The reality of regulatory enforcement hit banks hard in 2012. In the space of six months alone, U.S. authorities announced money-laundering fines against Standard Chartered ($330 million), ING Bank ($619 million) and HSBC ($1.92 billion). Violations ranged from failing to maintain controls to prevent laundering of drug money flowing out of Mexico to moving money on behalf of customers in Iran, Libya, Sudan, Burma and Cuba.
That Anti-Money Laundering (AML) crackdown is just one compliance worry among many. From AML and Know Your Customer (KYC) requirements to the Dodd-Frank Act, SOX, Basel III and beyond, the need to satisfy regulatory mandates looms large on the list of risk management imperatives. Much of the groundwork must be laid in the front office, whether preparing to comply with Dodd-Frank’s new investment rules or raising money to meet Basel III’s tough new capital adequacy requirements.
But the back office can play a critical role by demonstrating compliance intent, fulfilling transparency obligations, and even proactively preventing regulatory violations. With the right business integration technology, every data exchange can be centrally documented for easy track and trace, suspicious data movement can be detected by applying pre-defined business rules, and irregular transactions can be automatically flagged and sent to designated personnel for evaluation before they are executed. These are powerful watchdog services that can reduce compliance risk while also promoting smooth relationships with regulators.
The stumbling block for most financial institutions is a fragmented data transmission and management infrastructure created over time through evolving protocols, mergers and acquisitions, and the need to use multiple systems because of the scalability limitations of older business integration technology. The resulting patchwork of legacy systems lacks capabilities such as centralized transaction visibility and business activity monitoring that are essential to provide the reporting and real-time problem identification needed to bolster compliance efforts.
Today, however, it is possible to merge these disparate systems into a unified platform that integrates data transmission, transformation, workflow, business process orchestration, and other functions related to managing and governing a bank’s data traffic. This lowers costs by eliminating expensive tool duplication, custom script maintenance, interoperability problems, lengthy customer onboarding processes, and difficulty in meeting Service Level Agreements (SLAs). It also strengthens compliance controls in three ways.
1. Centralized Audit Trail
Having all data transfer and integration broker functions flow through a single platform eliminates the information silos and data duplication created by having multiple business integration systems operating in different lines of business and geographies. Linking the two functions also enables intelligent application of the file contents, including key information such as customer identity and transaction type required to follow the money trail.
With this connectivity and information insight, all data and file exchange processes can be consolidated in a central repository that archives and correlates all data movement. Internal and external auditors can reconstruct the entire lifecycle of any transaction. They can also easily generate audit reports or conduct forensic analysis in the event of a data breach or regulatory investigation without attempting to compile data from multiple systems.
This is the kind of visibility that was missing from Over-The-Counter (OTC) swaps before the financial crisis of 2007, exacerbating the subprime mortgage crisis and prompting the Dodd-Frank transparency requirement specifically related to derivatives. It is also the kind of documentation that is likely to help the industry comply with SEC Rule 613 requiring a consolidated audit trail to monitor and analyze trading activity.
2. Business Process Orchestration
Business process management is commonly used in bank technology to automate basic functions like moving files and authenticating users, but it can also be employed as a protective measure against compliance breaches. Business rules and workflows can be established to spot unusual data movement indicating the possible presence of illegal transactions, the exchange of sensitive data with the wrong parties, or other activities that might lead to regulatory trouble.
To address anti-money laundering mandates, for example, a U.S. bank can create rules instructing that all money transfers larger than $10,000 that are being delivered to so-called hostile countries be routed to the bank’s AML service for checking against OFAC and other blacklists. The workflow can then direct transactions that pass the AML checks to be returned to the queue for processing, and those that fail the checks to be forwarded to the bank’s compliance department for review.
The benefit of performing these functions on a unified data transmission and management platform with a built-in process orchestration engine is threefold. First, it avoids the expense and overhead of installing and maintaining duplicate AML software on different systems used by different lines of business and geographies. Second, because of the centralized audit trail just discussed, it dramatically reduces the effort required to generate reports such as lists of all transactions that passed or failed the AML checks. Third, the tight integration of all components eliminates third-party interoperability issues that can hamper accurate identification of potential compliance infractions.
3. Integrated Governance
Automatically alerting compliance departments to pending transactions that violate pre-defined rules – as described in the AML scenario above – is another valuable tool in the effort to adhere to regulatory rules. Being able to seamlessly bring compliance personnel into the workflow to approve or reject questionable transactions extends the bank’s defenses against regulatory sanctions. It also further demonstrates a commitment to staying on the right side of the law.
A unified data transmission and management platform again facilitates the process. Through the mix of centralized real-time visibility into all data movement, automated business activity monitoring, built-in workflow, and the ability to identify and correlate suspect customers / destinations and transaction types across lines of business and geographies, the right technology can not only spot suspicious patterns but also sound the alarm before the regulatory damage is done.
In sum, the technology platform that owns and governs all data traffic for the bank can be a cornerstone of the compliance effort. From archiving all transactions, to enforcing regulatory-related business rules, to alerting in-house compliance specialists to potentially non-conforming activities, financial institutions can use their core data transmission software to protect themselves against regulatory penalties, reputation damage and even legal action.
With regulatory reform continuing to dominate the headlines – most recently, as of this writing, with the Brown-Vitter bill’s proposed 15% capital reserve for the country’s largest banks – it’s one risk management instrument that no bank should ignore.
Derek Schwartz is Senior Vice President, Financial Services, at business integration technology provider Seeburger