The timing could not have been better. Or worse. On the one hand, the massive leak of the so-called Panama Papers earlier this year shone a bright light on the scope of the issues financial institutions grapple with daily to combat money laundering activity and comply with complex, global regulations. On the other, it is likely that more than a few bank executives viewed the dramatic news with chagrin. After all, the industry had waited four years for updated regulations from the U.S. Department of the Treasury’s Financial Crimes Enforcement Center (FinCen). The protracted, sometimes tedious, process of formulating new rules and regulations for Customer Due Diligence/Know Your Customer (CDD/KYC) compliance came in response to 2012 recommendations from the intergovernmental Financial Action Task Force (FATF), and it created a roadmap of sorts for institutions facing a 2018 deadline for full compliance with the new standards. The release of the Panama Papers serves as a persuasive reminder that the enhanced Anti-Money Laundering (AML) measures were in order and that banks would need cutting-edge solutions to meet ever-evolving challenges.
It just became more important than ever to know your customers
It took FinCen some 62 pages to lay out the new rules and requirements, so a comprehensive account is well beyond the scope of this article. That said, there are some big-picture considerations that every covered institution needs to put front and center in planning for compliance and maximum protections. It is something of an open secret that some financial institutions may have hoped in the past to skirt the most stringent, costly, and challenging aspects of customer due diligence because they fell into a grey area of sorts that might not attract focused attention from regulators. No more. CDD/KYC regulations have been given a new emphasis in the new FinCen regs. That means that CDD/KYC programs are now considered the “fifth pillar” of every AML program. At the macro level, the rules span four key activities, three of which are clarifications or enhancements of previous requirements and one of which is new. As has been the case, the first of these is customer identification and verification. Then, FinCen makes explicit two important provisions that were implied in the existing regulations in a move that clears up any grey areas: “understanding the nature and purpose of customer relationships to develop a customer risk profile” and “ongoing monitoring for reporting suspicious transactions and, on a risk-basis, maintaining and updating customer information.” The fourth requirement is a new one, and the need for it was reinforced in a dramatic way by the Panama Papers. Currently, financial institutions are not required to know the identities of the individuals - the beneficial owners - who own or control business accounts. That has proven to be a huge loophole that criminals seeking to hide dirty money have been able to exploit. Under the beneficial owner requirement, covered institutions will now collect, maintain, and update that information. That information might have come in handy in evaluating risk from the 212,000 shell companies the Panama Papers revealed.
Finding AML solutions for the long term
Given the scope of the problem and the magnitude of the risk (not to mention the amount of time it takes for bureaucracies to respond in a rapidly-changing landscape), prudent financial institutions are seeking solutions that not only meet and exceed these emerging requirements but also have the capacity to keep pace with evolving conditions. At the same time, of course, businesses have to keep their eyes on essentials such as cost-effective solutions that do not undermine customer experience. Most of them find that the forward-thinking answer to both needs is the adoption of a holistic AML system that integrates all of the elements of tracking, reporting, and compliance, from KYC at account opening through CDD on an ongoing basis to filtering third-party watch lists and more. Systems such as the CDD Suite from industry leader NICE Actimize include features such as ongoing customer risk monitoring, proactive detection models, and automated workflows and reporting. It is probably a fool’s errand to attempt to predict what the next challenges and risks from money laundering might be or what new requirements regulators will devise to meet them. But it's a safe bet to say that the necessity of instituting a flexible, holistic solution that addresses the full life cycle of the AML process is with us to stay.
About the Author: Ben Campbell is an accomplished, experienced freelance writer and web security expert who has featured in a number of high profile publications and websites. If he’s not writing about protecting your website you’ll find him listening to live music or at the coast surfing. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Financial Services Cybersecurity Regulations
Learn how Tripwire's strategies bolster cybersecurity in the financial sector. Facing heightened risks, financial organizations can benefit from Tripwire's expertise in security configuration management and file integrity monitoring, ensuring compliance with critical regulations and safeguarding sensitive data.
