Sanctions Screening System Validation Ver. 1.0
-
Upload
m-babar-shameem -
Category
Documents
-
view
60 -
download
2
Transcript of Sanctions Screening System Validation Ver. 1.0
M. Babar Shameem
222
§ Managing Partner, TruPoint, LLC§ Head of Advisory Services, AML Analytics
Limited§ Previously, Global Head, AML / Sanctions
Screening and AB&C Technology, Citi
[email protected]@aml-analytics.com
https://www.linkedin.com/in/babarshameem
2Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
3
POINTS FOR DISCUSSION
01
02
03
04
05
06
OVERVIEW OF SANCTIONS AND KEY REGULATORY REQUIREMENTS
OVERVIEW OF SCREENING
KEY ELEMENTS OF A SANCTIONS SCREENING SOLUTION
TOP 5 CHALLENGES
RE-CAP AND CONCLUSIONS
OPEN DISCUSSION
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ U.S. Sanctions are administered by the US Treasury Department’s Office of Foreign Assets Control (OFAC)
§ Intended to• support US foreign policy and national security objectives (e.g., f ight
terrorist financing)• change the behavior of a particular individual, group, country or regime
§ Applicable to all US individuals and businesses
§ Outside of the US, countries may maintain their own sanctions
§ Reinforced by other Federal and State agencies
4
SANCTIONS OVERVIEW
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
Strict Liability Standard / Risk-Based Nature
Blocking Property / Rejecting Prohibited Transactions
Reporting Obligations, including Licensing
Avoid Facilitation
Record Keeping
5
Key Sanctions Requirements and Characteristics
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ OFAC enforcement guidelines (31 CFR Part 501)https://www.treasury.gov/resource-center/sanctions/Documents/fr74_57593.pdf
§ FFIEC BSA/AML Examination Manualhttps://www.ffiec.gov/bsa_aml_infobase/pages_manual/manual_online.htm
§ New York State Department of Financial Serviceshttp://www.dfs.ny.gov/legal/regulations/adoptions/dfsp504t.pdf
13
Where to Find Key Expectations?
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
A. Willful or Reckless Violation of Law
E. Compliance Program
G. Cooperation with OFAC
H. Timing of Apparent Violation(s)
I. Other Enforcement Action(s)
J. Future Compliance/Deterrence Effect
K. Other Relevant Factors
B. Management Awareness of Conduct
C. Harm to Sanctions Program Objectives
D. Individual Characteristics
F. Remedial Response
General Factors
31 C.F.R. part 501, Appendix A 74 Fed. Reg. 57,593 (Nov. 9, 2009)
Economic Sanctions
Enforcement Guidelines
Box 1 and Box 2 penalties are capped at $32,500 and $65,000 per Trading With the Enemy Act (TWEA) violation, respectively .
Base Penalty Matrix
Types of OFAC Responses
7
Overview of OFAC Enforcement Guidelines
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ Since 2009, financial institutions have paid over USD $16 billion in penalties and settlements on OFAC-related matters.
§ These cases relate to apparent sanctions violations and generally involve settlements with other U.S. authorities, in addition to OFAC.
Non-compliance with U.S. sanctions laws and regulations can result in very large civil monetary penalties and criminal prosecution. OFAC penalties and settlements are made public and, therefore, entail a level of reputational harm. OFAC-related enforcement may include actions by the Department of Justice (DOJ), Federal Reserve Bank (FRB), Office of the Comptroller of the Currency (OCC) and the New Your Department of Financial Services (NYDFS), among others.
