roadmap for compliance services · roadmap for compliance services swift’s offering on financial...
TRANSCRIPT
Roadmap for Compliance Services
SWIFT’s offering on financial crime
International Conference on Payments System
Michimaru Onizuka
Abuja, 16 September 2013
Purpose
• Support banks with services in the area of compliance with a
focus on financial crime, and more specifically Sanctions, Anti-
Money Laundering (AML) and Know Your Customer (KYC)
activities.
• Initially discussed with the community through SWIFT’s
Governance (December 2012) and the feedback was very
positive.
• Further engagement on the overall evolution and execution of
this roadmap with the community ongoing.
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013 2
SWIFT compliance initiatives – 3 live services
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
3
Sanctions KYC AML
Processing
services
Traffic
analysis
Standards
Data
repository
Screening Testing Traffic restriction
(RMA)
Live
Development
Qualification
Exploration
Payments
data quality
assessment
FATF rec 16
Business Intelligence for Compliance
SWIFT compliance initiatives – 3 new initiatives
under development or qualification
Sanctions KYC AML
Processing
services
Traffic
analysis
Standards
Data
repository
KYC registry on
SWIFT
membership
Screening Testing Traffic restriction
(RMA)
Live
Development
Qualification
Exploration
4
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
Payments
data quality
assessment
FATF rec 16
Business intelligence for Compliance
Sanctions list service
SWIFT compliance initiatives: 2 more
initiatives under exploration
Sanctions KYC AML
Processing
services
Traffic
analysis
Standards
Data
repository
KYC registry on
SWIFT
membership
AML testing &
tuning Screening Testing Traffic restriction
(RMA)
Live
Development
Qualification
Exploration
5
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
Guiding principles
• Customer-driven, non-competitive services;
• Leveraging SWIFT’s assets, to offer truly distinctive value;
• Cohesive offering with products that are reinforcing each other, essential
building-blocks of a possible – longer term – integrated financial crime
utility;
• Reinforcing SWIFT core business;
• Act fast – be bold;
• Liability. The ultimate responsibility of ensuring that banks’ systems work
and are efficient, and the correct interpretation of data provided always
remain with the banks;
• Governance. Guidance from the Sanctions Advisory Group, Board
approval as appropriate;
• SWIFT Data Retrieval policy. SWIFT will only retrieve, use, and disclose
traffic or message data in accordance with the SWIFT Data Retrieval
Policy, and in compliance with applicable laws and regulations.
6
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
Sanction Screening
7 International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
Your institution
• Screening engine & user interface
• Centrally hosted and operated by SWIFT
• No local software installation & integration
• Real-time
• Sanctions List update service
Sanctions screening over SWIFT
Your correspondents
8 International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
0
20
40
60
80
100
120
Q1 2012 Q2 2012 Q3 2012 Q4 2012 Q1 2013 Q2 2013 Q3 2013*
AME
AP
EMEA
Sanctions Screening – Customer ramp up
45
63
85
22
Total Live : 54
Total Test : 58
Total : 112
Volume : 500,000 transactions per month
96
112
9
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
Sanctions Testing
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013 10
Banks are facing a Sanctions challenge
How do you ensure your screening solution works ?
How do you demonstrate you understand your screening solution and thus how it mitigates risks?
Can you make it more Effective? more Efficient?
11
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
Sanctions Screening Environment
Formats
Settings Lists
Settings • Threshold • Algorithms • Rules
Formats • Data structure • Fields • Records
Lists • Sanctions lists • Good-Guys lists • Private lists • Additional risk info
Filter Matching
Logic
Investigation
Processes
Logic • Matching methods • Fuzzy logic • Edit distance
methods
Process • Investigation tools • Operational model • Training
12
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
RMA
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013 13
RMA and RMA Plus Features
• RMA (Relationship Management Application) allows you to
control who can send you authenticated FIN traffic, by setting
up a one-way communication channel. Traffic from
unauthorised counterparties is blocked at the sender-side,
shielding you from unwanted messages.
