No news isn’t always good news

Operating within the intricate web of EU regulations, Allianz Benelux must conform to strict rules when selling life policies to individuals, group insurance policies to companies, and granting mortgage loans. These include complying with the European anti-money laundering directives (AMLDs), which require insurance companies to report any suspicious activity related to money laundering or terrorist financing to the relevant authorities.

Effective adverse media screening is crucial in upholding these obligations. Before meeting with ComplyAdvantage, Allianz Benelux could only conduct minimal, manual media investigations. This made adverse media screening slow, potentially leaving the company vulnerable if a threat wasn’t detected quickly.

The company needed a robust solution that would enable it to quickly scour global media sources for adverse reports and designations involving clients or partners. Its objectives were to: 

• Fulfill enhanced due diligence (EDD) obligations.
• Proactively address compliance lapses.
• Minimize the impact and delay of its underwriting and management process.
• Pre-empt reputational damage that could impact client relationships and its brand.

After conducting a comprehensive process to find the right partner, Allianz Benelux met with ComplyAdvantage’s representatives in 2022. When Allianz Benelux tested ComplyAdvantage’s solution against its current approach, the team was impressed with the results.

We were looking for an efficient tool to perform adverse media checks. It had to be easy to use, with efficient support, and the price was also important.

Yves Declercq – AMLCO Compliance Officer, Allianz Benelux

Easier adverse media screening at Allianz Benelux’s fingertips

By implementing ComplyAdvantage’s natural language processing-powered adverse media screening solution, Allianz Benelux now benefits from an adverse media tool with instant, relevant alerts. The solution also provides the company with an accurate AML/CFT-focused taxonomy aligned to its regulatory requirements and structured profiles, including year of birth, known organizations, and other essential information. This has enabled Allianz Benelux to modernize its processes and optimize its workflows to improve efficiency and free up its compliance team’s time.

Clear, actionable insights on clients and partners, such as sanctions lists and regulatory non-compliance mentions, have streamlined file handler workflows, allowing more time for client onboarding and other essential tasks.

Once the contract with ComplyAdvantage was signed, it was only a matter of days before all users could use the tool. We found it to be easy, flexible, and fast.

Yves Declercq – AMLCO Compliance Officer, Allianz Benelux

Allianz Benelux and ComplyAdvantage: Partnership highlights

Fortifying Allianz Benelux and its customers for the future

Since successfully integrating the adverse media solution, Allianz Benelux’s customer success manager has arranged regular meetings to ensure the solution operates smoothly. They are also working on keeping the firm’s KYC procedures up-to-date as its needs evolve. 

ComplyAdvantage’s adaptability and prompt responsiveness have empowered Allianz Benelux analysts to quickly learn how to use the solution, enabling the company to maintain effective adverse media screening despite inevitable staffing changes.

All technical issues are solved in hours, not days. We have never seen such fast and professional support for an IT tool. In-house, we consider the support we receive from ComplyAdvantage to be the best we have ever received.

Yves Declercq – AMLCO Compliance Officer, Allianz Benelux

In a world where criminals are becoming increasingly sophisticated, the partnership will continue to grow, fortifying Allianz Benelux and its customer base with AI-supported solutions.

If you’re looking for an adverse media solution, it would be a mistake not to explore ComplyAdvantage’s proposed solution.

Yves Declercq – AMLCO Compliance Officer, Allianz Benelux

The post Allianz Benelux improves adverse media screening efficiency with AI  appeared first on ComplyAdvantage.

In our Insurtech Financial Crime Guide, these challenges are discussed to help compliance managers address their compliance obligations whilst maintaining growth. This article outlines four common principles that can help insurtechs approach the growth vs compliance challenge effectively.

