Upload
swift
View
230
Download
1
Embed Size (px)
Citation preview
1
Correspondent Banking Compliance and SWIFT Financial Crime Compliance Services
Naofumi Sukegawa
Director, Compliance Services, Asia Pacific, SWIFT
Agenda: Correspondent Banking Compliance and SWIFT Financial Crime Compliance Services
SWIFT 2020 and the Compliance focus
Challenge in Correspondent Banking Business
• Optimizing current RMA relationships
• Efficient and Effective bank counterparty KYC
• Maintain good relationships with your correspondent banks(Avoid ”De-Risking”)
Key Take Aways:
• It is important to strike a balance between Effectiveness and Efficiency in combatting global financial crime.
• Compliance is becoming a competitive advantage in these days.
• By using SWIFT Compliance Services, you can easily reduce your compliance operational cost, whilst improving your overall compliance capabilities.
Key Industry Compliance Challenges Today
Ever increasing and changing regulations
Significant costs in complying with regulations
Penalties for non compliance
All geographies / All types of players impacted
Lots of duplication for universal challenges
Lots of different, costly, complex solutions
No competitive advantage for banks
Community issues calling for community solutions …
Financial Crime Compliance Roadmap
Standards
Data repositories
Traffic analysis
Quality assurance
Processing services
Sanctions KYC AML
Sanctions list management service
KYC Registry
Compliance Analytics
Sanctions Testing (testing / tuning of transaction & client systems)
AML testing & tuning
FATF 16 information quality
Client/Name screening
Sanctions Screening Traffic Restriction (RMA)
Live Qualification Exploration
Community-inspired financial crime compliance solutions
Sanctions Screening
Hosted solution for cost-effective compliance with sanctions regulations
Sanctions Testing
Maximise the effectiveness and efficiency of banks’ sanctions environment
The KYC Registry
One global source of KYC information for correspondent banking
Compliance Analytics
Enhanced understanding & management of financial crime-related risk
Three new services being introduced in 2016
List Management (Sep)
Sanctions list distribution and management service, also allowing banks to manage sanctions, PEP and private lists
Payments Data Quality FATF16 (Sep)
Post-fact reporting tool to help banks identify and address possible violations of FATF Recommendation 16 (originator and beneficiary fields quality)
Name Screening (Dec)
On-line portal for checking individual names against sanctions and PEP lists (Batch version in 2017)
FCC Roadmap : Toward three inter-connected Utilities
Sanctions Analytics/AML KYC
Interconnected Utilities leveraging commonalities and data between the products & services
Financial Crime Compliance Utility
Comprehensive Service offering
e.g. • Transaction
screening • Sanctions Testing • List Management • Name/Client
Screening
e.g. • KYC Registry • KYC Market Place
e.g. • Compliance Analytics
(evolving toward Bank-to-bank monitoring)
• FATF 16
For ALL SWIFT users (small AND large) over time
What is RMA
RMA (Relationship Management Application) is a SWIFT mechanism to control the traffic you want to accept from your correspondents and vice-versa
Request
Authorization
Rejection
Revocation
Bank A Bank B
1
2
3
3’
1
2
3
3’
Bank A initiates the relationship by requesting an autorisation to bank B
Bank B Opens the relationship by sending an autorisation to Bank A
Bank A closes the relationship by sending a rejection to bank B
Bank B closes the relationship by revoking Bank A authorisation
Sender Receiver
The Challenges
2. No one has ever reviewed RMA relationships.
3. International Business Team(Sales Team) takes responsibility on Correspondent Banking Compliance
1. There is no internal policy on how to manage RMA relationships.
RMA Best Practice
2nd RMA Analysis
3rd RMA Clean-up
1st Standard Operating Procedures
750k +
50% Of total number of outstanding RMA relations is dormant on average
Dormant relations with APAC BICs
13
Step 1: Setup Standard Operating Procedures
How to create new correspondent banking relations?
High risk counter-
party?
A case assigned to RMA Manager
No
Yes
Senior Management
Approval
Due Diligence
Business justification
Senior Management
Approval
Due Diligence
SWIFT Compliance Consulting Services
RMA Authorisations Tasks
• Create
• Close
• On-going monitoring
Responsibility Assignment Matrix
• Who is responsible?
• Who is accountable?
• Who is consulted?
• Who is informed?
