‘Know Your World’ to Fight Financial Crime: KYC plus the risk all around you

‘Know Your World’ approach provides truer view of Risk in AML Compliance solutions and GRC

By Frank Cummings, CEO of AML Partners

Financial institutions globally have enhanced Customer Due Diligence/Know Your Customer procedures to the point of pure art. In some cases, institutions collect over 600 individual fields of information, and some use upwards of 14 data interfaces to support a mix of internal systems and external data providers. It’s getting to the point where we know more about our customers, their related parties, and their owners than we know about ourselves. But like the saying goes, “No good deed goes unpunished,” and CDD/KYC doesn’t end with data collection on just customers.

All that work of due diligence—the question collection, the data interfaces and ping services, the analysis of extended relationships, the flagging and following up–likely need to be repeated to mitigate Risk more fully and more realistically. I think of this broader approach as “Know Your World,” or KYW.

Categories of Due Diligence to ‘Know Your World’

In KYW, you have several major categories in need of Due Diligence:

  1. Customers
  2. All related parties of customers
  3. Vendors
  4. Employees
  5. Managers
  6. AI applications
  7. All known relationships between categories other than category 2 to category 1

All the due diligence you do with all the categories are for one purpose: to identify and mitigate the risk of financial crimes.

Let’s chat a bit about the additional categories in a KYW approach:

Vendors:

There is no difference in the level of due diligence you would do on a vendor than you do for a customer. Understand and mitigate the myriad risks posed by a vendor.

Employees and Managers:

This is the one most people in financial institutions have a problem with: “Why would we want to do this? These are employees and managers of the institution.”  The due diligence you do on employees and managers is different, but it’s just due diligence to establish what the expected behavior of the employees or managers are. Later–similar to how you monitor your customer data when looking for unexpected behavior–you would do the same with employees and managers. You are monitoring the data–not the customer or the employee. Only when a concerning-behavior flag is triggered would the right people know about it in order to follow up.

AI Applications:

This is the category that at first causes people to do a doubletake–until they stop and think about it. In an industry that follows the “Show me” model in literally every process and procedure we do, AI seems to be an exception—a problematic exception.

 Let’s start by framing what we are talking about when we say AI Applications. The Artificial Intelligence systems you regularly see on TV dramas are just fictional vehicles for entertainment; the true thinking machine is still far off.

What we often call AI tends truly to be ML, or machine learning. And while it’s not independently intelligent, it can learn. That is where the problem lies in a show-me industry.

There are three methods a computer algorithm can learn from now: supervised learning, reinforcement, and unsupervised. The supervised method seems to be the most transparent because you see the data that was used to train the system. This method is limited in the rules you can apply, and you must create all conditions in the data you feed it.

A second option is the reinforcement method, which requires human validation as it learns.

Then we come to the wild, wild west: unsupervised learning. Unsupervised learning is just like it sounds.  In unsupervised, you give the algorithm the data and let the system figure out by the rules you provide regarding what the data means. This is why you would need to onboard, risk rate, and monitor your ML/AI Applications. Given the industry’s show-me imperative, you may think you know what your ML/AI applications are doing, but you can’t prove it very easily.

Unknown relationships:

Non-obvious or unknown relationships among your different categories can mean nothing or can be the Ah-Ha moment to legitimize or delegitimize someone’s behavior.

Know Your World–Due Diligence both broader and deeper

In conclusion, a Know Your World approach takes both a broader and deeper look at sources of serious Risk in your institution. And because it’s behavior monitoring via data, we can monitor for Risk without being overly invasive or unfair to individuals. When we do behavioral monitoring, we never look at the subject. Rather, we look for the behavior or different behaviors. And when we find them, then and only then is the behavior tied to an entity of some kind: a customer, a vendor, or an AI Applications.


Governance, Risk, and Compliance: Software solutions that transform results, costs

With AML Partners’ platform technology for RegTech, updating and upgrading your AML and eGRC software solutions is easier, faster, and much less expensive. Contact us today to explore how platform technology and our end-to-end AML Ecosystem powered by the RegTechONE platform–can transform the efficiency and effectiveness of your unique AML Compliance efforts. RegTechONE software for AML Compliance includes fully integrated modules for CDD KYC software for on-boardingbehavior and transaction monitoring software, and sanctions screening software for comprehensive AML screening. And AML Partners simplifies your end-to-end fully integrated AML Compliance efforts even further with an optional Subpoena Search module for FinCEN 314a and similar subpoena searches. Contact us today to learn about our proof-of-concept option or schedule a demo of RegTechONE, the AML software ecosystem. With extraordinary configurability and built for API extensibility, the RegTechONE AML software platformpowers not only an end-to-end AML software solution but also vendor managementAML client lifecycle managementeKYC Golden RecordsPerpetual KYC, and so much more.