1. Maintain a proactive understanding of regional and national regulations 

The regulatory environment for insurance can vary significantly across jurisdictions, making it challenging for insurtech companies to stay informed about changes in laws and compliance standards. While keeping abreast of regional legislation is essential, the savviest of firms will be proactive and aim to keep up with national and global regulations to help spot trends that may impact them down the road. Key legislation pertaining to insurance includes:

• United States: The Bank Secrecy Act (BSA) requires insurance companies with a nexus to the US to implement anti-money laundering and combating the financing of terrorism (AML/CFT) compliance programs.
• European Union: The insurance industry is regulated at a national level, but the EU’s anti-money laundering directives (AMLDs) aim to establish a consistent regulatory environment. 
• United Kingdom: In the UK, only life and investment providers are subject to AML/CFT regulations, but all insurers must follow the Senior Management Arrangements, Systems, and Controls (SYSC) framework, the Proceeds of Crime Act (POCA) 2002, and the Sanctions and Money Laundering Act (SAMLA) 2018. 
• Singapore: In Singapore, insurance providers, insurance intermediaries, and related institutions are regulated under the Insurance Act of 1966.
• Australia: The insurance industry in Australia is regulated by two main laws: the Insurance Act 1973, and the Insurance Contracts Act 1984. Insurance intermediaries, including agents and brokers, are regulated under Chapter 7 of the Corporations Act 2001.

A deep understanding of regulations enables insurtechs to identify and mitigate compliance-related risks early on. By adapting to these changes, firms can adjust their operations swiftly to comply with the new requirements. This adaptability is essential for maintaining a seamless business process and avoiding potential disruptions that may arise from non-compliance. 

2. Implement scalable risk management systems

By anticipating regulatory challenges, insurtechs can then implement risk management strategies that address potential pitfalls before they inhibit business growth. This proactive risk mitigation not only safeguards the firm’s reputation but also enhances investor and customer confidence – crucial elements for sustainable scaling. 

But what should these risk management strategies look like?

In recent years, technology, specifically regtech, has played an increasing role in compliance and risk management. These systems are designed to adapt to evolving regulatory landscapes while accommodating increasing data volumes. They often employ machine learning (ML) algorithms to analyze vast datasets, identify patterns, and prioritize potential risks. Through real-time monitoring and predictive analytics, regtech risk management systems can enhance compliance and minimize vulnerabilities, providing a robust and scalable solution for insurtechs. Automation is also a key feature of scalable regtech, as it not only enhances the speed and accuracy of regulatory requirements – like customer risk assessments – but also allows firms to allocate resources more effectively.

When implementing such systems, the Financial Action Task Force (FATF) encourages taking a risk-based approach, where standards are applied sensitively according to the customer, geographic, and product/service/channel risks. This approach allows insurtechs to calibrate their risk management tools based on the nature of their business.

3. Actively seek opportunities to collaborate with regulatory bodies

When working on aligning business strategies with regulatory expectations, insurtechs may also consider collaborating with regulatory bodies through strategic initiatives. Such collaboration could take multiple forms, including:

• Participating in industry forums to create a platform for networking. 
• Communicating regularly with regulatory authorities to advise on sector updates and trends.
• Joining advisory panels, pilot programs, or research initiatives to contribute first-hand knowledge from working in the industry.
• Participating in regulatory sandboxes to test innovations under regulatory supervision. 

By actively participating in this collaborative process, insurtechs can gain a deeper understanding of regulators’ priorities, positioning them as responsible and compliant entities – which can be advantageous when seeking approvals, licenses, or partnerships that may be necessary for future growth.  

4. Partner with an agile vendor that can meet changing requirements

Effective collaboration, however, goes beyond joining regulator sandboxes and information-sharing initiatives. Insurtechs that want to grow while staying compliant should focus on partnering with vendors that can adapt quickly to changing regulations. These agile vendors can help firms remain responsive in the face of evolving regulatory requirements.

Picking a vendor familiar with the ins and outs of the insurtech industry is equally important. Industry knowledge is crucial when it comes to tailoring solutions to address compliance challenges specific to insurance operations. It ensures that compliance efforts are not just effective but also attuned to the distinct demands of the insurance sector.

Additionally, opting for a vendor with pre-built rules for transaction monitoring and fraud detection can simplify implementation. These pre-configured rules, shaped by industry insights, make transaction monitoring more efficient and fortify fraud detection processes. This collaborative approach enables insurtechs to roll out comprehensive compliance solutions swiftly, allowing them to focus on core business goals and supporting sustainable scalability.

