Latest Products

An automated solution

Thursday 10 May 2018

to help fight financial crime    

*This article was originally published in the GRC Professional: Financial Crime 2018.  


In December last year, Bureau Van Dijk held their breakfast seminar, Exposing Financial Crime: Know who you are doing business with

The event provided an opportunity to reiterate the importance of knowing your customer and addressed the complexity of beneficial ownership research and identification.

Qing Liu, Head of Government Solutions, APAC, at Bureau Van Dijk, addressed the importance of considering company data from both the micro and macro levels. According to Liu, the micro level of data analytics is focused on individual cases of suspected financial crime; however, at the macro level, the opportunity exists to examine data to find discrepancies in that information.


 

Leveraging the AML platform
The following month, GRC Professional Magazine spoke to Christo Botes, Bureau Van Dijk’s new Asia-Pacific Head of Compliance Solutions, based in Singapore.

With over 20 years’ experience assisting banks and other corporates in the area of financial crime (FCC) compliance, as well as ‘general’ compliance and conduct-risk-related compliance, Botes’ experience has seen him work in many parts of the world, including Africa, Asia and Europe. This has given him the benefit of seeing the compliance perspectives of multiple jurisdictions, from ‘black letter law’ approaches, to regulation and compliance practices impacted by differing cultural norms and values.

“In Asia, for example, it is a rich and fascinating landscape,” said Botes. “I have picked up a lot about the different jurisdictions, and the cultural components connected to them, and then how business is being done here. In Asia, one of the biggest challenges is high-risk regulatory topics. Very often, these topics include extra-fiduciary duties with the board of directors, to steer the governance of risk. Ultimate responsibility for the governance of risk lies with the board of directors.”
Across the entire Asia-Pacific region, however, are many separate areas of corporate governance to consider and many areas of financial crime compliance, including anti-money laundering compliance, sanctions compliance, and anti-bribery and corruption compliance, as well as data governance-related risk and compliance issues.

This, according to Botes, is the reason why there will always be a challenge. “Areas of concern are connected internationally, and there is exposure to international regulators.” 

The challenge is perennial, especially for banks, because businesses in Singapore, Hong Kong and Australia have such an ‘international flavour’ and a relatively high level of international exposure. This is significant, because even though the regulation itself may differ only slightly between jurisdictions, it is also influenced by the international flavour of regulation, such as recommendations from the Financial Action Task Force (FATF).

This explains why many who operate in this region continue to struggle with risk and compliance. Often, organisations are still trying to structure how their compliance function fits within the broader regulatory risk arena. Then, there is the issue of trying to meet local regulatory obligations, as well as the obligations of every jurisdiction in which they are operating or doing business.

With all this to consider, it’s very possible to make the wrong judgement or to miss something significant.

What is clear, however, is that while differences exist in cultural approaches to regulation and compliance, compliance challenges within individual organisations remain roughly the same and, usually, involve being under-resourced or held back by activities that could be made more efficient with automation.
 


Their automated solution?
Bureau Van Dijk’s automated solution begins with the screening process during on-boarding and involves assisting the organisation with the risk assessment and risk-rating part of the process.

“Many banks in Australia subscribe to our anti-money laundering compliance platform, Compliance Catalyst,” said Botes. “This is basically a workflow platform they can install inside a specific function.”

Compliance Catalyst is powered by company information from Bureau Van Dijk’s Orbis database, a powerful comparable data resource on private companies.

When an organisation wants to on-board a company, they can use Compliance Catalyst as part of their due diligence to generate a corporate profile that includes information from economic sanctions screening lists, a database of positive and adverse mentions, and users’ own data, which can be blended into Compliance Catalyst. This system checks managers and directors against sanctions lists and lists of politically-exposed persons (PEPs). It also looks for adverse news stories associated with companies.

Botes explained the platform helps illuminate complex ownership relationships, while assisting businesses to do effective risk assessments, generating an automated risk rating. This provides the business with a standardised compliance platform to administer their due diligence. Essentially, this kind of platform helps speed up the client on-boarding process.

