Cultivating Best Practices for

Staying Ahead of Trends and Developments in the Banking Industry

Jean Philippe Soubry

Compliance Services Director, Asia Pacific

SWIFT

A. THE GLOBAL PAYMENTS INITIATIVE (GPI)

B. DE-RISKING: FACTS & FIGURES

C. SWIFT FCC: WHAT’s NEW?

D. KYC and CYBER SECURITY

5

SWIFT gpi: secure, faster, traceable & transparent cross-border payments

1 Faster payments Same day use of funds*

Traceable End-to-end payment tracking

2

3 Transparent fees Deducts and FX

4 Full remittance data Unaltered reconciliation info

Your company

Beneficiary

gpi

Intermediary

bank

Beneficiary’s bank

Your bank

*Within the time zone of the receiving gpi member

SWIFTgpi Rulebook $

Invoice

a1700db1-90b2-4948-83d8-6309c5c34a3d

Singapore Business Forum - February 2017

A. THE GLOBAL PAYMENTS INITIATIVE (GPI)

B. DE-RISKING: FACTS & FIGURES

C. SWIFT FCC: WHAT’s NEW?

D. KYC and CYBER SECURITY

7

REPUTATIONAL/FINANCIAL RISKS and DE-RISKING

75% of the large global banks have reported a decline in their number of CBRs

Source: The World Bank

Some will reduce their number of CBRs by more than 50%

Source: SWIFT / ADB

75% 50%

Number of Active Correspondents

-

500

1,000

1,500

2,000

2,500

3,000

3,500

Singapore Malaysia Indonesia Thailand Vietnam Philippines Cambodia BruneiDarussalam

Myanmar Laos

2014

2015

2016

-1.05%

-4.50% -8.16% -4.79%

-0.64% -8.38%

+33.71% -0.69% -10.61% -0.70%

23.5

24

24.5

25

25.5

26

26.5

27

012345678

Jan-1

4

Ma

y-1

4

Sep-1

4

Jan-1

5

Ma

y-1

5

Sep-1

5

Jan-1

6

Ma

y-1

6

Sep-1

6

AP

AC

Acti

ve

Co

rresp

on

den

ts

Th

ou

san

ds

AP

AC

Tra

nsacti

on

s S

en

t

Millio

ns

Transactions sent Active Correspondents

8

DE-RISKING: Potential consequences

For Financial Institutions

1. Higher costs for KYC and remittances

2. Difficulty to maintain and establish new relationships

3. Loss of clients or business opportunities

For Countries

1. Lower regional integration

2. Lesser trade

3. Slower growth

“(…) processing U.S. dollar checks is now lengthier and costlier, with one major bank indicating a cost of US$150 per check” IMF

“ De-risking has the potential to destabilize our economies, promote financial exclusion and increase poverty levels. ” CBCS

9

DE-RISKING EXPLAINED

75% 50%

Source: SWIFT / ADB

DE-RISKING EXPLAINED

10

15.5 Billion $

fines levied on financial institutions in 2015

for violation of sanctions regulations

Global review of banking relationships both on profitability and on compliance

11

DE-RISKING EXPLAINED

DERISKING FACTORS: Suggested Solutions

1. COST: Reduce the cost of KYC/EDD

2. RISK: Put the right controls in place

3. TRANSPARENCY: Communicate proactively

12

HOW CAN SWIFT HELP? Global utilities

DERISKING FACTORS: Suggested Solutions

1. COST: Reduce the cost of KYC / EDD KYC Registry

2. RISK: Put the right controls in place Sanctions Screening / Testing

Name Screening

RMA Analysis

Daily Validation Reports

Compliance Analytics

Etc.

3. TRANSPARENCY: Communicate proactively KYCR

Audit reports (incl. security audit)