The post Growth vs compliance: A false choice? appeared first on ComplyAdvantage.

In chapter four of our Insurtech Financial Crime Guide, firms can score their programs against our fincrime checklist. Based on the list, this article explores five best practices that insurtechs can use to manage financial crime risks and regulatory compliance effectively.

1. Adopt a truly risk-based approach

A risk-based approach is foundational to financial crime risk management for insurtech companies. Instead of relying on a generic regulations checklist, insurtechs should embrace a more holistic strategy that assesses the specific risks they face and tailors their controls accordingly.

To embark on a risk-based approach, insurtechs should undertake an annual enterprise-wide risk assessment (EWRA). This comprehensive evaluation should encompass:

• Inherent financial crime risks: Identify the inherent risks associated with the insurtech’s operations, considering factors such as the types of insurance products offered, customer demographics, and distribution channels.
• Control effectiveness: Assess the effectiveness of existing controls in mitigating financial crime risks. Evaluate how well current practices align with the identified risks.
• Residual risks: Calculate the residual risks that remain after applying current controls. This step is crucial in determining where additional measures are necessary.
  

By conducting an EWRA, insurtechs can gain a deep understanding of their specific risk profile and make informed decisions about risk management strategies.

Building on insights from the EWRA, insurtechs can develop a framework for managing financial crime risks. This framework should include calibrated policies, procedures, and controls tailored to the actual levels of risk. A practical example of this approach can be found in the Wolfsberg Group’s Guidance on a Risk Based Approach for Managing Money Laundering Risks. This framework has been successfully applied across multiple sectors and can serve as a reference for insurtechs looking to fine-tune their risk management strategies.

2. Conduct a gap analysis to identify vulnerabilities

Comprehensive anti-financial crime programs encompass a wide range of activities, including the appointment of senior compliance officers, the establishment of governance structures, and the formulation of policies and procedures. While these elements are critical, other core activity areas that insurtechs must address to meet their obligations and identify risks effectively include:

• Identity verification (IDV): Insurtechs must collect, verify, and securely store sensitive personal data that confirms the client’s identity. Robust IDV processes are essential to prevent identity theft and fraud.
• Customer due diligence/know your customer (CDD/KYC): This involves collecting, assessing, and securely storing documentation and data on the client’s financial circumstances. It creates a baseline understanding of how clients will likely use insurance products.
• Customer screening: To identify potential risks, insurtechs should conduct a thorough screening of client names against sanctions lists, politically exposed person (PEP) data, and adverse media sources.
• Fraud detection: Detecting and preventing fraud during applications, claims processing, or policy changes is a critical ongoing activity. It includes verifying the identity of the claimant or beneficiary and assessing the validity of the claim.
• Transaction monitoring: Regularly reviewing client transactions, such as premium payments and claims histories, can help identify unusual or suspicious behavior.
• Ongoing screening: Monitoring existing client names for updates to relevant sanctions lists, PEP status, and adverse media is necessary to stay informed about evolving risks.

While the Financial Action Task Force (FATF) and national regulators do not prescribe specific processes for these activities, they encourage firms to develop responses tailored to their business and risk profile. In practice, insurtechs must decide how much they should automate and digitize traditionally paper-based and face-to-face activities. Given the scale and growth of the insurance market, rising customer expectations, and the need to control costs, technology is often seen as the solution. However, challenges exist in adopting regulatory technology (regtech) solutions, particularly for digitally native firms like insurtechs.

3. Confront implementation challenges

Insurtechs need to be confident that the AML and anti-fraud measures they implement will mitigate risks to a level that will prevent criminals from taking advantage of them and their customers and satisfy the exacting demands of regulators. When it comes to implementing these measures, several common challenges require attention: 

