CBF 2014 - Compliance Roadmap and Solutions

SWIFT Financial Crime Compliance Initiatives

SWIFT Business Forum, Canada

April 2014

2

Financial crime is top of

the agenda for banks

Significant costs

at stake….

... Yet no competitive

advantage for banks

SWIFT Canadian Business Forum – 2014 – Confidentiality: Public

A community issue calling for a community

solution …

Financial crime is top of

the agenda for banks

Significant costs

at stake….

All geographies / All types of

players impacted

... Yet no competitive

advantage for banks

Lots of duplication…

… for universal challenges

3

KYC Registry on the Compliance Roadmap

FATF 16 Information quality

Compliance Analytics

Sanctions list

Mngt service

Sanctions KYC AML

Processing

services

Traffic analysis

Standards

Data repositories KYC registry

AML testing & tuning

Sanctions Screening

Sanctions Testing & tuning

(transaction & client systems)

Traffic restriction (RMA)

Live

Development

Qualification

Exploration

Quality

Assurance

Client/Name screening


4

More on SWIFT Sanctions Screening

service


Your institution

• Best-in-class Screening engine & user interface

• Centrally hosted and operated by SWIFT

• No local software installation & integration

• Real-time screening of FIN messages

• Sanctions List update service

Sanctions Screening service

Your correspondents

5 SWIFT Canadian Business Forum – 2014 – Confidentiality: Public

• NZ - New Zealand Police

• SG - Singapore MAS - Investor Alert List

• CH - Secrétariat d’Etat à l’Economie

• CH - SECO Countries Embargoes

• UK - Her Majesty’s Treasury

• UK - HMT Countries Embargoes

• UN - United Nations

• UN - UN Countries Embargoes

• US - Office of Foreign Assets Control SDN list

• US - OFAC Palestinian Legislative Council

• US - OFAC Part 561 list

• US - OFAC Foreign Sanctions Evaders

• US - OFAC Countries Embargoes

• US - Financial Crimes Enforcement Network

29 public lists supported – and counting

6

• AU – Department of Foreign Affairs and Trade

• AU - DFAT Countries Embargoes

• AU - DFAT Iran Specified Entities List

• CA –Foreign Affairs and International Trade

• CA - FAIT Countries Embargoes

• CA - Office of the Superintendent of Financial Institutions

• CA - OSFI - United Nations Act Sanctions

• CN - Ministry of Public Security

• EU - European Official Journal

• EU - Countries Embargoes

• FR - Journal Officiel français

• HK - Hong Kong Monetary Authority

• HK - HKMA Countries Embargoes

• JP - Ministry of Finance

• NL - Frozen Assets List - Dutch Government

Customers can

add private lists

3 new lists

since January SWIFT Canadian Business Forum – 2014 – Confidentiality: Public

Sanctions Screening - headlines


168

customers

in 74

countries

Strong roadmap to

develop current service

• Adding more lists to

support local needs

• Support of any formats

(ISO20022, MX, SEPA,

domestic, proprietary,..)

• Fine-tuning rules to

optimise hit rate aligned

with your risk appetite

Expanding the screening

portfolio

• Customer screening

service for client data

against Sanctions, PEP,

Negative media,…

• Sanctions Lifeline as a

disaster recovery

service for your current

screening infrastructure

8

More on SWIFT Sanctions Testing

service


Effectiveness

• Provide assurance that your filter

works

• Measure system’s fuzzy

matching performance

• Assess coverage of sanctions lists

• Align screening system to your

risk appetite

Efficiency

• Reduce false positives

through iterative testing

• Build optimisation tests into

your processes

• Understand parameter changes

• Manage and tune rules and “good-

guy” lists

Testing Meeting regulatory demands

Tuning Managing cost and resources

Sanctions compliance – balancing priorities

with

SWIFT Canadian Business Forum – 2014 – Confidentiality: Public 9

Common issues identified through testing

• Outdated lists

• Missing entry types

• Missing entries

• Language variants not screened correctly

• Deleted records still screened

Sanctions Lists

Quality

• List scope incorrect or not aligned with bank policy

• Inconsistent implementation across filters

• Entity and alias types screened unnecessarily

Screening

Policy

• Inconsistent screening performance across message types

• Message or file elements not screened properly

• Overreliance on specific fields (e.g. address or country)