A. THE GLOBAL PAYMENTS INITIATIVE (GPI)

B. DE-RISKING: FACTS & FIGURES

C. SWIFT FCC: WHAT’s NEW?

KYC Registry

Sanctions Screening

(NEW) Name Screening

RMA Analysis

(NEW) Payment Data Quality & others

D. KYC and CYBER SECURITY

NSS – Demo

KYC

The KYC Registry

Global depository of due diligence documents

and data

• 3,500+ financial institutions

• 1,000+ in APAC

• 200+ countries and territories

SWIFT Traffic Profile

Aggregated view of transaction activity with

high-risk jurisdictions

KYC Adverse Media

Access to news and regulatory notices about

(potential) customers

RMA Analysis

Understand which of your RMAs have been

dormant or inactive, hence creating

unnecessary costs and risks

COMPLIANCE ANALYTICS

Compliance Analytics

Global view of your organization's SWIFT

message traffic

• 32 financial institutions

• Customer base represents 45% of SWIFT

payments

• 750+ end-users

(NEW) Payments Data Quality

Assess quality of originator and beneficiary

information to comply with FATF

Recommendation 16

(NEW) Daily Validation Reports

Detect unusual payment flows quickly and

easily

SANCTIONS

Sanctions Screening

Transaction screening with Automatic List updates

• 600+ customer institutions

• 140+ in APAC

• 22 central banks

Sanctions Testing

Test, fine-tune and optimize filters and lists with

third-party insurance

• 40 customer institutions

• 4 of the top 5 US banks by asset

• Over half of the top 10 European banks

• 430 subscribers to Sanctions List Monitor

(NEW) Name Screening Service

Screen individual names and customers, supplier

and employee databases

List Management Service

Manage, customize and automate list data feeds

SWIFT Compliance: Top-4 priorities for LOCAL banks

A. THE GLOBAL PAYMENTS INITIATIVE (GPI)

B. DE-RISKING: FACTS & FIGURES

C. SWIFT FCC: WHAT’s NEW?

KYC Registry

Sanctions Screening

(NEW) Name Screening

RMA Analysis

(NEW) Payment Data Quality & others

D. KYC and CYBER SECURITY

PROBLEM: The cost of KYC & EDD is too high

Maintaining existing relationships is time-consuming, risky and costly

DUPLICATED

NON-STANDARDIZED

INACCURATE

TIME-CONSUMING

SOLUTION: SWIFT KYC Registry

DUPLICATED

NON-STANDARDIZED

INACCURATE

TIME-CONSUMING

CENTRALIZED

STANDARDIZED

VALIDATED

EFFICIENT

Standardised baseline

Up-to-date information

Data verification by SWIFT

Cooperative business model

Secure, user-control access

More than 3,500 financial institutions 1,800+ in Europe, Middle East and Africa

1,000+ in Asia Pacific

600+ in the Americas

200+ countries and territories worldwide

C:\Users\jsoubry\Desktop\KYCR\Counterparty coverage by

region 2017 v1.xlsb

Launched in December 2014 in collaboration with Bank of America Merrill Lynch, Barclays, Citi, Commerzbank, Deutsche Bank, Erste Group Bank AG,

HSBC, ING, J.P.Morgan, Raiffeisen Bank International AG, Societe Generale, and Standard Chartered Bank. 19

SWIFT KYC Registry, the new global standard

434

0

100

200

300

400

500

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

NewAPACUsers in2016…

1456

0

200

400

600

800

1000

1200

1400

1600

Jan Feb Mar Apr May Jun Jul Aug Sep OctNov

Dec

New Global Users in2016 (Accumulative)

21

"The KYC Registry will be a key differentiator in ensuring

the correspondent banking industry increases the

accuracy and efficiency around its KYC process. This is

not a 'nice to have' but rather an imperative (…)”

Standard Chartered

C:\Users\jsoubry\Desktop\KYCR\KYCR Baseline & SWIFT

Support.pdf

"Data collection times in many cases have been

reduced from days or weeks to a few hours"

Unicredit

“(…) Converse Bank positions itself as a

more transparent, trustworthy and reliable

business partner in its relations with

existing and potential correspondent

banks."

Converse Bank

A. THE GLOBAL PAYMENTS INITIATIVE (GPI)

B. DE-RISKING: FACTS & FIGURES

C. SWIFT FCC: WHAT’s NEW?

KYC Registry

Sanctions Screening

(NEW) Name Screening

RMA Analysis

(NEW) Payment Data Quality & others

D. KYC and CYBER SECURITY

CHEATSHEET: Why manual checks are not enough

• Lists are updated all the time

Example: SWIFT sanctions lists have been updated 360 times last year => Manual updates have to be done everyday

• Banks need to check all message content, not only name

Example: Sanction lists also include legal entities, addresses, passport number, countries etc. => screening name is not enough

• Free lists don’t provide full coverage

Example: There are 112 spelling variations in Muammar Kaddafi’s name in print media (see table below)

OFAC list provides 8 of them, the UN sanction uses only 1 => Manual screening will only stop 9 out of 112

Qaddafi, Muammar Kaddafi, Muamar Muamar Al-Kaddafi Mu'ammar Qadafi Moammar Khadaffy Muammer Gadaffi