• Remote access: Insurtech operations are often conducted online, and employees may never have direct contact with clients. This presents the risk of impersonation or using fake documentation to support fraudulent claims.
• Incomplete risk data: Many firms rely heavily on vendors for risk information. While reputable vendors provide valuable data, some may exaggerate the scope and scale of their information, leaving clients with significant risk coverage gaps during onboarding and ongoing monitoring.
• Time gaps: The dynamic nature of sanctions lists, with rapid changes, can pose challenges for insurtechs. Many vendors offer updates every six to 12 hours, but some firms only run batch checks once a day or overnight. This time lag can result in payments that should be blocked passing through due to delays in updating.
• False positives: Many automated platforms for fraud, money laundering, and sanctions detection rely on hard-coded, rules-based triggers and basic name-matching techniques. However, criminal behaviors are sophisticated and agile. Rules-based systems often generate many false positives, making the processes resource-intensive and inefficient.
• Lack of flexibility and integration: Legacy platforms may function as standalone offerings, struggling to interact with other systems within a firm’s technology suite. Siloed financial crime platforms and processes have, in the past, led to the oversight of real risks.
  

Insurtechs must address these challenges to ensure that the measures they implement effectively mitigate risks and satisfy regulatory demands. This requires a thoughtful and dynamic approach to risk management.

4. Explore advanced solutions offered by RegTech providers

To overcome these challenges and optimize financial crime risk management, insurtechs must explore innovative solutions and leverage the capabilities offered by RegTech providers. But not all vendors are created equal. Capabilities to assess vendors for include:

• Cloud computing for real-time risk data and screening: Distributed cloud computing allows the secure storage of extensive risk data, eliminating physical storage limitations. Additionally, it enables real-time data updates in all locations simultaneously, ensuring that screening lists are always up-to-date.
• Machine learning (ML) for pattern recognition: ML algorithms are increasingly effective in identifying discrepancies in client documentation during onboarding. They can also detect subtle changes in client behavior, making it easier to spot potential fraud and other financial crimes. ML can significantly reduce false positives, lowering the costs associated with unnecessary alerts and unjustified payouts. Furthermore, ML can be employed for fuzzy matching of equivalent names in screening and to assess the likelihood of a match. These tools can identify duplicate records, resolve gaps, match names in multiple languages and scripts, and allow characters to be inserted, omitted, or replaced.
• APIs for flexibility and integration: Platforms that incorporate application programming interfaces (APIs) are well-suited for enabling flexible and integrated systems. APIs facilitate the pooling of risk data from multiple sources and allow different platforms to communicate important information promptly. This prevents missed opportunities that could lead to financial crime risks falling through the gaps.
  

Insurtechs should carefully evaluate these solutions and ensure that they align with their specific needs. It is crucial to select regtech vendors capable of delivering the most effective and appropriate technology for each particular task. By leveraging these innovative solutions, insurtechs can significantly enhance their financial crime risk management processes.

5. Play to the inherent strengths of insurtech business models

While it’s easy for insurtechs to focus on the risks their innovative business models pose, it’s important not to overlook some of the advantages too. For financial crime risk management, these include:

• Cultural familiarity with technology: Insurtech companies are inherently tech-savvy and have a cultural appreciation for the value of technology. This cultural alignment allows for smoother integration of technology solutions into their operations.
• Richer and cleaner data sets: Insurtechs often benefit from more extensive and cleaner data sets compared to legacy insurance companies. This enhanced data quality can improve the accuracy and effectiveness of financial crime risk management systems.
• Agile technology: Insurtechs are typically more agile in their technology adoption and implementation. They can readily pivot to implement advanced regtech solutions, responding swiftly to emerging risks and compliance requirements.

Incorporating these advantages into their approach to financial crime risk management positions insurtechs as regtech adopters who can efficiently manage risks and meet regulatory demands. Their ability to innovate and stay at the forefront of technology adoption is a competitive advantage in the insurance industry.

By following these five best practices, insurtechs can build a strong foundation for financial crime risk management, ensuring their operations are both secure and compliant. As the insurtech industry evolves, staying committed to effective risk management is essential for building trust with customers and regulatory authorities while achieving long-term success.

The post Financial crime risk management: Best practices for insurtechs appeared first on ComplyAdvantage.

Luko is the number one neo-insurance company in France, insuring more than 40,000 homes, and the fastest growing insurtech company in Europe. The company was founded in 2016 and has raised $22.2 million in its Series A funding round. Their mission is to reinvent home insurance through social responsibility and technology.

