Since the fourth EU Money Laundering Directive, Know Your Customer (KYC) has been required by regulators as an integral part of bank’s AML processes.
Since then, financial institutions have established technical systems and staffed large anti-financial crime departments with great effort to classify their clients and create risk profiles. Thereby, KYC is a central element in the customer onboarding process and the risk-based transaction monitoring.
But how effective is KYC really for efficient transaction monitoring? Although banks know their customers better than ever before, do they also know the customer’s transactions? Of course, KYC helps with the risk-based fulfillment of due diligence and allows a closer look at more critical customers and their payments. But trusting KYC solely is definitely not enough.
As the name implies, the essential input data for transaction monitoring are transactions used to monitor clients’ behavior in relation to money laundering, fraud and other financial crime. While the quality of customer data has improved over the years, the transaction data is often inadequate and not standardized. Although the structure and format of transaction data is improving (e.g., SWIFT MX, ISO 20022), the content is often poorly suited to fully understand what the transaction is about. The ‘real’ purpose and origin of payments is often difficult to identify, and transaction alerts are often false positive.
The aim of KYT (Know Your Transactions) is to identify potentially risky transactions and their underlying unusual behavior for detecting money laundering, fraud or corruption. An automated concentration of transactions with accurate and relevant information directly from the original data sources would be necessary to achieve that. Examples of such data are contracts, customs documents or invoices for purchases. Additionally, IP addresses for online banking or the use of Geo Data could provide information about the origin of the payment. However, such data is very limited for bank transactions. Even if availability would be ensured, integration into transaction monitoring would be very difficult for reasons of data protection and technical obstacles.
How can KYT be implemented effectively under these conditions?
It is promising to have a look at the transaction’s participants. For one thing, it is about identifying who the sender and the receiver of a payment is, but also which banks are involved; especially with payments of foreign or correspondent banks. Even if the regulator does not require non-customer transaction monitoring, it is worth taking a closer look here. What information is available about the participants of a payment? Can information be obtained from the media or internet? Do entries exist for the parties on relevant lists? Especially, regarding non-customers, correspondent banks, NGOs, etc.
Efficient and high-performance AML systems identify such information through the use of AI and similarity search. That way, transaction data can be automatically collected, and transaction monitoring can be improved. Examples include the identification of businesses, companies and NGOs in combination with keywords from the areas of donations, repayments or cancellations. Another example is the screening of names and addresses against known address lists of mailbox companies. In addition to reducing false positives, compliance employees receive more detailed information to assess whether there is a suspicious payment. Another challenge in monitoring transactions is the identification of all payment’s participants. Non-Customers of banks do not have a unique identifier, if applicable an identification by account number or IBAN. Additionally, SWIFT FIN provides various options for the definition of names, addresses and bank details via the letter option. This often results in transactions to the same beneficiary are not being recognized as such due to different spellings. Only by consolidating name and address data with a unique identification, sales can be reliably clustered and distinct cash flows recognized. This requires an upstream process in transaction monitoring, which automatically identifies identical participants with intelligent algorithms and fuzzy logic and forwards them to the monitoring system with its unique identification. With such a system in place, the quality of alarms improves significantly and banks get to know their transactions much better.
Photo by Artem Beliaikin on Unsplash