1

Correspondent Banking Compliance and SWIFT Financial Crime Compliance Services

Naofumi Sukegawa

Director, Compliance Services, Asia Pacific, SWIFT

Agenda: Correspondent Banking Compliance and SWIFT Financial Crime Compliance Services

SWIFT 2020 and the Compliance focus

Challenge in Correspondent Banking Business

• Optimizing current RMA relationships

• Efficient and Effective bank counterparty KYC

• Maintain good relationships with your correspondent banks(Avoid ”De-Risking”)

Key Take Aways:

• It is important to strike a balance between Effectiveness and Efficiency in combatting global financial crime.

• Compliance is becoming a competitive advantage in these days.

• By using SWIFT Compliance Services, you can easily reduce your compliance operational cost, whilst improving your overall compliance capabilities.

Key Industry Compliance Challenges Today

Ever increasing and changing regulations

Significant costs in complying with regulations

Penalties for non compliance

All geographies / All types of players impacted

Lots of duplication for universal challenges

Lots of different, costly, complex solutions

No competitive advantage for banks

Community issues calling for community solutions …

Financial Crime Compliance Roadmap

Standards

Data repositories

Traffic analysis

Quality assurance

Processing services

Sanctions KYC AML

Sanctions list management service

KYC Registry

Compliance Analytics

Sanctions Testing (testing / tuning of transaction & client systems)

AML testing & tuning

FATF 16 information quality

Client/Name screening

Sanctions Screening Traffic Restriction (RMA)

Live Qualification Exploration

Community-inspired financial crime compliance solutions

Sanctions Screening

Hosted solution for cost-effective compliance with sanctions regulations

Sanctions Testing

Maximise the effectiveness and efficiency of banks’ sanctions environment

The KYC Registry

One global source of KYC information for correspondent banking

Compliance Analytics

Enhanced understanding & management of financial crime-related risk

Three new services being introduced in 2016

List Management (Sep)

Sanctions list distribution and management service, also allowing banks to manage sanctions, PEP and private lists

Payments Data Quality FATF16 (Sep)

Post-fact reporting tool to help banks identify and address possible violations of FATF Recommendation 16 (originator and beneficiary fields quality)

Name Screening (Dec)

On-line portal for checking individual names against sanctions and PEP lists (Batch version in 2017)

FCC Roadmap : Toward three inter-connected Utilities

Sanctions Analytics/AML KYC

Interconnected Utilities leveraging commonalities and data between the products & services

Financial Crime Compliance Utility

Comprehensive Service offering

e.g. • Transaction

screening • Sanctions Testing • List Management • Name/Client

Screening

e.g. • KYC Registry • KYC Market Place

e.g. • Compliance Analytics

(evolving toward Bank-to-bank monitoring)

• FATF 16

For ALL SWIFT users (small AND large) over time

Optimizing Current RMA relationships

What is RMA

RMA (Relationship Management Application) is a SWIFT mechanism to control the traffic you want to accept from your correspondents and vice-versa

Request

Authorization

Rejection

Revocation

Bank A Bank B

1

2

3

3’

1

2

3

3’

Bank A initiates the relationship by requesting an autorisation to bank B

Bank B Opens the relationship by sending an autorisation to Bank A

Bank A closes the relationship by sending a rejection to bank B

Bank B closes the relationship by revoking Bank A authorisation

Sender Receiver

The Challenges

2. No one has ever reviewed RMA relationships.

3. International Business Team(Sales Team) takes responsibility on Correspondent Banking Compliance

1. There is no internal policy on how to manage RMA relationships.

RMA Best Practice

2nd RMA Analysis

3rd RMA Clean-up

1st Standard Operating Procedures

750k +

50% Of total number of outstanding RMA relations is dormant on average

Dormant relations with APAC BICs

13

Step 1: Setup Standard Operating Procedures

How to create new correspondent banking relations?

High risk counter-

party?

A case assigned to RMA Manager

No

Yes

Senior Management

Approval

Due Diligence

Business justification

Senior Management

Approval

Due Diligence

SWIFT Compliance Consulting Services

RMA Authorisations Tasks

• Create

• Close

• On-going monitoring

Responsibility Assignment Matrix

• Who is responsible?

• Who is accountable?

• Who is consulted?

• Who is informed?