Industry: Insurance
Product: AML Screening

The Challenge

Luko’s compliance team was having to conduct hundreds, if not thousands, of checks a day, which required a lot of manual effort and slowed onboarding time for customers. Flagging high-risk entities is mandatory according to the The French Prudential Supervisory Authority’s (ACPR) directives, so it was essential to ensure that no suspicious activity was slipping through the net.

Luko’s objectives were to meet the regulatory requirements. They also wanted to automate their systems to be able to receive real-time alerts about risk at contract submission or when a claim was filed.

Therefore, when benchmarking AML providers, one of Luko’s main selection criteria was that the tool had to be API-based to allow automation. It also had to be multi-functional and capable of incorporating various high-quality sources of data. Finally, the tool had to be able to cover Europe and North America. Luko decided to partner with ComplyAdvantage as they fit all the criteria mentioned above and were highly recommended by one of Luko’s business partners.

The Outcome

Working with ComplyAdvantage has allowed Luko to improve their knowledge of financial crime risks. Their team can now easily customize their parameters, change match statuses and escalate alerts to other team members, and the clear audit trail provided by the tool ensures compliance obligations are met.

In addition, customizable matching parameters reduced false positives and incorrect hits, allowing Luko’s team to free up time previously spent on managing false positives to deal with high-risk entities that matter to their business.

The post Luko Significantly Reduces False Positives and Incorrect Hits appeared first on ComplyAdvantage.

How does money laundering work in the insurance industry?

Money laundering in the insurance industry typically involves the exploitation of various products and mechanisms to obscure the origins of illicit funds. One common method is through the purchase of insurance policies, such as life insurance or annuities, with the use of dirty money. Criminals may overpay premiums, surrender policies prematurely, or make fictitious claims to cycle the illicit funds back as legitimate payouts. Reinsurance arrangements can also be manipulated where criminals establish offshore entities to overpay for coverage, channeling dirty money into reinsurers that eventually reach the primary insurance companies.

Examples of money laundering in insurance 

Some additional forms of money laundering in the insurance industry include:

• Premium fraud: Criminals may purchase insurance policies with illicit funds, paying the premiums with dirty money. They subsequently cancel the policies and request refunds, effectively laundering the money through the insurance company.
• Shell companies: Criminals can set up fake insurance companies or agencies to funnel illegal money through seemingly legitimate transactions. These fictitious entities generate policies and premiums to obscure the source of funds.
• Trade-based money laundering (TBML): Some insurance companies are involved in international trade insurance, which can be exploited to launder money by inflating invoices or manipulating trade documents.
• Collusion with agents and brokers: Unscrupulous insurance agents or brokers can aid money launderers by creating policies or modifying coverage to facilitate the movement of illicit funds.

AML insurance regulations

International authorities impose a range of AML regulations and standards that affect insurance companies. 

Financial Action Task Force (FATF)

The Financial Action Task Force (FATF) is an international watchdog that sets out AML/CFT guidance to be implemented within its member states. Its core guidelines are set out in its 40 Recommendations, against which it benchmarks member states in its periodic mutual evaluation reports (MERs). These MERs help galvanize individual countries’ AML/CFT regulatory efforts and ensure they are effective and adaptive to changing risks. Member states use these reports as starting points for improving their anti-financial crime oversight and resources.

The international body also provides industry-specific guidance, including for the life insurance industry. Even though the FATF is not a regulator, firms would be wise to familiarize themselves with its industry- and country-specific guidance, as this will likely inform local AML/CFT regulations and contains valuable information regarding key sectoral risks useful for firms.

For example, in October 2018, after a consultation period, the FATF released Guidance for a Risk Based Approach in the life insurance sector. The guide discusses identifying, evaluating, and responding to financial crime risks effectively – especially through ongoing customer due diligence (CDD) and regulatory reporting. It also discusses key sectoral risks and vulnerabilities firms should be familiar with.

United States regulations

Introduced in 1970, the Bank Secrecy Act (BSA) is the United States’ foundational anti-money laundering and countering the financing of terrorism (AML/CFT) regulation. The BSA imposes AML/CFT compliance obligations on financial institutions operating in the US. These include implementing a risk-based anti-money laundering program with appropriate CDD and screening measures and carrying out reporting and record-keeping when dealing with suspicious transactions and customers.