*As of June 20168
Enforcement Actions Against Fis: 2009 – 2016*
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ Documented Sanctions Risk Assessment / Program• Business lines, Products offered, Clients base and Geographic footprint
§ Sanctions Policy and Risk Appetite Statements• Supported by the institution’s senior management and Board• Defined roles and responsibilities• Policy statements• Standards, procedures and guidance documents• Awareness, Training, Communication and Oversight
§ System of Internal Controls§ Internal Audit, Compliance Monitoring and Testing
9
Key Elements of a Sanctions Program
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ High risk, high speed, high volume transactions• Cross Border Funds Transfers, Trade Financing/Services, Securities
§ Real-time interdiction as opposed to look-back• Before processing a transaction or opening an account or client
relationship
§ Effective Blocking, Rejecting and Reporting
§ Re-submitted transaction monitoring
§ Audit trails and Record keeping
10
Sanctions Screening and Risk Management
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
11
POINTS FOR DISCUSSION
01
02
03
04
05
06
OVERVIEW OF SANCTIONS AND KEY REGULATORY REQUIREMENTS
OVERVIEW OF SCREENING
KEY ELEMENTS OF A SANCTIONS SCREENING SOLUTION
TOP 5 CHALLENGES
RE-CAP AND CONCLUSIONS
OPEN DISCUSSION
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ Prioritize client screening results for review: Sanctions deals with “strict liability” whereas AML relates more to “reasonability”
§ Sanctions compliance programs are costly due to requirements that are shifting
§ Even when sanctions technology solutions are effective, they are generally inefficient
§ Efficiency requires better automation whereby prohibited individuals and entities are identified with greater likelihood of reduced false positives
§ Needs efficient case management / workflow
12
Solutions Often Used for Both AML and Sanctions
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ Stratify and segment data
§ Customer records and financial transactions
§ Based on your business’s profile and risk appetite.
13
Risk Based Prioritization
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ Assess data using robust sampling
§ Gauge quality of watch-list sources
§ Remediate where feasible and, in any event, record findings that remediation is planned, whether now or later
§ Track data related issues and items
14
Data Profiling / Preparation
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ For sanctions screening, OFAC, UK-HMT, EU, and UN lists provide fairly universal coverage.
§ Consolidate results into a single review item.
§ Matched name appears alongside lists it is found on.
§ For client screening, other lists can be included such as PEPs and special interest persons, internal watch lists and white lists.
§ Configurability to determine which lists a transaction or event needs to screen against based on source and other descriptors.
15
Watch-List Diversity, Quality and Completeness
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ Most major sanctions lists are scripted in Roman characters.
§ Data to be screened against them may be in non-Roman alphabets such as Cyrillic.
§ Screening solution ought to handle multi-language, cultural diversity, phonetics requirements, as required.
16
Language Handling
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ Data to be screened may be misspelled, incomplete, or contain variations.
§ Fuzzy matching capability is essential for screening system to catch mistakes or deliberate inaccuracies.
§ For instance, Escobar should match against Esdobar or Ecsobar with the system flagging accuracy level to alert those reviewing matches.
17
Fuzzy Logic
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ Transactional Screening: • Real-time Payment Screening: The screening or filtering of relevant payments
instructions prior to their execution in order to prevent making funds available in breach of sanctions, embargoes or other measures*.
• Financial transactions such as wire transfers, trade finance and securities is necessary.
§ Client Screening: • Client Screening: The screening of client names and associated details against lists
provided by relevant competent authorities both at initial on-boarding and at other points during the client relationship*.
• When establishing new relationships with individuals and entities and on an ongoing basis since a party may not be on a sanctions list when relationship was formed but may appear later.
18
Systematic and Recurring Screening
*the Wolfsberg group
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
19
POINTS FOR DISCUSSION
01
02
03
04
05
06
OVERVIEW OF SANCTIONS AND KEY REGULATORY REQUIREMENTS
OVERVIEW OF SCREENING
KEY ELEMENTS OF A SANCTIONS SCREENING SOLUTION
TOP 5 CHALLENGES
RE-CAP AND CONCLUSIONS
OPEN DISCUSSION
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ What is detection
§ Fuzzy logic, what it is and what it’s not
§ Fine tuning to improve precision and enable optimal risk-based allocation of resources
20
Detection
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ Aggregation of lists with common entries
§ Replication and reconciliation
§ Search Rules
§ Record keeping
21
List Management
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ Logic that is consistent with the institution’s risk profile, its risk appetite and the nature and volume of transactions
§ Periodic assessment of the results
22
Periodic Assessment of Detection Capabilities
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
Creation of conditional rules – Sectoral Sanctions
Ability to deal with multiple languages (depending on the institution’s geographic footprint)
Creation of metrics / key indicator report
Connectivity to different case managements and other sanctions risk management systems.