Message

Types • Poor fuzzy matching

performance

• Line break, word order, sequences

• Poor performance against particular entries (short or long names, aliases)

• Character set matching issues

Filter

Weakness


Formats

Settings

Lists

Automate • Repeat • Compare • Monitor

Sanctions Testing process

Define

test objective

Download

test files

Process

test files

Upload

hit results

View

test results


• Testing

• Defined tests

• 2 systems

• Monthly tests

• App + report

Sanctions Testing

STANDARD

Analyse &

Compare

Regular

Audit Points

• Testing

• Defined tests

• 2 systems

• One-off

• Report

Sanctions Testing

ASSESSMENT

Single

Audit Point

Sanctions Testing Portfolio

• Testing +Tuning

• Custom tests

• Group license

• Unlimited use

• App + report

Functions

Flexibility

Scope

Frequency

Deliverables

Sanctions Testing

ENTERPRISE

On-Going

Testing &

Tuning

12

Sanctions Testing Portfolio


Sanctions List Monitor

• Free service to SWIFT institutions

– Launched Jan 2014

• Register to receive email alerts for

monitored regulatory lists

– Alerts are sent in a common

format irrespective of source

– List change impacts can be

understood

– Alerts are timely and often ahead

of regulatory announcements

– A valuable secondary source to

verify list updates and changes


14

More on Compliance Analytics


Introducing Compliance Analytics Leveraging SWIFT traffic data for risk monitoring


Single Source

Identify

Global aggregated

views

Quantify Benchmark vs totals &

peers

Monitor

Event driven Alerting

Drive

Focus on high risk Investigate

Visual analytics

Report

Interactive generation

Look back

Retrospective reviews

Typical areas where Compliance Analytics

will bring value


• Enterprise risk assessment

• Correspondent risk assessment

Executing Risk assessments

• Compare anticipatory behaviour against country standards

• Periodic reviews to ensure activity is in line with anticipated risk

• Event driven reviews

• Retrospective reviews

Customer Due Diligence

• Country visits

• Correspondent

reviews

Compliance investigations and visits

• Volume reconciliation

• Scenario optimisation

• System tuning

Transaction monitoring

• Pre-calculated metrics

• Key Performance/Risk indicators

Metrics and dashboarding

17

Leveraging country of origin and beneficiary country to provide additional insights

CA UK

CH

YE


MT103: field 52A MT202: field 52A

MT103: field 57A MT202: field 58A

BIC code

BIC code

Example 1 : Country risk assessment– Mauritania What business do I have with Mauritania on a global basis?

Data Sources All figures based on Inbound payments (MT103 & MT202cov)

from correspondents in Mauritania – Full Year 2013

1. Geographical distribution of Demo Bank branches/affiliates,

based on value of inbound traffic. Payments with 4 Demo

bank affiliates in 4 countries

2. Top20 Ultimate beneficiary countries (field 57a), based on

value of inbound traffic: Top 20 out of 100 countries overall

3. Sanctioned country as ultimate beneficiary, based on value of

inbound traffic. Example has one payment sent by Bank X in

Mauritania, via Demo Bank, with Cuba as ultimate beneficiary

country

Value distribution

2. Ultimate beneficiary countries – Top 20 3. Do any flows end up in a Sanctioned country?

1. How many of my branch / affiliates receive payments from Mauritania?

4 branches in 4

countries

Correspondent CORSMRMR in

Mauritania has sent me one payment

in USD that ends up in Cuba



Example 2: Specific Correspondent Risk assessment Where are payments originating from? Ending up in?