Controls
Step 2: RMA Analysis
Link with FIN authenticated
transactions to define the RMA status
• Three possible
statuses:
• Active
• Dormant
• Unused
Decide on the authorizations “to be
removed”
• Process and assistance to facilitate the bulk removal of selected unused RMA relationships
Data Collection
RMA Analysis
Business Evaluation
Overview of existing RMA’s inbound and
outbound
• Institution provides the list of RMA in XML
• Workshop implementation best practices
Key Findings Review
Key findings
• List “hot items”
among RMA correspondence
1 2 3 4
14
15
Step 3: RMA Clean-up
Link with FIN authenticated
transactions to define the RMA status
• Three possible
statuses:
• Active
• Dormant
• Unused
Remove list of identified RMA’s automatically from your interface
• Process and assistance to facilitate the bulk removal of selected unused RMA relationships
Data Collection
RMA Analysis
RMA Clean-up
Overview of existing RMA’s inbound and
outbound
• Institution provides the list of RMA in XML
• Workshop implementation best practices
Key Findings Review
Key findings
• List “hot items”
among RMA correspondence (overview of usage with details at BIC level)
Business Evaluation
1 2 3 4
The Benefits
Better understand Correspondent Relationships
Find out dormant/unused RMAs to reduce risks & KYC costs Avoid Unwanted / Unexpected Traffic
16
Challenges in Correspondent Banking Relationship Management
1.3 million Banking Relationships • 1.3m relationships by 7,000 correspondent
banks over SWIFT
• Everyone wants different things, data quality often poor
• Much time and effort needed by compliance and relationship managers to collate the information
• Evolving regulatory requirements
• Different in different countries
• Correspondent banks de-risking; reducing relationships to reduce risk & cost of KYC processes
Industry standard and platform needed, accessible to all
SWIFT KYC Registry: The Industry KYC Utility
SWIFT’s KYC Registry: the solution to KYC correspondent banking challenges
Community request to build it
Working group set up to design it
Single Standard agreed
Data validation to ensure quality
A feature-rich easy to use platform
Unique value-added content
Free to enter your data and share it
A standard set of KYC data
Category I - Identification of the customer Licenses and Proof of Regulation, Certificate of Incorporation, et cetera Legal name, auditor, regulator, addresses
Category II – Ownership and management structure Declaration of key UBO and shareholders : full names and identifying data Board of Directors Lists: full names and identifying data Group structure Annual Reports, Shareholder listings, certified group and organizational charts
Category III – Type of business and client base Revenue breakdown by legal entity Operating geographies and customer verticals
Category IV – Compliance information Enhanced AML Questions AML docs: e.g. AML Controls, Wolfsberg Questionnaire, US Patriot Act
Category V – Tax information TIN, GIIN,FATCA information & proof of registration, documentation
Have your institution completed data contribution?
A look at where we are…
Over200 Countries
32 Korea entities
2513 Entities registered
701 APAC entities
Further efficiency on Bank Counter Party KYC
Managing correspondents in a many-to-many world
RMA as mechanism to control WHO and WHEN can send you traffic
Preventing ‘unwanted traffic’
Managing the correspondent’s business
RMA Plus as mechanism to control not only WHO and WHEN but also WHAT a correspondent can send to you
Example, for FIN:
- Authorisations only apply to authenticated traffic
- Authorisations can be granular to the level of MT/MT category
RMA
RMA Plus
Step 2: RMA Analysis
Link with FIN authenticated
transactions to define the RMA status
• Three possible
statuses by Message Type(MT):
• Active
• Dormant
• Unused
Decide on the authorizations “to be
removed”
• Process and assistance to facilitate the bulk removal of selected unused RMA relationships
Data Collection
RMA Analysis
Business Evaluation
Overview of existing RMA’s inbound and
outbound
• Institution provides the list of RMA in XML
• Workshop implementation best practices
Key Findings Review
Key findings
• List “hot items”
among RMA correspondence
1 2 3 4
24
26
The challenge
Understanding your customer entails understanding its transactions end-to-end, including flows in which you are not directly involved. The SWIFT Traffic Profile provides transparency on a bank’s behavior over the SWIFT network by highlighting activity with high-risk or sanctioned jurisdictions. Factual and objective data support the due diligence activities and foster ongoing risk monitoring.
Legacy due diligence tools are no longer sufficient to address Regulator’s expectations to ‘know your customer’s customer’. The decision to enter or maintain a correspondent relationship is sometimes taken based on incomplete or incorrect information, hiding downstream correspondent risks posed by the business network of your counterparties.