23
Other System Functionalities
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
24
POINTS FOR DISCUSSION
01
02
03
04
05
06
OVERVIEW OF SANCTIONS AND KEY REGULATORY REQUIREMENTS
OVERVIEW OF SCREENING
KEY ELEMENTS OF A SANCTIONS SCREENING SOLUTION
TOP 5 CHALLENGES
RE-CAP AND CONCLUSIONS
OPEN DISCUSSION
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
1. Data Quality and Privacy (Input text, Lists, Matches, jurisdictional restrictions and approvals)
2. Operational Readiness
3. List Management and Maintenance
4. Change Management • Upstream systems with downstream effect; • Other Changes with unintended consequences;• Poor UAT
5. Early Warning of … system inadequacies, changing sanctions landscape, backlogs …
25
Top 5 Challenges
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
26
POINTS FOR DISCUSSION
01
02
03
04
05
06
OVERVIEW OF SANCTIONS AND KEY REGULATORY REQUIREMENTS
OVERVIEW OF SCREENING
KEY ELEMENTS OF A SANCTIONS SCREENING SOLUTION
TOP 5 CHALLENGES
RE-CAP AND CONCLUSIONS
OPEN DISCUSSION
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ Document data flows and pre-processing that may occur in upstream systems to avoid unintended massaging of data resulting in potential processing of a sanctioned individual or entity
§ An effective client screening system must be able to connect to multiple sources and automatically integrate different types of data from different systems.
27
Multisource Data Integration
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ The system should allow for easy creation of multiple workflows and sets of match rules to accommodate a range of risk profiles.
§ Past decisions need to be leveraged by the system based on business created rules.
28
Customized Workflows and Match Rules
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ Practically all effective screening systems produce a high volume of false positives
§ Combination of capabilities in both screening and case management systems to reduce “noise” is desirable
§ Results to “self-learn” and highlight alerts previously reviewed and closed out as false, provided the parties screened are the same as before, both on the list and the input.
29
Noise Reduction
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ Comprehensive audit trails, automated escalations, and extensive reporting tools with a built-in case management system.
§ Generally, business defined prioritization capability ought to be configurable by power users.
30
Enhanced Due Diligence
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ System needs to process data volumes from very small to hundreds of millions of records with the same performance and accuracy.
§ It should be scalable that the business may grow the infrastructure as volumes increase; ideally, from desktop to data center.
31
Modular and Scalable Architecture
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
§ Non-compliance is not an option. State agencies are helping drive OFAC compliance (e.g., NYDFS).
§ Client and transactional screening are critical enablers to the success of an institution’s sanctions programs.
§ Integrity of data to be screened and of watch-lists is critical.
§ Right-sized processes and systems are essential to balance effectiveness and risk based resource allocation. Meaningful metrics that drive process refinements are also key.
§ Change management controls of the ecosystem must be robust.
§ Independent validation of end-to-end screening capabilities is a must for self-assurance and is also looked upon favorably by regulatory agencies.
32
Conclusions
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
33
POINTS FOR DISCUSSION
01
02
03
04
05
06
OVERVIEW OF SANCTIONS AND KEY REGULATORY REQUIREMENTS
OVERVIEW OF SCREENING
KEY ELEMENTS OF A SANCTIONS SCREENING SOLUTION
TOP 5 CHALLENGES
RE-CAP AND CONCLUSIONS
OPEN DISCUSSION / Q & A
Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC
34
UK fines Merrill Lynch £
13 million for
35 million compliance l
apses
Barclays fined $108 million for
kowtowing to rich PEPs
BNP admits guilt, fined $8.9 billionfor U.S. sanctions violations
OFAC fines Cal
ifornia telecoms
firm
for Sudan, Iran t
rade
“Our life is frittered away by detail. Simplify,
simplify.”
― Henry David Thoreau