Manual processing of UBO data for AML/CFT Compliance will not be viable option after May 2018
The forces that drive AML/CFT Compliance regulations flood the news every day. Think of the Panama Papers, the 1MDB Fund, money laundering in New York real estate, or the weekly mass-casualty terror attacks across the globe. These nefarious forces have gained international attention and widespread calls for urgent action, action that will manifest in greater and greater expectations—and consequences—for financial institutions. The United States FinCEN in May of this year published its new rule on UBOs. Set to take effect in less than two years, this FinCEN rule is a prime example, and both the European Union and the U.K. are working at tougher KYC/CDD requirements for Ultimate Beneficial Owners.
FinCEN’s new rule and similar ones expected in other countries will most assuredly prove disastrous for financial institutions that don’t get serious about it—right now. And much of the onus will be on the IT departments of financial institutions. The new U.S. law in and of itself will require that financial institutions be accountable for massive amounts of data that will need to be researched for tens of millions of companies worldwide.
Once the U.S. law takes effect, institutions operating in the U.S. will be responsible for processing and vetting sanctions data, negative-news data, corporate associations, individual associations, reverse associations, Ultimate Beneficial Owners, and full down traces that trace relationships from the customer to the UBO and all corporate vehicles in between. This will generate a virtual tidal wave of data on an ongoing basis—for every customer.
How are these down traces going to be researched through tens of millions of corporate records worldwide? That is what the data-provider services do—they sell that data service to financial institutions, but there are IT systems interactions that are required for that to happen. Unless financial institutions and their IT staffs get the wake-up call and tackle this ominous UBO future today, they will be buried in the impossibility of manually processing mountains of data in 2018 and beyond.
IT approach critical to AML/CFT Compliance
Institutions and their IT staffs need immediately to start designing and embracing fully secure tunnels to these data services that are going to absolutely explode in quality and availability in the next couple of years. Basically, there are two options: Institutions can keep their current security policies—i.e. no data tunnel for data-service integration with your AML software solutions—and so block their Compliance staff from complying with U.S. law. Or else they can choose to be proactive now and design ways for these mission-critical servers to speak directly to the data providers without any other Internet connectivity. A new IT approach is the only viable option—clinging to business-as-usual security mandates will make it very difficult for financial institutions to do business in the U.S. without immediately running afoul of sanctions and worse.
This will be a tough pill to swallow, no doubt. These systems are on an institution’s production backbone, and granting any external access to the production backbone represents a genuine and major risk. You never hear of hackers getting directly into banks, and that’s because there is such a careful walling off of the production backbone. But if you are a manual-processing institution for KYC/CDD in 2018 and you’re looking down the tunnel, you’ll be seeing the light—that light on the front of the train.
We at AML Partners were early adopters of what I call the integrated work stream. Work streams occur within the secure data tunnel and are not manipulated by people, mitigating a big security risk.
In an integrated work stream, there are no eyeballs on what is happening from the data providers directly to the user, so there is no way to break into it—it’s one integrated stream. This provides for real-time processing, and it is a tremendous asset to Compliance because the AML/CFT integrated work streams can automatically flag suspicious relationships or behaviors that require the hands-on attention of Compliance staff.
The complexity and prevalence of worldwide financial crime and terror financing increase by leaps and bounds every year. Compliance staffs through their AML software providers need immediate access to this reference data in order to stay out of trouble with state and federal regulators—no matter where they are worldwide.
If you are part of an institution that has not yet embraced the best technologies in AML software solutions—or you are part of an institution wedded to manual processes for AML/CFT Compliance—it’s time to start working now on seeing daylight in 2018 rather than seeing that train.
SURETY Eco: Built-in Principals Registry for UBOs
Handling UBOs in your AML/CFT CDD on-boarding is easy in SURETY Eco, the end-to-end AML Software Ecosystem. Our built-in Principals Registry provides a searchable registry of each UBO that you enter so that you only have to enter each person’s UBO information once. To learn about SURETY Eco and its fully integrated CDD/KYC, transaction monitoring with optional 314a, and sanctions screening capabilities, call us today. We will show you how SURETY Eco and its “Comply on the Fly” engineering adapt completely to your unique risk-based approach. SURETY Eco: The AML Software Ecosystem for end-to-end fully integrated AML/CFT Compliance.