Controls

Step 2: RMA Analysis

Link with FIN authenticated

transactions to define the RMA status

• Three possible

statuses:

• Active

• Dormant

• Unused

Decide on the authorizations “to be

removed”

• Process and assistance to facilitate the bulk removal of selected unused RMA relationships

Data Collection

RMA Analysis

Business Evaluation

Overview of existing RMA’s inbound and

outbound

• Institution provides the list of RMA in XML

• Workshop implementation best practices

Key Findings Review

Key findings

• List “hot items”

among RMA correspondence

1 2 3 4

14

15

Step 3: RMA Clean-up

Link with FIN authenticated

transactions to define the RMA status

• Three possible

statuses:

• Active

• Dormant

• Unused

Remove list of identified RMA’s automatically from your interface

• Process and assistance to facilitate the bulk removal of selected unused RMA relationships

Data Collection

RMA Analysis

RMA Clean-up

Overview of existing RMA’s inbound and

outbound

• Institution provides the list of RMA in XML

• Workshop implementation best practices

Key Findings Review

Key findings

• List “hot items”

among RMA correspondence (overview of usage with details at BIC level)

Business Evaluation

1 2 3 4

The Benefits

Better understand Correspondent Relationships

Find out dormant/unused RMAs to reduce risks & KYC costs Avoid Unwanted / Unexpected Traffic

16

Efficient Bank Counterparty KYC

Challenges in Correspondent Banking Relationship Management

1.3 million Banking Relationships • 1.3m relationships by 7,000 correspondent

banks over SWIFT

• Everyone wants different things, data quality often poor

• Much time and effort needed by compliance and relationship managers to collate the information

• Evolving regulatory requirements

• Different in different countries

• Correspondent banks de-risking; reducing relationships to reduce risk & cost of KYC processes

Industry standard and platform needed, accessible to all

SWIFT KYC Registry: The Industry KYC Utility

SWIFT’s KYC Registry: the solution to KYC correspondent banking challenges

Community request to build it

Working group set up to design it

Single Standard agreed

Data validation to ensure quality

A feature-rich easy to use platform

Unique value-added content

Free to enter your data and share it

SWIFT KYC Registry: Bilateral exchange to Central Repository

A standard set of KYC data

Category I - Identification of the customer Licenses and Proof of Regulation, Certificate of Incorporation, et cetera Legal name, auditor, regulator, addresses

Category II – Ownership and management structure Declaration of key UBO and shareholders : full names and identifying data Board of Directors Lists: full names and identifying data Group structure Annual Reports, Shareholder listings, certified group and organizational charts

Category III – Type of business and client base Revenue breakdown by legal entity Operating geographies and customer verticals

Category IV – Compliance information Enhanced AML Questions AML docs: e.g. AML Controls, Wolfsberg Questionnaire, US Patriot Act

Category V – Tax information TIN, GIIN,FATCA information & proof of registration, documentation

Have your institution completed data contribution?

A look at where we are…

Over200 Countries

32 Korea entities

2513 Entities registered

701 APAC entities

Further efficiency on Bank Counter Party KYC

Managing correspondents in a many-to-many world

RMA as mechanism to control WHO and WHEN can send you traffic

Preventing ‘unwanted traffic’

Managing the correspondent’s business

RMA Plus as mechanism to control not only WHO and WHEN but also WHAT a correspondent can send to you

Example, for FIN:

- Authorisations only apply to authenticated traffic

- Authorisations can be granular to the level of MT/MT category

RMA

RMA Plus

Step 2: RMA Analysis

Link with FIN authenticated

transactions to define the RMA status

• Three possible

statuses by Message Type(MT):

• Active

• Dormant

• Unused

Decide on the authorizations “to be

removed”

• Process and assistance to facilitate the bulk removal of selected unused RMA relationships

Data Collection

RMA Analysis

Business Evaluation

Overview of existing RMA’s inbound and

outbound

• Institution provides the list of RMA in XML

• Workshop implementation best practices

Key Findings Review

Key findings

• List “hot items”

among RMA correspondence

1 2 3 4

24

Effective Bank Counterparty KYC

26

The challenge

Understanding your customer entails understanding its transactions end-to-end, including flows in which you are not directly involved. The SWIFT Traffic Profile provides transparency on a bank’s behavior over the SWIFT network by highlighting activity with high-risk or sanctioned jurisdictions. Factual and objective data support the due diligence activities and foster ongoing risk monitoring.

Legacy due diligence tools are no longer sufficient to address Regulator’s expectations to ‘know your customer’s customer’. The decision to enter or maintain a correspondent relationship is sometimes taken based on incomplete or incorrect information, hiding downstream correspondent risks posed by the business network of your counterparties.

Is your counterparty exposed to high-risk or sanctioned jurisdictions?

