SWIFT Financial Crime compliance initiatives

Alex Lee Director, Payments Markets, SWIFT Asia Pacific

2

Financial Crime Compliance Roadmap

FATF 16 Information quality Compliance Analytics

Sanctions list Mngt service

Sanctions KYC AML

Processing services

Traffic analysis

Standards

Data repositories KYC registry

AML testing & tuning

Sanctions Screening

Sanctions Testing & tuning (transaction & client systems)

Traffic restriction (RMA)

Live Development Qualification Exploration

Quality Assurance

Client/Name screening

3

More on SWIFT Sanctions Screening

service

Your institution

• Best-in-class Screening engine & user interface • Centrally hosted and operated by SWIFT • No local software installation & integration • Real-time screening of FIN messages • Sanctions List update service

Sanctions Screening service

Your correspondents

4

Sanctions Screening - headlines

5

184 customers

in 80 countries

Strong roadmap to develop current service • Adding more lists to

support local needs

• Support of any formats (ISO20022, MX, SEPA, domestic, proprietary,..)

• Fine-tuning rules to optimise hit rate aligned with your risk appetite

Expanding the screening portfolio • Customer screening

service for client data against Sanctions, PEP, Negative media,…

• Sanctions Lifeline as a disaster recovery service for your current screening infrastructure

7

More on SWIFT Sanctions Testing

service

Effectiveness • Provide assurance that your filter

works • Measure system’s fuzzy

matching performance • Assess coverage of sanctions lists • Align screening system to your

risk appetite

Efficiency • Reduce false positives

through iterative testing • Build optimisation tests into

your processes • Understand parameter changes • Manage and tune rules and “good-

guy” lists

Testing Meeting regulatory demands

Tuning Managing cost and resources

Sanctions compliance – balancing priorities

with

8

Formats

Settings

Lists

Automate • Repeat • Compare • Monitor

Sanctions Testing process Define test objective

Download test files

Process test files

Upload hit results

View test results

9

Results Matrix

Critical Misses

Should Be Missed

Should Be Hit

Wasted Investigations

Graphical comparison of the filter fuzzy

performance at 3 different

thresholds

Common issues identified through testing

• Outdated lists • Missing entry

types • Missing entries • Language

variants not screened correctly

• Deleted records still screened

Sanctions Lists Quality

• List scope incorrect or not aligned with bank policy

• Inconsistent implementation across filters

• Entity and alias types screened unnecessarily

Screening Policy

• Inconsistent screening performance across message types

• Message or file elements not screened properly

• Overreliance on specific fields (e.g. address or country)

Message Types

• Poor fuzzy matching performance

• Line break, word order, sequences

• Poor performance against particular entries (short or long names, aliases)

• Character set matching issues

Filter Weakness

12

13

More on Compliance Analytics

Typical areas where Compliance Analytics will bring value

14

• Enterprise risk assessment

• Correspondent risk assessment

Executing Risk assessments

• Compare anticipatory behaviour against country standards

• Periodic reviews to ensure activity is in line with anticipated risk

• Event driven reviews

• Retrospective reviews

Customer Due Diligence

• Country visits • Correspondent reviews

Compliance investigations and visits

• Volume reconciliation

• Scenario optimisation

• System tuning

Transaction monitoring

• Pre-calculated metrics

• Key Performance/Risk indicators

Metrics and dashboarding

15

Leveraging country of origin and beneficiary country to provide additional insights

CA UK

CH

YE MT103: field 52A MT202: field 52A MT103: field 57A

MT202: field 58A

BIC code

BIC code

Example 1 : Country risk assessment– Mauritania What business do I have with Mauritania on a global basis?

Data Sources All figures based on Inbound payments (MT103 & MT202cov) from correspondents in Mauritania – Full Year 2013

1. Geographical distribution of Demo Bank branches/affiliates, based on value of inbound traffic. Payments with 4 Demo bank affiliates in 4 countries

2. Top20 Ultimate beneficiary countries (field 57a), based on value of inbound traffic: Top 20 out of 100 countries overall

3. Sanctioned country as ultimate beneficiary, based on value of inbound traffic. Example has one payment sent by Bank X in Mauritania, via Demo Bank, with Cuba as ultimate beneficiary country

Value distribution

2. Ultimate beneficiary countries – Top 20 3. Do any flows end up in a Sanctioned country?

1. How many of my branch / affiliates receive payments from Mauritania?

4 branches in 4 countries

Correspondent CORSMRMR in Mauritania has sent me one payment

in USD that ends up in Cuba

16

17

Example 2: Specific Correspondent Risk assessment Where are payments originating from? Ending up in?

