Tech planning and IT solutions crucial to meeting 2018 UBO rules for AML Compliance
By Frank Cummings, CEO of AML Partners, LLC
Tick…tick…tick… [Cue the frantic violins…] You know that panicky music in a suspense movie when time is running out? Hear it yet? You should… The strict new UBO requirements for AML Compliance in the U.S. kick in in May of 2018—less than 342 days from today.
The United States Financial Crimes Enforcement Network in May of last year published its new rule on UBOs. Set to take effect May 11 of 2018, this FinCEN rule requires financial institutions operating in the U.S. to process and vet sanctions data, negative-news data, corporate associations, individual associations, reverse associations, Ultimate Beneficial Owners, and full down traces that trace relationships from the customer to the UBO and all corporate vehicles in between. This will generate a virtual avalanche of data on an ongoing basis—for every customer.
FinCEN’s new rule and similar ones being developed in other countries will prove calamitous for financial institutions that avoid preparing now for full AML Compliance in May 2018. IT departments of financial institutions are on the hot seat with this looming requirement because it will require that financial institutions be accountable for massive amounts of data that will need to be researched for millions of businesses around the globe.
How are these ‘down traces’ going to be researched through millions of corporate records worldwide? Leveraging tech solutions is key. For example, data-provider services compile this information and sell it as a data service to financial institutions. But that data must be processed and analyzed within the institution, and that requires IT-systems interactions.
Financial institutions and their IT staffs who gear up now to tackle this challenge can manage it successfully and be fully compliant by May of next year. But many who opt for traditional paper processing can expect to be buried in the impossibility of manually processing mountains of data in 2018 and beyond.
‘Integrated work stream’ critical to AML/CFT Compliance
Institutions and their IT staffs should immediately design and commit to fully secure tunnels to their data services. Basically, there are two options: Institutions can keep their current security policies—i.e. no data tunnel for data-service integration with your AML software solutions—and so block their Compliance staff from complying with U.S. law. Or else they can choose to be proactive now and design ways for these mission-critical servers to speak directly to the data providers without any other Internet connectivity. A new IT approach like this one is the only viable option—clinging to business-as-usual security mandates will make it very difficult for financial institutions to do business in the U.S. and elsewhere without immediately running afoul of sanctions and worse.
This will be a tough pill to swallow, no doubt. These systems are on an institution’s production backbone, and granting any external access to the production backbone represents a genuine and major risk. You never hear of hackers getting directly into banks, and that’s because there is such a careful walling off of the production backbone. But if you are a manual-processing institution for KYC/CDD in 2018 and you’re looking down the tunnel, you’ll be seeing the light—that light on the front of a locomotive barreling straight at you.
We at AML Partners were early adopters of what I call the integrated work stream. Work streams occur within the secure data tunnel and are not manipulated by people, thereby mitigating a big cybersecurity risk.
In an integrated work stream, there are no eyeballs on what is happening from the data providers directly to the user—it’s one integrated stream with the highest level of security. This provides for real-time processing, and it is a tremendous asset to Compliance because the AML/CFT integrated work streams can automatically flag suspicious relationships or behaviors that require the hands-on attention of Compliance staff.
Some financial institutions will no doubt remain wary even of integrated work streams, but the complexity and prevalence of worldwide financial crime and terror financing increase by leaps and bounds every year. The urgency and high stakes of improved AML/CFT Compliance are growing every year. Compliance staffs through their AML software providers need immediate access to this reference data in order to stay out of trouble with state and federal regulators—no matter where they are worldwide.
If you are part of an institution that has not yet embraced the best technologies in AML software solutions—or you are part of an institution wedded to manual processes for AML/CFT Compliance—it’s time to start working now on seeing daylight in 2018 rather than seeing that onrushing train.
SURETY Eco: Built-in Principals Registry for UBOs in AML Compliance
Handling UBOs in your AML/CFT CDD on-boarding is easy in SURETY Eco, the end-to-end AML Software Ecosystem. Our built-in Principals Registry provides a searchable registry of each UBO that you enter so that you only have to enter each person’s UBO information once. To learn about SURETY Eco and its fully integrated CDD/KYC, transaction monitoring with optional subpoena search, and sanctions screening capabilities, call us today. We will show you how SURETY Eco and its “Comply on the Fly” engineering adapt completely to your unique risk-based approach. SURETY Eco: The AML Software Ecosystem for end-to-end fully integrated AML/CFT Compliance.