Al-Gathafi, Muammar Kaddafi, Muammar Muamar Kaddafi Muammar Qaddafi Moammar Khaddafi Muammer Gaddafi

al-Qadhafi, Muammar Kadhafi, Moammar Muamer Gadafi Muammar Qadhafi Moammar el Gadhafi Mummar Gaddafi

Al Qathafi, Mu'ammar Kadhafi, Mouammar Muammar Al-Gathafi Mu'ammar Qadhdhafi Moammer Gaddafi Omar Al Qathafi

Al Qathafi, Muammar Kazzafi, Moammar Muammar al-Khaddafi Muammar Quathafi Mouammer al Gaddafi Omar Mouammer Al Gaddafi

El Gaddafi, Moamar Khadafy, Moammar Mu'ammar al-Qadafi Qadafi, Mu'ammar Muamar Gaddafi Omar Muammar Al Ghaddafi

El Kadhafi, Moammar Khaddafi, Muammar Mu'ammar al-Qaddafi Qadhafi, Muammar Muammar Al Ghaddafi Omar Muammar Al Qaddafi

El Kazzafi, Moamer Moamar al-Gaddafi Muammar al-Qadhafi Qadhdhāfī, Mu`ammar Muammar Al Qaddafi Omar Muammar Al Qathafi

El Qathafi, Mu'Ammar Moamar el Gaddafi Mu'ammar al-Qadhdhafi Qathafi, Mu'Ammar el Muammar Al Qaddafi Omar Muammar Gaddafi

Gadafi, Muammar Moamar El Kadhafi Mu`ammar al-Qadhdhāfī Quathafi, Muammar Muammar El Qaddafi Omar Muammar Ghaddafi

Gaddafi, Moamar Moamar Gaddafi Mu'ammar Al Qathafi Qudhafi, Moammar Muammar Gadaffi Omar al Ghaddafi

Gadhafi, Mo'ammar Moamer El Kazzafi Muammar Al Qathafi Moamar AI Kadafi Muammar Gadafy

Gathafi, Muammar Mo'ammar el-Gadhafi Muammar Gadafi Maummar Gaddafi Muammar Gaddhafi

Ghadafi, Muammar Moammar El Kadhafi Muammar Gaddafi Moamar Gadhafi Muammar Gadhafi

Ghaddafi, Muammar Mo'ammar Gadhafi Muammar Ghadafi Moamer Gaddafi Muammar Ghadaffi

Ghaddafy, Muammar Moammar Kadhafi Muammar Ghaddafi Moamer Kadhafi Muammar Qadthafi

Gheddafi, Muammar Moammar Khadafy Muammar Ghaddafy Moamma Gaddafi Muammar al Gaddafi

Gheddafi, Muhammar Moammar Qudhafi Muammar Gheddafi Moammar Gaddafi Muammar el Gaddafy

Kadaffi, Momar Mu`amar al-Kad'afi Muammar Kaddafi Moammar Gadhafi Muammar el Gaddafi

Kad'afi, Mu`amar al- Mu'amar al-Kadafi Muammar Khaddafi Moammar Ghadafi Muammar el Qaddafi

“The Sanctions Screening service allows us to comply with the

sanctions laws by blocking and flagging prohibited transactions.

It is an easy-to-use solution that keeps us up-to-date and

reduces the operational complexity …”

Huang Weibo, Head of International Business, Huizhou Rural Commercial Bank in China

Public Sanctions lists available on SWIFT Sanctions Screening

Public sanctions lists

updated by SWIFT daily

36 +

Private lists & Good-guys lists

managed by the users

Country Description

Australia

Department of Foreign Affairs and Trade (DFAT)

DFAT Iran Specified Entities List

DFAT Country List

Canada

Office of the Superintendent of F.I. (OFSI)

OSFI - United Nations Act Sanctions

Department of Foreign Affairs and Trade (DFAIT)

DFAIT Countries Embargoes

European Union

European Official Journal

EU Countries Embargoes

EU Ukraine Restrictive Measures

France Journal Officiel français

Hong Kong Hong Kong Monetary Authority (HKMA)

HKMA Countries Embargoes

Japan Ministry of Finance

Special Measures

Netherlands Frozen Assets List - Dutch Government

New Zealand New Zealand Police

China Ministry of Public Security of the PRC

Ukraine State Financial Monitoring Service of Ukraine

National Security and Defense Council (NSDC)

Country Description

Norway

Ministry of Foreign Affairs (MFA) list

MFA United Nations list

MFA Countries Embargoes

Singapore

Monetary Authority of Singapore - Investor Alert List

Singapore Government - Terrorism (Suppression of Financing) Act

Switzerland Secrétariat d'Etat à l'Economie (SECO)