According to Botes, Orbis gives users access to a huge amount of information—much of it internationally-standardised for easier cross-border comparisons. In addition, the corporate structures on the platform are extensive, with 456 million links having been established since 2002.

The benefits extend to the ongoing due diligence aspects of compliance. Obviously, organisations should have set, periodic reviews to check whether the data they have collected needs to be updated; however, as changes in the system are automatically flagged, Compliance Catalyst expedites this process.

But does it account for those potential incomplete data sets that may have been collected by the organisation?

Much has been said lately with regards to banks’ data collection methods and the risks involved in not being able to leverage their data adequately due to incomplete data sets.

The process involved in on-boarding with platform is, of course, is dependent on the risk appetite of the organisation wishing to do the on-boarding, as this will determine the level of risk-rating at which the organisation decides it is no longer ‘worth the risk’ to on-board a company.

 

Changes in the regulatory stand landscape
It is the rapid changes in the regulatory landscape that are driving financial institutions to automation in the first place.

“What has happened in the regulatory landscape over the last 10 years is that regulators are not only talking about issuing anti-money laundering compliance regulation, but they are asking banks to implement a standardised anti-money laundering process, enterprise-wide,” Botes explained.

He continued that this standardised approach needs to be made part of the bank’s strategy and policy throughout the whole organisation. This means bankers looking at on-boarding in one jurisdiction have to apply that standardised approach to a different regulatory jurisdiction—and that means the framework, people, processes, and systems have to be standardised when on-boarding.

“What that means is that, if you want to manage risk appropriately, the private banker in Australia must not store the company on-boarding information documents on ‘drive A’ on his hard-drive, and the private banker of a subsidiary in Singapore must not store the company on-boarding documents on ‘drive Z’ on his email, because that is not the ‘standardised approach’, nor will it give the group financial crime guys oversight to see what is happening at the group level or subsidiary level,” Botes said.

What it boils down to is that the anti-money laundering group needs sufficient oversight to oversee their money laundering strategy in any jurisdiction in which they operate.

However, should regulatory expectations become truly centralised, then how could the compliance arm of an organisation ensure they had oversight, particularly if the business is operating in multiple jurisdictions?

“The way to do that is to say ‘We understand we have Asia-Pacific-wide operations, and we understand that we have various risk factors in all of these countries’,” Botes explained. “But their minimum requirement—from a corporate governance perspective, from a board compliance oversight initiative, and from an anti-money laundering strategy perspective—is to use a centralised workflow tool.”

Often, however, due to the complexity of on-boarding, and the speed required, the teams involved in the on-boarding process can fall behind.

The speed required to on-board a company continues to be a problem, especially when it comes to companies with extraordinarily-sophisticated trust structures that make it difficult for an on-boarding team to trace their beneficial ownership.

With or without an automated approach, Botes’ advice for compliance professionals to help their organisations meet their regulatory obligations is to start at the board level.
 

Solutions
“Define and develop a proper financial crime compliance strategy at board level,” said Botes. This defining process should filter throughout the organisation, as well as its subsidiaries.

What this entails is the development of a framework, policy, and methodologies and processes that can be used to combat money laundering and terrorism financing.
When it comes to risk and compliance frameworks—as well as conversations regarding culture in general—regulators have been enforcing the message that tone must be set ‘at the top’; often, however, when enforcement action is taken, it comes as a result of something that occurred, not at the group level, but rather at the subsidiary level. It pays, therefore, keep a close eye on subsidiary risk.
“For example, an American bank got fined in the US as a result of failures here in Asia,” Botes said. “Very often, risk lies at the subsidiary level.”

At the board level, it is important that foreign regulatory exposure risk be acknowledged, and this means being very aware of the sanctions list and having an effective sanctions’ strategy.

With the coming of tranche 2 in the Australian framework, it is easy to see how automated platforms could be used by financial services to keep up with their anti-money laundering obligations.