1. What are the higher risk originating countries?

2. Which of my affiliates are involved in these flows?

3. What are the ultimate beneficiary countries?

Example 3: Monitor correspondent relationships at group level Active / Dormant / Unused RMAs

18

1. RMAs opened in 2012 and status (active, dormant, unused)

2. Geographical distribution of new inbound relationships

3. Are these relationships in high risk jurisdictions as per FATF classification?

Example 4: Value range distribution by correspondent Is value distribution in line with anticipated behaviour?

19

Bank 1

Bank 2

Bank 3

Bank 4

Bank 5

Bank 6

Bank 7

1. What is the value distribution from my correspondents in Nigeria?

2. How has it evolved over time?

20

More on SWIFT KYC Registry initiative

The Context An unprecedented challenge to comply with KYC legal requirements

21

SWIFT KYC

Registry

Complex and inconsistent requirements across jurisdictions

Cumbersome, repetitive and inefficient bilateral exchanges

Unavailability and poor quality of information

Complex and inconsistent requirements across jurisdictions

Cumbersome, repetitive and inefficient bilateral exchanges

Unavailability and poor quality of information

Collection of data and documents • Structured data • Supporting documents • Maintenance • Archiving and versioning

Controls • Completeness, validity, accuracy

Reporting and monitoring • Platform activity reporting and practices • Audit trail • Notifications of changes

Value added services • SWIFT profile

22

I

n sc

ope

Out

of s

cope

Name screening • List screening (PEP, blacklist checking) • Alert management or bad press

Risk scoring • SWIFT proposed risk score • Communication on (non)-accepted

counterparties

Due Diligence • Around intermediaries

Regulatory watch and market practices

• Monitoring of legal/regulatory updates

What will the SWIFT KYC Registry be in its first phase

23

SWIFT Profile A new way to bring more transparency on your correspondents’ activities

• Objective and factual, initially based on FIN traffic • Helps validate declared behaviour • Substantiates risk rating process • Different levels of granularity up to the level of

nested correspondents • Optional and shared at bank’s discretion • Specific, transparent and unambiguous • Does not contain competitive information

SW

IFT

Pro

file

24

SWIFT Profile – Granularity

SWIFT Profile Level 3 – “Nested Correspondents”

Country BIC Code Bank NameTurkey TRBATRIS Turkish Bank A

TRBATRIS Turkish Bank BTRBATRIS Turkish Bank CTRBATRIS Turkish Bank DTRBATRIS Turkish Bank ETRBATRIS Turkish Bank FTRBATRIS Turkish Bank GTRBATRIS Turkish Bank HTRBATRIS Turkish Bank I

Indonesia IDBAIDJX Indonesian Bank AIDBAIDJX Indonesian Bank BIDBAIDJX Indonesian Bank CIDBAIDJX Indonesian Bank DIDBAIDJX Indonesian Bank EIDBAIDJX Indonesian Bank FIDBAIDJX Indonesian Bank GIDBAIDJX Indonesian Bank HIDBAIDJX Indonesian Bank I

SWIFT Profile Level 1

Does Bank A have correspondent banking activity with entities located in countries under close monitoring of the FATF?

Yes No

Identities of Bank A’s correspondents per concerned jurisdiction:

SWIFT Profile Level 2 – “Nested Countries”

Bank A’s correspondent banking traffic with concerned FATF jurisdictions. Share per country:

25

January ’14

• Formal announcement

of the KYC Registry initiative

• Start of KYC Working Group & data contribution

September ’14

• Open the Registry for

data contribution by a number of selected banks

December ’14

• Open the Registry for

data contribution and consultation by all banks

• Commercial launch of the Registry

Timeline The journey starts today

Bootstrap Controlled ramp-up

General availability

Thank you

26