Insurance companies qualify as “financial institutions” under the BSA. In 2001, the USA PATRIOT Act required all BSA-defined financial institutions to establish an AML/CFT program. In accordance with this requirement, the Financial Crimes Enforcement Network (FinCEN) implemented a final rule in 2005 requiring qualifying insurance companies to establish BSA-compliant AML/CFT programs and file suspicious activity reports (SARs). As of April 1, 2013, all SARs must be filed through the regulator’s e-filing portal.

The final rule defines an insurance company as “any person engaged within the United States as a business in the issuing or underwriting of ‘covered products.’ ” These products include:

• Permanent, non-group life insurance.
• Non-group annuity contracts.
• Insurance products with investment features or cash value.

These products are the focus of the final rule because their investment or cash value creates a greater risk of use in money laundering or terrorist financing (ML/TF) activities.

European Union (EU) regulations

The EU insurance industry is regulated at a national level, with partial union-wide oversight from the European Insurance and Occupational Pensions Authority (EIOPA). AML/CFT is overseen by national regulators based on national legislation conforming to the EU’s standards, and AML Directives (AMLDs) apply exclusively to life and investment-related insurance. The EU is proposing reforms that don’t imply extending obligations to non-life insurance products. However, Insurance Europe is concerned about broadening coverage requirements. 

Additionally, the EU has established its autonomous sanctions regime, with extensive measures in response to the Russian invasion of Ukraine. Restrictions require European insurance firms not to provide services that facilitate designated commerce.

United Kingdom regulations

The UK insurance industry is overseen by the Prudential Regulatory Authority (PRA) and the Financial Conduct Authority (FCA). While only life and investment providers are subject to the AML/CFT regulations, all insurers must follow the Senior Management Arrangements, Systems, and Controls (SYSC) framework, the Proceeds of Crime Act (POCA) 2002, and the Sanctions and Money Laundering Act (SAMLA) 2018. The FCA advises all insurers to establish strong controls, regardless of whether they are covered by the UK Money Laundering Regulations (MLRs).

Singapore regulations

The Monetary Authority of Singapore (MAS) regulates the insurance sector and sets AML/CFT obligations. Only life insurers are subject to these requirements through Notice 314, but all insurers must assess AML/CFT risks and implement risk-appropriate measures. MAS supports innovation and encourages insurers to use regtech, machine learning, and advanced techniques for AML/CFT compliance. In a circular issued in February 2022, MAS emphasized the use of Singapore’s national digital ID systems for CDD and highlighted biometrics, liveness detection, and document authenticity checks.

Australia regulations

Insurers in Australia are regulated by the Australian Prudential Regulation Authority (APRA). Australian Securities and Investment Commission (ASIC) issues Australian Financial Services License (AFSL) to insurance intermediaries. The Australian Transactions Report and Analysis Centre (AUSTRAC) supervises AML/CFT compliance using a thematic approach, and firms providing designated services must conform to AUSTRAC’s general AML/CFT program model. Life insurers, sinking fund providers, and those offering advice on such products must comply with the AML/CFT Act. All companies must also meet sanctions regulations, including the Autonomous Sanctions Act of 2011, which includes a Magnitsky-style program aimed at human rights abuses. 

Penalties for non-compliance with AML regulations in insurance

Specific penalties and fines for non-compliance with AML regulations in the insurance sector can vary depending on the regulatory authority and the severity of the violations. Some examples include:

• United States – FinCEN:
  Civil monetary penalties for AML violations can range from thousands to millions of dollars, depending on the violation’s seriousness.
  Criminal charges can lead to fines and imprisonment for individuals involved.
• European Union – EIOPA:
  Penalties for AML non-compliance can include fines and regulatory sanctions.
  The fines may be based on a percentage of the company’s annual turnover and can be substantial.
• United Kingdom – The FCA:
  Fines imposed by the FCA can be substantial, ranging from thousands to millions of pounds.
  The FCA can also take other actions, such as imposing restrictions on an insurance company’s activities or revoking its license.
• Singapore – MAS:
  Penalties can range from thousands to millions of Singaporean dollars, depending on the nature and severity of the non-compliance.
  MAS also has the authority to issue prohibition orders, revoke licenses, and impose additional regulatory requirements on non-compliant entities.
• Australia – AUSTRAC:
  AUSTRAC can issue infringement notices and initiate legal actions against non-compliant insurance companies.
  Infringement notice penalties can range from thousands to millions of Australian dollars.