1. What are the higher risk

originating countries?

2. Which of my affiliates are

involved in these flows?

3. What are the ultimate

beneficiary countries?

Example 3: Monitor correspondent relationships at group

level Active / Dormant / Unused RMAs


1. RMAs opened in 2012 and status

(active, dormant, unused)

2. Geographical distribution

of new inbound

relationships

3. Are these relationships in

high risk jurisdictions as per

FATF classification?

Example 4: Value range distribution by correspondent

Is value distribution in line with anticipated behaviour?


Bank 1

Bank 2

Bank 3

Bank 4

Bank 5

Bank 6

Bank 7

1. What is the value

distribution from my

correspondents in Nigeria?

2. How has it evolved over

time?

22

More on SWIFT KYC Registry initiative


The Context An unprecedented challenge to comply with KYC legal requirements

23

SWIFT

KYC

Registry

Complex and

inconsistent requirements

across jurisdictions

Cumbersome, repetitive

and inefficient bilateral

exchanges

Unavailability and poor

quality of information

Complex and

inconsistent requirements

across jurisdictions

Cumbersome, repetitive

and inefficient bilateral

exchanges

Unavailability and poor

quality of information


SWIFT KYC Registry in a nutshell Your single source of correspondent banking KYC information

Industry-owned

Well established, neutral partner renowned for driving standardised,

industry-wide solutions

SWIFT

KYC

Registry

Collaborative & user-controlled

Banks submit, maintain and selectively exchange data through the platform

Unique value-add

SWIFT Profile increases transparency through unique, factual traffic

activity report

Complete & up-to-date

SWIFT continuously verifies and validates the

quality of the data

24

Global

Reach of 7000+ banks active in correspondent

banking, representing over 1 million relationships


Collection of data and documents • Structured data

• Supporting documents

• Maintenance

• Archiving and versioning

Controls • Completeness, validity, accuracy

Reporting and monitoring • Platform activity reporting and practices

• Audit trail

• Notifications of changes

Value added services • SWIFT profile

25

I

n s

co

pe

Ou

t of scop

e


Name screening • List screening (PEP, blacklist checking)

• Alert management or bad press

Risk scoring • SWIFT proposed risk score

• Communication on (non)-accepted counterparties

Due Diligence • Around intermediaries

Regulatory watch and market practices

• Monitoring of legal/regulatory updates

What will the SWIFT KYC Registry be in its first phase


Registry Content Structure

Entity summary

I. Identification of the Customer

II. Ownership and Management Structure

III. Type of Business and Client Base

IV. Compliance Information

V. Tax Information

• e.g. Legal and Business Name, Registered Address, BIC Code

• e.g. Banking License, Certificate of Incorporation

• e.g. Form of Organisation, Beneficial Owners

• e.g. Targeted Customers, Geographical Markets

• e.g. USA Patriot Act Certification, Wolfsberg Questionnaire

• e.g. FATCA status

PU

BL

IC

ON

RE

QU

ES

T


SWIFT Profile A new way to bring more transparency on your correspondents’ activities

• Objective and factual, initially based on FIN traffic

• Helps validate declared behaviour

• Substantiates risk rating process

• Different levels of granularity up to the level of

nested correspondents

• Optional and shared at bank’s discretion

• Specific, transparent and unambiguous

• Does not contain competitive information

SW

IFT

Pro

file

28

January ’14

• Formal announcement of the KYC Registry initiative

• Start of KYC Working Group & data contribution

September ’14

• Open the Registry for data contribution by a number of selected banks

December ’14

• Open the Registry for data contribution and consultation by all banks

• Commercial launch of the Registry


Timeline The journey starts today

Bootstrap Controlled ramp-up

General availability


Please provide us with your feedback!

• Kindly complete the survey form and submit upon exiting

What’s next on the agenda?

• Beyond GDP – What is real wealth?

4:00-4:45pm

Plenary Room

Thank you