• RMA Plus goes one step further, and also allows you to control
exactly what message types each correspondent can send you.
Unwanted messages will be blocked at the sender level, even if
your correspondent does not have the RMA Plus option.
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013 14
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013 15
RMA, setting up a ‘technical’ relation before
exchanging transactions over SWIFT
Request
RMA: Relationship Management Application
Authorization
Rejection
Revocation
Bank A Bank B
1
2
3
3’
1
2
3
3’
Bank A initiates the relationship by requesting an autorisation to bank B
Bank B Opens the relationship by sending an autorisation to Bank A
Bank A closes the relationship by sending a rejection to bank B
Bank B closes the relationship by revoking Bank A authorisation
Sender Receiver
RMA Plus in a Compliance context
• Banks are currently reviewing their correspondent banking
network.
• They need to implement controls in line with the output of their
KYC assessments and better monitor the transactions they are
processing.
• The risk of processing unwanted traffic from some
counterparties leads them to closing down some relationships.
RMA Plus allows to create MT-specific (i.e. business segment
specific) authorisations for each correspondent.
e.g. OK for Trade but not for Payments
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013 16
BI for Compliance
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013 17
BI for Compliance addresses questions in
multiple areas
• Are there any abnormal/unusual trends in my traffic patterns?
vs previous behaviour? vs total SWIFT?
• Group overview: what are my branches up to?
• Do I monitor the transactions I need to have in scope?
• Are my AML thresholds set correctly?
• With whom do I have occasional / unusual high value transactions?
• Do I apply my risk policies correctly? Am I focusing on the right
businesses? Areas? Branches?
• Do I perform the right level of KYC on my correspondents?
• Do any of my branches still have business with sanctioned
countries / institutions?
• Do I have dormant relations?
• What are the new relationships with high risk areas? What is the
evolution of my market share in high risk corridors?
18
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
Group Compliance
AML
CFT
Audit
Sanctions
Correspondent banking
How many unused or dormant relations
do I have in my correspondent network?
DEMOXXJJ 310 45% 42%
DEMOXXII 330 15% 61%
DEMOXXHH 430 28% 67%
DEMOXXAA 860 34% 52%
DEMOXXGG 400 50% 38%
DEMOXXFF 450 40% 31%
DEMOXXEE 630 40% 44%
DEMOXXDD 590 41% 58%
DEMOXXCC 630 48% 29%
DEMOXXBB 670 30% 48%
14%
22%
24%
2%
16%
29%
13%
5%
24%
13% 320 47% 38%
360 83% 17%
400 63% 20%
460 35% 54%
490 35% 49%
500 22% 64%
510 51% 39%
550 25% 47%
600 15% 52%
830 42% 46%
16%
11%
18%
16%
12%
33%
27%
10%
14%
Active relationships
Unused relationships
Dormant
Inbound Outbound
Did I do my KYC for each of these relations ?
Do I need these relations ?
Branch DEMOXXJJ has
created 310 outbound
RMA relations of which
45% are active and 13%
are dormant.
19
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
How can I better tune my AML thresholds
based on value of transactions per branch ?
20% 10%
100%
0 - 500 500-2500 2500-10k 10k-50k 50k-100k 100k-1mln >1mln
Branch 8
Branch 7 50%
Branch 6
Branch 5
Branch 4
Branch 3
Branch 2
Branch 1
Overall 15% 25% 15% 10% 5%
Value range (USD)
Branch 7 has 50% of its transactions in the range 0 – 500 USD. If
the AML threshold is set above 500 USD, a large share of overall
transactions will not be monitored.
20
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
0
5
10
15
20
25
30
35
40
45
50
55Country A - Country B
Jan Apr May Jul Aug Sept Feb Mar Jun
Why does my activity share in high risk
corridors suddenly increase?
The activity share goes from 30% to over
50% in only 9 months. Better performance on
the business side or have my competitors
decided to withdraw from this corridor?
MT103
activity share
%
Also leverage country of origin / destination
21
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
Which of my correspondents have grown
exceptionally fast during previous month?
