News & Commentary

10:36 AM
Reetu Khosla, Pegasystems
Reetu Khosla, Pegasystems

Anti-Money Laundering: A Multi-Billion Dollar Problem

It’s time for banks to get more serious about AML efforts.

The high cost of compliance and enforcement of anti-money laundering violations has led large global financial institutions to re-evaluate both their processes and systems. It has grown into a complex and widespread problem that has cost banks billions in regulatory fines. Anti-Money Laundering (AML) — now covering everything from securities fraud to suspicious money movement — affects practically all global financial services organizations in one way or another, and this is a trend that will likely continue. Already, several FIs have been hit with hefty fines or have had to earmark funds to cover potential settlements.

Offshore tax havens, Ponzi schemes, sanctions violations and collusion have proven to be worthy adversaries of enforcement efforts. While there are several reasons why this has come to fruition, a significant reason why it’s blossomed is its complexity. Giving employees information to identify potential links between seemingly unrelated events is difficult, especially if you have to do it across literally hundreds of transactions. The problem is exacerbated when those transactions take place in different countries and involve many different people, accounts and events.

Historically, banks and other providers of financial products and services have taken the approach of doing ‘just enough’ to meet regulatory demands and ‘just in time’ to avoid penalties for non-compliance. They know that many of their Know Your Customer (KYC) processes and rules need to be updated. Many FIs have loose internal controls around KYC or processes that can be bypassed, or they are isolated to the back-office and have an impact on time to on-boarding. But there are dueling priorities, including regulatory obligations and time to revenue. AML compliance brings a huge financial burden on the financial institution as it’s a cost center and the risk is very high for non-compliance. However, taking a manual, decentralized approach to compliance is no longer sustainable, especially considering the sheer magnitude of new regulatory demands. Financial institutions need to identify global practices that also allow for a risk-based approach which take into account variations in risks by customer, product and country specific requirements. Many financial institutions are taking a closer look at how to manage complex global KYC processes to not only ensure compliance in multiple lines of business, geographies and products, but also to minimize the impact on the customer experience and time to on-board them.

While there is no silver bullet to managing all risk within any organization, there are proven technology platforms that can provide benefits well beyond compliance. The most effective ones allow for specialization by country, product and risk specific requirements without replacing existing back-end systems. Advanced, agile technologies can provide an over-arching platform that integrates tightly with existing applications, maximizing previous technology investments. For instance, rules-driven KYC technology cannot only ensure compliance to complex global, regional and product specific regulatory requirements, but it can be leveraged for faster on-boarding, obtaining a 360-degree customer view and ultimately faster time to revenue. Large-scale global financial services firms have complex compliance needs, and in order to meet these challenges head-on, they must embrace advanced technology which features dynamic case management combined with rules. The technology must be agile enough to change as rules and risks change, including acquisitions, new product offerings and new geographies.

Taking this transformative approach enables compliance efforts to become more efficient, and just as importantly, tailored to specific geographic and business needs. For example, a global financial services institution might have to comply with a different set of laws in Europe than in Asia Pacific and the U.S. Agile, rules-driven technology provides a platform to look at risk holistically and meet multiple regulatory requirements on one platform. For instance, many global institutions are utilizing rules-driven KYC technology to not only meet AML-specific KYC requirements, but also KYC-specific suitability requirements such as MiFID in Europe and FINRA rules in the U.S. In either geography, the technology should be agile enough to meet new regulatory demands such new Foreign Account Tax Compliance Act (FATCA) requirements on the same platform through simply extending to new requirements. Unified KYC technology can not only ensure compliance; it also ensures the same customer has consistent due diligence, risk rating and disposition while significantly improving the customer experience and time to revenue.

Complex global financial institutions now realize implementing unified, agile technology is the only sound approach to meet ever-increasing regulatory demands, while maintaining costs and reducing customer impact. We will undoubtedly see more and more institutions follow this methodology as they look to hurdle these compliance challenges.

Reetu Khosla is the Director of Risk, Fraud and Compliance Solutions, at Pegasystems

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.