaire and considers client and external information from across the entire customer life cycle.

The Data Issues Reducing Transparency

However, advanced artificial intelligence (AI) analytics are only as good as the data given to them or “Garbage in, garbage out.” Models that are fed substandard data will yield insufficient results.

All organizations struggle with siloed or fragmented data. Information hidden from the rest of the organization or spread between disconnected departments could paint a fuller picture of a specific entity when combined.

Transparency into corporate entities can’t be accomplished with AI and machine learning alone. This technology needs the right data to build accurate customer risk profiles that go beyond UBOs, controllers, and corporate directors to include all available data, from geographic information and previous behavior to open source and social media information and an understanding of the networks and relationships of the corporate and those controlling the corporate entity.

New technologies help independently verify client data, gather data from external, often non-traditional sources, and apply advanced AI and machine learning-powered analytics to derive greater insight from the data.

The New Technologies: AI on Your Side

There are three primary applications of AI for corporate banking AML:

1. Entity Risk Profiling—building a holistic internal view of a customer and their risk, augmented by external data sources.
2. Network analysis—identify patterns and connections between customers and third parties, both directly and indirectly related, to learn how they operate, who they interact with, and identify any suspicious connections or activity.
3. Effectiveness and efficiency—reducing false positives and improving both structured and unstructured data collection using machine learning technology to learn what are positive and false alerts and learn what data sources should be used for effective data gathering.

Ultimately, to see through the corporate façade and accurately identify money laundering, FIs need to use new technology to construct an integrated and cohesive risk management framework that combines all available data.

This requires:

• Eliminating periodic reviews, and instead, continuously review customer risk changes in real- time
• Gathering data from external and alternative sources using APIs
• Merging duplicate and obfuscated entity records using identity resolution, so FIs have consolidated and accurate entity profiles and are confident in their decision to conduct business with their customers

Next Steps for Managing AML Risk

Looking behind a corporate structure to improve transparency and effectively manage the associated AML risks comes down to data. Organizations must find and consolidate accurate data to deliver meaningful risk profiles based on a holistic client view.

Relying solely on information stored in corporate registries or in internal systems no longer provides the clarity KYC and compliance teams need for to fully understanding corporate entities and the risks they may pose. FIs that incorporate non-traditional and unstructured data from multiple sources will gain a fuller picture of their corporate customers and associated risks.

Data fuels effective AML in corporate banking, but it’s AI that drives greater insights. However, technology doesn’t remove humans from the loop. Instead, it provides these insights that optimize human decision-making. Adopting machine learning technology systems that use the human decisions to learn and optimize monitoring and detection makes decision-making much more effective and efficient over time. This continuous feedback loop is critical if organizations want to ensure they have an always-accurate understanding of corporate entities and their risk.

By adopting a data-driven, AI-powered approach to corporate banking KYC, FIs can gain an accurate, holistic view of corporate customers to spot well-hidden entities that don’t belong and are engaged in illicit activity.