Regulators appear to have increasingly high expectations for banks regarding their Know Your Customer (KYC) and anti-money laundering (AML) policies and tools. And financial institutions are struggling to keep up with the pressure of those raised expectations, according to industry executives that participated in a panel on compliance yesterday at the SWIFT Business Forum.
“For securities regulators, everything right now is leading back to AML. They always ask, ‘Why didn’t your AML monitoring catch this?’” Bill Fox, global financial crimes compliance senior executive and managing director for Bank of America Merrill Lynch, told the audience.
Regulators are expecting AML and KYC screening to help financial institutions identify a range of financial crime activities, said Richard Small, the SVP of enterprise anti-money laundering, anti-corruption and international regulatory compliance for American Express. “To the regulators, it’s about the AML controls. They’re not alleging money laundering, they’re identifying the faults with the controls in place,” he explained.
[For More from the SWIFT Business Forum This Week: Major Banks Sign Up for SWIFT’s KYC Registry]
This regulatory focus forces banks to perfect those controls at a high cost, or face stiff penalties like the $2 billion in fines that J.P. Morgan Chase was leveled with earlier this year for failure to file suspicious activity reports. Many banks have invested in AML monitoring solutions to meet compliance standards, but monitoring solutions alone will not meet regulators’ expectations. The industry will have to take the extra step to learn how to collaborate on KYC and AML to help deal with the growing cost of compliance and demands from regulators, Bank of America’s Bill Fox said.
“If any financial crimes compliance people out there have just plugged in a monitoring system and think that they’re done -- you’re going to be flooded with alerts without any context,” he warned.
Bank of America has taken a unique approach to AML that goes beyond their monitoring systems, and has seen impressive results in terms of efficiency, Fox related. Rather than hiring large numbers of staff to sift through alerts from their monitoring systems, the bank created an in-house system that compiles information from different sources such as its monitoring reports, news reports, alerts issued by regulators, and then turns that feedback into “events,” Fox said. Those events are then rated for risk, and if an event has a high enough rating then it is reviewed by a staff member.
That infrastructure has enabled the bank to achieve a 70% conversion rate in terms of how many alerts that it receives require an action for compliance, Fox reported.
That conversion ratio is far ahead of where many players in the industry are, Richard Small of American Express noted. Most banks have rates that are more like 5-7%.
Even though Bank of America has seen great results from its controls and protocols, the cost of compliance is growing to a point that is not sustainable for many banks, Bill Fox suggested. “The way that the regulators are setting standards now… I wonder if they are commercially viable,” he said.
Controls have to be so tight now that it is damaging the correspondent banking system in that legitimate transactions are now being rejected because they are too difficult or expensive to verify, Fox shared.
“AML monitoring should be a net -- not a wall -- and the net should be tighter in certain places with higher risk… the thing now is that every single thing matters, and no one can afford to have a problem in this space. So firms are drawing the net tighter and tighter, and it’s becoming a wall,” Fox observed.
The high cost and stringent demands of regulatory compliance is also raising the cost of deploying new products, making it hard for banks to do their day-to-day business, Richard Small said. “Every time we’re trying to introduce a new product, and we have conversations about the necessary controls before launch, I get questions around the cost of controls… and the cost of a new product launch now is big,” he related.
Both Fox and Small agreed that the best way to meet regulatory requirements while setting high standards for AML and KYC is for the industry to collaborate more. “We should take charge as an industry of what we can take charge of,” Fox stated. “If we can get together and set high standards that are commercially viable… that is a much better place for us to be in.”
Currently there is no set standard for gathering the information necessary for KYC and AML compliance, with different institutions taking different approaches, Richard Small said. “I think if SWIFT can help set a standard on KYC maybe we can get to a standard that regulators are comfortable with,” he added.
[To learn more about how financial firms are preparing for and responding to security incidents, attend the Acknowledge the Inevitable: How to Prepare For, Respond to, and Recover from a Security Incident session at Interop 2014 in Las Vegas, March 31-April 4.
You can also REGISTER FOR INTEROP HERE.]
Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio