By John L. Guerra
Editor, GRC & Fraud Software Journal
Editor’s Note: Rick Aragon was interviewed two days before news of the Panama Papers broke.
To combat money laundering and deny safe financial haven to criminal groups and terrorist organizations, financial regulatory bodies around the world require banks to know the true identity of the people and organizations that bank with them.
Hedge funds, trading firms, banks, corporations looking for investors, asset managers — all must comply with due diligence requirements set by national and international regulatory and oversight agencies.
Most banks rely on know your customer (KYC) and anti-money laundering (AML) software. The first ensures that you know the identity of the account holder and the potential associated risks; the second monitors for suspicious transactional activity. Vendors also combine the two regimens in a single solution that includes auditing, reporting and risk mitigation.
Accuity, Alacra, Oracle, FICO TONBELLER, ThomsonReuters and others develop KYC and AML solutions, competing for their piece of the banking industry pie.
Crime, money laundering synonymous
GRC & Fraud Software Journal spoke with Rick Aragon, an AML compliance consultant at LexisNexis Risk Solutions about AML and KYC requirements and how banks can adopt software solutions to meet those requirements.
“In order for criminals to be able to enjoy their ill-gotten gains, they need to appear as if they came from a legitimate source,” Aragon says. “Money laundering helps hide the person who benefits from or controls the illegal entity.”
ISIS, Al Queda names just the start
Banks, broker-dealers and other financial institutions use the software to run the names of account applicants against state, national and international law enforcement databases and myriad watch lists, including the Office of Foreign Assets Control (OFAC), the UN’s ISIS-Al Queda Sanctions List, Financial Action Task Force (FATF) statements on high-risk and non-cooperative jurisdictions; the World Bank List of Debarred Parties, and hundreds of other lists.
The LexisNexis proprietary database covers more than 1,100 different government sources from around the world, as well as Politically Exposed Persons (PEPs) and State Owned Entities, Aragon says. The software also captures adverse media mentions of potential customers.
“Our public records data covers about 98 percent of the adult U.S. population,” Aragon says. “We can leverage this data to verify identity, detect suspicious or fraudulent identities and help financial institutions perform due diligence on their customers.”
Data sources include U.S. credit bureau records, commercial credit records, utility records, motor-vehicle records, address history, arrest records, and a host of other sources.
KYC and relationships among suspects
As to KYC requirements, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FINCEN) will soon require U.S. banks – no matter how small – to know the true identity of the controlling entity known as the “beneficial owner” and up to four other individuals having at least 25 percent interest in the company.
“There are many aspects of risk connected to a bank customer’s name,” Aragon says. “Does the person show up in any global or U.S. economic sanctions list? Has the customer been involved in any law enforcement actions? The financial institution can review that relationship and ask itself, ‘Is this the kind of company, organization or other entity we want to bank?'”
KYC software should also examine critical connections among people and assets, Aragon says. Additionally, it should greatly reduce the average six months it can take to perform due diligence on prospective customers.
Smaller banks the weakest link
With fewer IT and software resources to positively identify who opens accounts, smaller financial institutions can’t always nail down the real identity of the companies and people who move money through their vaults.
“Large banks dedicate a lot of resources to compliance; they are under a great deal of scrutiny from banking regulators,” Aragon says. “That’s why you’ll see fraudsters go to smaller financial institutions, in the hope that their controls are not as strong as those at the larger financial institutions.”
Add to that the mindset of smaller banks. Because they handle fewer customers and the pace is slower, they don’t feel the need for additional customer screening.
“Sometimes it’s that mindset that puts the smaller banks at risk,” Aragon says. “They can be the weakest link in the financial system.”
Banks and financial institutions can access LexisNexis’s AML and KYC solutions via the cloud, or load the software onto the bank’s own computers. When the customer applies to open the account, it automatically searches the various global databases including Interpol, PEP and other databases.
The solutions speed identity verification, strengthen AML compliance, fortify risk mitigation and support enhanced due diligence for KYC, Customer Identification Program (CIP) and Bank Secrecy Act regulations, Aragon says.
Behavior raises flags
In addition to customer screening, many financial institutions use behavioral analytics platforms to monitor for suspicious activity. If the customer has a direct deposit, checking account and has direct bill pay, for instance, those are the areas where the system watches for anomalies in the customer’s behavior, Aragon says.
If a $100,000 wire transfer suddenly hits the account of a customer who usually only receives a payday direct deposit of $450 each week, the system generates a flag.
“The bank will typically try to understand where the money is coming from,” Aragon says. “Did the customer just sell his house? Or is it something else?”
This type of software usually has case management functionality and performs audit and reporting for compliance purposes as well, Aragon says. The financial institution must document everything and make it available to banking regulators during audits.
“In the world of banking, if you haven’t documented an event, it didn’t occur,” Aragon says.