Average
Growth previous month
Confidence interval
Correspondent C showed a growth of 60%
for last month which fell outside of the
confidence interval of -45% and 52%
Correspondent A Correspondent B Correspondent C Correspondent D Correspondent E Correspondent F Correspondent G Correspondent H Correspondent I Correspondent J
Current Growth 25% -30% 14% 20% 70% -23% 60% 18% -6% -33%
Interval min -40% -40% -10% -45% -66% -46% -45% -80% -30% -100%
Interval max 30% 35% 10% 50% 73% 55% 52% 95% 33% 75%
Average -5% -3% 0% 2% 4% 4% 3% 8% 3% -13%
-100%
-50%
0%
50%
100%
-100%
-50%
0%
50%
100%
22
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
KYC
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013 23
KYC Registry – Guiding principles
Focus on banks KYC (reach to more than 7,000 banks)
Leverage SWIFT membership process to collect ‘basic’ set of data
Provide enrichment based on SWIFT traffic data (SWIFT Profile)
Operated and secured according to SWIFT standards
A SWIFT-managed global KYC Registry
SWIFT proposes to create a global platform to centrally collect and
distribute up-to-date, standardised KYC information
Banks remain owner of their information and responsible for their KYC
process, criteria and results.
24
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
Scope – Services
Due diligence
Risk scoring
Name screening
Reporting and Monitoring
Document controls
Data & documentation repository
Regulatory watch & market practices
Data & Documentation Repository
• Collection of structured KYC data
• Collection of supporting documents
• Maintenance of data and documents
• Legal archiving of KYC information
Document controls
• Verification (completeness, accuracy, validity)
Reporting & monitoring
• KYC platform activity reporting and practices
• Audit trail
Value add and enrichment
• SWIFT Profile
• Connection with RMA status
• Interaction capability through APIs
Name screening
• List screening (PEP, blacklist checking)
• Alert management or bad press
Risk scoring
• SWIFT proposed risk score
• Communication of (non-)accepted
counterparties
Due diligence
• Due diligence around intermediaries
Regulatory watch & market practices
• Monitoring of legal/regulatory updates
Value add & enrichment SWIFT
KYC
Registry
25
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
Provide banks with a report based on analysis
of traffic to support and enhance fact-based
KYC assessment
Value-add – SWIFT Profile
• Objective and factual data to
support and focus KYC
assessment of your counterparties
• Estimate your risk based on your
counterparty’s relationships
(nested banks)
• Bring evidence of declared
behaviour (e.g. wolfsberg
questionnaire)
• Must be specific and transparent to
avoid unintended consequences or
misinterpretation.
• Must comply with data retrieval
policy and would be shared at
bank’s discretion
? KYC
26
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
Payments data quality
FATF Rec 16
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013 27
FATF Recommendation 16
“Countries should ensure that financial institutions include required
and accurate originator information, and required beneficiary
information, on wire transfers and related messages, and that the
information remains with the wire transfer or related message throughout
the payment chain.
Countries should ensure that financial institutions monitor wire
transfers for the purpose of detecting those which lack required
originator and/or beneficiary information, and take appropriate
measures.”
Being transposed in European regulation by EU Commission directive
issued for comments on Feb 05, 2013
28
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
FATF Rec16 – Reporting on group, branches and
counterparties compliance with additional syntax checks
At a glance,
• spot your most offended and offending
branches
• identify your least compliant counterparties
• investigate reasons for validation failure
• monitor improvement measures effectiveness
Counterparties heat map
Branches validation results overview
• From a group overview to a transaction
specific validation result
• Filtering and flexible visualisation
capabilities to best suit to your needs
29
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013
Next steps
The roadmap reflects our current assessment of possible
initiatives for SWIFT.
We will, however, continue to explore new, possible solutions to
help financial institutions and the community at large address the
operational implications of regulatory changes, and evolve this
compliance roadmap as opportunities arise.
International Payments System Conference - SWIFT compliance initiatives, 16 September 2013 30
Thank you!
Questions