SECO Countries Embargoes

United Kingdom

Her Majesty's Treasury

HMT Countries Embargoes

HMT Ukraine Restrictive Measures

United Nations

United Nations

UN Countries Embargoes

United States of America

Financial Crimes Enforcement Network (FINCEN)

OFAC Specially Designated Nationals

OFAC Embargoed Countries

OFAC non-Specially Designated Nationals, including:

• OFAC Palestinian Legislative Council

• OFAC Part 561

• OFAC Foreign Sanctions Evaders

• OFAC Sectoral Sanctions Identifications

• OFAC Non-SDN Iranian Sanctions Act

• OFAC 13599 list

SWIFT Sanctions Screening

Your institution Your correspondents

• Automated screening engine

• No Hardware needed

• Block and report non-compliant

trades in real time (web based GUI)

• 36 lists

• Updated daily

• Private list and good guys list

600+ Clients

120+ countries

22 central banks

SWIFT Sanctions Screening Users since launch in 2012

120 in APAC

A. THE GLOBAL PAYMENTS INITIATIVE (GPI)

B. DE-RISKING: FACTS & FIGURES

C. SWIFT FCC: WHAT’s NEW?

KYC Registry

Sanctions Screening

(NEW) Name Screening

RMA Analysis

(NEW) Payment Data Quality & others

D. KYC and CYBER SECURITY

SWIFT Name Screening: Reduce your Risk Profile

• Name Screening

• Screen single names, as well as customer, supplier and employee databases

• Includes Sanctions, PEP and private lists

• Options

1. New client screening: Online screening

2. Periodic reviews: Batch Name screening

3. Real-time updates: API

NSS – Demo

PEP

Lists SOR

Lists

Sanctions

Lists

Private

Lists

Adverse

Media

SLD Bespoke by

Institution

Public Sanctions Lists

provided by SWIFTs List

Mgmt. Operations team have

been cleansed, standardised

and enriched with BIC and

ISO country codes.

They are updated on a daily

basis.

Providing institutions with an

easily manageable list

scope.

Using Dow Jones world-

class global Politically

Exposed Persons

(PEP) lists

Customers can segment

categories to screen

against.

Both domestic and

international lists

Focuses on PEPs, and

relatives and close

associates (RCAs) who

could pose a risk.

Sanctions Ownership

Research covers

associated entities of

sanctioned individuals

from all jurisdictions on

EU and OFAC lists if

they;

- have 10% or more

ownership

- are on the Board of

Directors

- have controlling

interest

Sourced by DJ’s

specialist research team

Institutions have the

flexibility to upload their

own bespoke lists to be

screened

This also includes local

lists that are not publicly

available (e.g MAS lists

that are only provided

directly to SGP institutions)

Powered by Dow Jones

Adverse Media lists

Benefitting from DJs

specialist research teams

with vast language skills

4 categories can be filtered

– Regulatory, Financial,

Environmental and Social

Mandatory Report Mandatory EDD Sanctions EDD AML Policy (Optional) Risk Based Approach

March 2017 Q3 2017

How do you use NSS Online?

Enter Entity Decision Workflow Results

& Audit

• Clients

• Suppliers

• Employees

• Individuals

• Companies

• Organisations

Review Sanctions and

PEP alerts

Decision workflows based

on requirements.

2 eye or 4 eye Checks

Investigate Entity

Fuzzy matching and other

advanced alerting

techniques generate a

match based on:

- Sanctions lists

- PEP & other lists

- Private lists

NSS – Demo

A. THE GLOBAL PAYMENTS INITIATIVE (GPI)

B. DE-RISKING: FACTS & FIGURES

C. SWIFT FCC: WHAT’s NEW?

KYC Registry

Sanctions Screening

(NEW) Name Screening

RMA Analysis

(NEW) Payment Data Quality & others

D. KYC and CYBER SECURITY

RMA analysis and review 33

What is RMA

RMA (Relationship Management Application) is a SWIFT mechanism

to control the traffic you want to accept from your correspondents

and vice-versa

34

Why is it important to review your RMA relationships?

Wolfsberg Guidance on SWIFT Relationship Management Application (RMA) Due

Diligence (Jul 2016) - extracts

Why is it important to review your RMA relationships?

