Financial Crime Compliance – SWIFT’s Roadmap

Paul Taylor

SOFE Paris, November 2014

SIBOS 2014 Snippets Comments from Adam Szubin (Director OFAC) – Opening of SWIFT Compliance Forum;

‘..to be compliant, you must start with transparency, and you must know your customers (customer)..’

‘..awareness re sanctions is at an all time high, screening is central to a good compliance program..’

‘..queries to the agency are more sophisticated, showing an increased level of understanding..’

‘..must remember that enforcements that are seen today, reflect conduct 5-10 years old, and doesn’t necessarily reflect current behaviour..’

‘..de-risking that is proportionate, is not a concern, extreme de-risking that is not proportionate is an issue..’

It is (still) the primary channel to deliver cross‐border banking services. Looking at cross‐border customer payments on SWIFT, those settled bank‐to‐bank were 67% of total volume.

Correspondent banking is still an attractive business - globally

More recently, despite continued healthy growth of MT 103 message levels, RMA message traffic has seen continued YOY decline = a shrinking in the number of correspondent relationships that the community is maintaining

“The Relevance of Utilities”

“What areas of financial crime prevention lend themselves to being addressed

through a utility model?”

(% of voters)

SWIFT Financial Crime Compliance Roadmap

FATF 16 Information quality

Compliance Analytics

Sanctions list Mngt service

Sanctions KYC AML

Processing services

Traffic analysis

Standards

Data repositories KYC registry

AML testing & tuning

Sanctions Screening

Sanctions Testing & tuning

(transaction & client systems)

Traffic restriction (RMA)

Live Development Qualification Exploration

Quality Assurance

Client/Name screening

The KYC Registry

In a nutshell… The single source of correspondent banking KYC information

7,000+ banks on SWIFT

Member Owned, not for profit

Leverage SWIFT membership process to collect ‘basic’ data

Part of holistic SWIFT Compliance Roadmap (wholly industry-driven)

• Standardised Data Set

• Secure platform and exchange

• Unique value-add features

• Community inspired and priced

The foundation…

More concretely…

• Standardised data set for KYC in Correspondent Banking

– Unique Enhanced Due Diligence detail and supporting docs

(AML Documents including; Wolfsberg Questionnaire, AML Controls, Bank Licenses, US Patriot Act Certificates, Annual Reports …)

• Continuously validated content

– Fact-based, documented and transparent controls, change driven

• A secure and trusted data exchange platform

– Banks submit, maintain and selectively exchange data through the platform

Identify areas of risk and demonstrate your declared behaviour: the SWIFT Profile

Sanctions Screening

250+ users

90+ countries

●●

●●

●●

● ●

●●

●●

●●

Introducing a new Sanctions Screening option

Jan

2015

Your institution Your correspondent

●●●●●●●●●●●●●● ●●●●●●●●●●●●●●

●●●●●●●●●●●●●●●●●●●●●●●●●●●●

Based on Copy

Based on Connector

Sanctions Testing

Effectiveness

• Provide assurance that your filter

works

• Measure system’s fuzzy matching performance

• Assess coverage of sanctions lists

• Align screening system to your risk appetite

Efficiency

• Reduce false positives

through iterative testing

• Build optimisation tests into

your processes

• Understand parameter changes

• Manage and tune rules and

“good-guy” lists

Testing Meeting regulatory demands

Tuning Managing cost and resources

Sanctions compliance – balancing priorities

with

Common issues identified through testing

• Outdated lists

• Missing entry types

• Missing entries

• Language variants not screened correctly

• Deleted records still screened

Sanctions Lists Quality

• List scope incorrect or not aligned with bank policy

• Inconsistent implementation across filters

• Entity and alias types screened unnecessarily

Screening Policy

• Inconsistent screening performance across message types

• Message or file elements not screened properly

• Overreliance on specific fields (e.g. address or country)

Message Types

• Poor fuzzy matching performance

• Line break, word order, sequences

• Poor performance against particular entries (short or long names, aliases)

• Character set matching issues

Filter Weakness

Compliance Analytics

Introducing Compliance Analytics Leveraging SWIFT traffic data for risk monitoring

Single Source

Identify

Global aggregated

views

Quantify Benchmark vs totals & peers

Monitor

Event driven Alerting

Drive

Focus on high risk

Investigate

Visual analytics

Report

Interactive generation

Look back

Retrospective reviews

Typical areas where Compliance Analytics will bring value

• Enterprise risk assessment

• Correspondent risk assessment

Executing Risk assessments

• Compare anticipatory behaviour against country standards

• Periodic reviews to ensure activity is in line with anticipated risk

• Event driven reviews

• Retrospective reviews

Customer Due Diligence

• Country visits

• Correspondent

reviews

Compliance investigations and visits

• Volume reconciliation

• Scenario optimisation

• System tuning

Transaction monitoring

• Pre-calculated metrics

• Key Performance/Risk indicators

Metrics and dashboarding