Which jurisdictions does the exposure come from?

Which institutions does the exposure come from?

The solution

27

The SWIFT Traffic Profile addresses the Know Your Customer’s Customer challenge by providing transparency on your customer’s activity over the SWIFT network with high-risk or sanctioned jurisdictions.

?

?

?

?

?

?

?

?

YOU YOUR CUSTOMER

YOUR CUSTOMER’S CUSTOMERS

YOUR CUSTOMER’S DOWNSTREAM

CORRESPONDENTS

SWIFT TRAFFIC PROFILE

3 2

28

I wonder where one of my existing counterparties is engaged in transactions involving entities in sanctioned jurisdictions. How can I obtain factual and objective evidence to support my business decisions to stay or exit a relationship?

I want to enter into a new relationship with a correspondent in an emerging market. How do I assess the risk posed by its customer network before engaging in that relationship? I am aware of past

exposure of one of my counterparties to high risk countries. How do I monitor the evolution of its risk profile over time?

1

3

2

1 Substantiate on-boarding due diligence

Uncover hidden risks posed by your customer’s downstream correspondents

Monitor your customer’s risk profile

Maintain good relationships with your correspondent banks(Avoid ”De-Risking”)

30

Challenges at maintaining good relationships with your correspondent banks

1. “De-Risking” is one of the global trend.

2. It is not that easy to understand your correspondent bank’s up-to-date activities accurately.

3. The compliance cost in transaction banking continues to increase on a daily basis, it is not easy to improve operational efficiency, limiting costs and enhancing compliance levels at the same time.

Effectiveness and Efficiency check

Effectiveness

• Provide assurance that your filter works

• Measure system’s fuzzy matching performance

• Assess coverage of sanctions lists

• Align screening system to your risk appetite

Efficiency

• Reduce false positives through iterative testing

• Build optimisation tests into your processes

• Understand parameter changes

• Manage and tune rules and “good-guy” lists

Testing Meeting regulatory demands

Tuning Managing cost and resources

WITH

32

Formats

Settings

Lists

Automate • Repeat • Compare • Monitor

Define test objective

Download test files

Process test files

Upload hit results

View test results

Peer assessment is also available

Sanctions Testing process

33

34

Compliance Analytics leveraging SWIFT traffic data for risk monitoring

35

Typical areas where Compliance Analytics will bring value

Risk Assessments Customer Due Diligence

Sanctions Compliance Investigations

Transaction Monitoring

Metrics and dashboarding

Enterprise risk assessment

Correspondent risk assessment

Country reviews

Compare anticipatory behavior against country standards

Periodic reviews to ensure activity is in line with anticipated risk

Event driven reviews

RMA monitoring

Identify flows originating/ ending in country with sanctions

Reconciliation with sanctions filter alerts

Exposure to newly sanctioned entities or countries

De-risking

Nesting

Bad press on specific entities

Volume reconciliation

System tuning

Key Performance & Risk indicators

36

Illustration of payment flows

103

Receiving bank BIC: BANKDEFF

Sending bank BIC: BANKCA2T

Originating BIC8 BIC: ORIGMX66

Beneficiary BIC8 BIC: BENEPL44

52A 57A

Beneficiary Customer

Ordering Customer

50* 59*

Transaction reference (field 20) is the link to identify the underlying transactions details

Sender Receiver

* Not available in Compliance Analytics

Dashboard Function and Alert Function

38

Monitoring RMA relationships

• How many RMAs have been created the last month? • Who are the counterparties? • In which country are they located?

• How many RMAs do I have per entity? • What is the status of these RMA? • To which country/ counterparty do these RMA relate?

Overview RMA

Newly Created RMA

Closed RMA

• How many RMA have been closed over the last 12 months? • Who are the counterparties? In which countries?

Compliance Analytics

Enhanced understanding and management of correspondent banking risk

Institution-wide risk assessment

• Understand payment patterns

• Enhance correspondent reviews

• Align to policy

Zero footprint

• Immediately accessible • Consolidated rich, accurate

dataset • Interactive tools and reports

Mitigates emerging risk

• Track relationships and understand RMA status

• Understand risk concentration

Monitors payment flows

• To and from your institution • Identify anomalies & nested

activity • Compare to peers

39

Key Take Aways:

• It is important to strike a balance between Effectiveness and Efficiency in combatting global financial crime.

• Compliance is becoming a competitive advantage in these days.

• By using SWIFT Compliance Services, you can easily reduce your compliance operational cost, whilst improving your overall compliance capabilities.