Correspondent Risk

Open door to undesirable traffic

750k + Dormant relations with APAC BICs

50% Of total number of outstanding RMA

relations is dormant on average

Cost of relationships

RMA Analysis: Process

1. Identify the status of RMA relationships

Traffic

No

Yes

Not in recent 12

months

In recent 12 months

Unused

Dormant

Active

2. Provide Report

3. Clean-up RMAs (optional)

A. THE GLOBAL PAYMENTS INITIATIVE (GPI)

B. DE-RISKING: FACTS & FIGURES

C. SWIFT FCC: WHAT’s NEW?

KYC Registry

Sanctions Screening

(NEW) Name Screening

RMA Analysis

(NEW) Payment Data Quality & others

D. KYC and CYBER SECURITY

Other Compliance Solutions to Reduce your Compliance and Reputational Risk

• Sanctions Testing

• Test your existing Sanctions Screening system’s performance and refine the filter to reduce manual

intervention. Benchmark your performance & risk profile against the industry practices.

• (NEW) Payments Data Quality

• FATF recommendation 16: Beneficiary as well as originator information should be included in wire

transfers and related financial messages

• Provides a global overview of group-wide payments data quality

• Compliance Analytics

• Monitor Country risks, Sanctions, Counterparty risk, nesting activities, suspicious transactions etc.

• Unique to SWIFT

• (NEW) List Management

• Automatic update, cleaning and enrichment of all Major Sanctions Lists

• Helps your bank and your correspondents ensure you are using correct, complete and up-to-date lists

A. THE GLOBAL PAYMENTS INITIATIVE (GPI)

B. DE-RISKING: FACTS & FIGURES

C. SWIFT FCC: WHAT’s NEW?

D. KYC and CYBER SECURITY

40

Payment fraud prevention and detection – What we know

Challenges are:

- Knowing you have been attacked

- Understanding the nature of the attack

- Knowing how to respond to incident

Attackers are organised, sophisticated and well funded

Modus operandi

CSP | Overview

You

Your

Counterparts

Your

Community

Secure and Protect

Share and Prepare Prevent and Detect

Customer Security

Programme

“There are only two

types of companies:

those that have been

hacked and those

that will be hacked” Robert S. Mueller, III, Director FBI

41

Internal Security Audit

as part of KYC?

Daily Validation Reports

SWIFT DVR USAGE

Validate you daily

inbound or outbound

traffic

Focus your investigation

and quickly identify

anomalies

Daily Validation Reports – CSP – Transaction Pattern Detection – Nov 2016

Validates your daily traffic

High variation in traffic

compared to average – does

not match records!

Currency

report

SWIFT DVR USAGE

Validate you daily

inbound or outbound

traffic

Focus your investigation

and quickly identify

anomalies

Daily Validation Reports – CSP – Transaction Pattern Detection – Nov 2016

Identify suspicious transactions & focus your investigation

Uncharacteristic high value or

high volume transactions

Counterparties

Daily Validation Reports – CSP – Transaction Pattern Detection – Nov 2016

Quickly identify new payment flow combination

New payment flow not seen in

the last 24 months New

Counterparties

Daily Validation Reports – CSP – Transaction Pattern Detection – Nov 2016

CHEATSHEET: How DVR can help identify fraud – A fictitious scenario

Attackers gain access to the back office systems of Bank X and send fraudulent payments.

A total of $150M in fraud is sent from Bank X to accounts in Bank Y ($100M) and Bank Z ($50M).

Statements are intercepted by malware in Bank X’s environment – payment records are wrong!

Payments to Bank Y are uncharacteristic, values are usually lower!

There have been no previous payments to Bank Z

Bank X Bank A

Bank Y

Bank B Bank Z

11 fraudulent

payments

totalling $150M

1 fraudulent

payment

of $50M

10 fraudulent

payments

totalling $100M

Identifies new counterparties

Validates activity

Highlights unusual payments 1

2

3

1

2

3

DVR Benefits

Validates Back-office

Detects Incident response

with

• Uses SWIFT’s record of

institution traffic

• No reliance on integrity of

internal systems

• Identify deviations from

usual

• Highlights new

relationships

• Daily refresh for quick

recovery

A simple, secure way to validate your SWIFT transaction activity and

understand your payment risks

Secures Data protection

with

• Centrally hosted

• SWIFT.com protected

access

• Out-of-band

Daily Validation Reports – CSP – Transaction Pattern Detection – Nov 2016

Conclusion

HOW TO TURN COMPLIANCE INTO A COMPETITIVE ADVANTAGE?

HOW SWIFT HELPS TURN COMPLIANCE INTO A COMPETITIVE ADVANTAGE: Conclusion

REDUCE YOUR COMPLIANCE COSTS

REDUCE YOUR RISK PROFILE & IMPROVE RISK MONITORING

COMMUNICATE TRANSPARENTLY

Q & A