Is your counterparty exposed to high-risk or sanctioned jurisdictions?
Which jurisdictions does the exposure come from?
Which institutions does the exposure come from?
The solution
27
The SWIFT Traffic Profile addresses the Know Your Customer’s Customer challenge by providing transparency on your customer’s activity over the SWIFT network with high-risk or sanctioned jurisdictions.
?
?
?
?
?
?
?
?
YOU YOUR CUSTOMER
YOUR CUSTOMER’S CUSTOMERS
YOUR CUSTOMER’S DOWNSTREAM
CORRESPONDENTS
SWIFT TRAFFIC PROFILE
3 2
28
I wonder where one of my existing counterparties is engaged in transactions involving entities in sanctioned jurisdictions. How can I obtain factual and objective evidence to support my business decisions to stay or exit a relationship?
I want to enter into a new relationship with a correspondent in an emerging market. How do I assess the risk posed by its customer network before engaging in that relationship? I am aware of past
exposure of one of my counterparties to high risk countries. How do I monitor the evolution of its risk profile over time?
1
3
2
1 Substantiate on-boarding due diligence
Uncover hidden risks posed by your customer’s downstream correspondents
Monitor your customer’s risk profile
30
Challenges at maintaining good relationships with your correspondent banks
1. “De-Risking” is one of the global trend.
2. It is not that easy to understand your correspondent bank’s up-to-date activities accurately.
3. The compliance cost in transaction banking continues to increase on a daily basis, it is not easy to improve operational efficiency, limiting costs and enhancing compliance levels at the same time.
Effectiveness and Efficiency check
Effectiveness
• Provide assurance that your filter works
• Measure system’s fuzzy matching performance
• Assess coverage of sanctions lists
• Align screening system to your risk appetite
Efficiency
• Reduce false positives through iterative testing
• Build optimisation tests into your processes
• Understand parameter changes
• Manage and tune rules and “good-guy” lists
Testing Meeting regulatory demands
Tuning Managing cost and resources
WITH
32
Formats
Settings
Lists
Automate • Repeat • Compare • Monitor
Define test objective
Download test files
Process test files
Upload hit results
View test results
Peer assessment is also available
Sanctions Testing process
33
35
Typical areas where Compliance Analytics will bring value
Risk Assessments Customer Due Diligence
Sanctions Compliance Investigations
Transaction Monitoring
Metrics and dashboarding
Enterprise risk assessment
Correspondent risk assessment
Country reviews
Compare anticipatory behavior against country standards
Periodic reviews to ensure activity is in line with anticipated risk
Event driven reviews
RMA monitoring
Identify flows originating/ ending in country with sanctions
Reconciliation with sanctions filter alerts
Exposure to newly sanctioned entities or countries
De-risking
Nesting
Bad press on specific entities
Volume reconciliation
System tuning
Key Performance & Risk indicators
36
Illustration of payment flows
103
Receiving bank BIC: BANKDEFF
Sending bank BIC: BANKCA2T
Originating BIC8 BIC: ORIGMX66
Beneficiary BIC8 BIC: BENEPL44
52A 57A
Beneficiary Customer
Ordering Customer
50* 59*
Transaction reference (field 20) is the link to identify the underlying transactions details
Sender Receiver
* Not available in Compliance Analytics
38
Monitoring RMA relationships
• How many RMAs have been created the last month? • Who are the counterparties? • In which country are they located?
• How many RMAs do I have per entity? • What is the status of these RMA? • To which country/ counterparty do these RMA relate?
Overview RMA
Newly Created RMA
Closed RMA
• How many RMA have been closed over the last 12 months? • Who are the counterparties? In which countries?
Compliance Analytics
Enhanced understanding and management of correspondent banking risk
Institution-wide risk assessment
• Understand payment patterns
• Enhance correspondent reviews
• Align to policy
Zero footprint
• Immediately accessible • Consolidated rich, accurate
dataset • Interactive tools and reports
Mitigates emerging risk
• Track relationships and understand RMA status
• Understand risk concentration
Monitors payment flows
• To and from your institution • Identify anomalies & nested
activity • Compare to peers
39
Key Take Aways:
• It is important to strike a balance between Effectiveness and Efficiency in combatting global financial crime.
• Compliance is becoming a competitive advantage in these days.
• By using SWIFT Compliance Services, you can easily reduce your compliance operational cost, whilst improving your overall compliance capabilities.