It is important to note that specific penalties can differ based on the laws and regulations of each jurisdiction and the unique circumstances of the case. In many cases, regulatory authorities have the discretion to determine the fines and penalties, considering factors such as the scale of the violations, the company’s cooperation, and its compliance history. To avoid such penalties, insurance companies must adhere to AML regulations and maintain robust compliance programs.

AML/CFT red flags in the insurance industry

Insurers should consider a range of red flags that could indicate money laundering in the insurance sector or terrorism financing activities. According to FinCEN, these include:

• Unusual payments – for example, via cash.
• A customer buys an insurance product that doesn’t align with their needs.
• The customer terminates the product at a loss to themselves or sends the refund check to someone else.
• Customers appear especially interested in terminating their product early but not in its investment performance.
• Irregularities in a customer’s identifying information at onboarding or reluctance to provide requested documentation.

It’s important to note that red flags are best considered in the context of a wider risk-scoring framework. Many red flags may have a legitimate explanation once the broader context is considered, but signs may equally be overlooked if a firm fails to holistically evaluate a customer’s risk indicators. The best approach is to develop a risk scoring system tuned to a firm’s unique risks and execute targeted due diligence on customers based on their risk tiers. Customers deemed to be at higher general ML/TF risk should undergo enhanced due diligence (EDD) when red flags are encountered. Lower-risk customers may only require standard due diligence in those instances. This helps a firm ensure the bulk of its resources target the riskiest activity.

How can insurance companies establish a robust AML/CFT program?

According to FinCEN rule 31 CFR § 1025.210, insurance companies must establish several core features as a minimum foundation for a sound and compliant AML/CFT program. These include:

• Risk-based internal controls, procedures, and policies – The firm’s AML/CFT framework must be based on the risks it has deemed its products to be associated with. It must ensure compliance with FinCEN requirements, as well as those of subchapter II in US Code Title 31, Chapter 53 (the Bank Secrecy Act.)
• A designated compliance officer – this person must take responsibility for overseeing effective AML program implementation. They should monitor the firm’s insurance brokers and agents for compliance with the program’s requirements. The compliance officer is also responsible for ensuring the AML program is kept up-to-date and that personnel are trained according to FinCEN requirements.
• Ongoing personnel training – A firm must verify all team members understand their AML/CFT responsibilities under the program. This knowledge can be derived from the firm’s in-house training or an appropriate third party. Regardless, the training must pertain to the insurance company’s covered products – this means it cannot be generic.
• Independent testing – Regular testing is required to confirm the program’s adequacy and team member compliance. The frequency and scope should be risk-based in light of the covered products’ inherent risks rather than generically determined.

If an insurance company is registered with – and therefore regulated by – the Securities and Exchange Commission (SEC), its compliance with SEC AML/CFT regulations for registered products will satisfy FinCEN’s final rule requirements.

Cutting edge AML solutions for insurance companies

AML and anti-fraud solutions are critical for insurance companies to maintain compliance and effectively manage risk. The following list outlines essential software that firms should consider including in their compliance program. It also highlights the key features and capabilities to consider when evaluating potential vendors.

• Transaction Monitoring:
  • Detection of unusual activity: Transaction monitoring software can track and analyze insurance transactions for any unusual or suspicious patterns. This helps identify potentially fraudulent or money laundering activities, such as large, unexplained premium payments or unusual claims.
  • Real-time alerts: These systems can generate real-time alerts for suspicious transactions, enabling insurance companies to take immediate action and investigate potentially risky activities.
• Payment Screening:
  • Blocking illicit payments: By screening payments against various databases, these solutions can prevent the acceptance of funds from sanctioned individuals or entities, reducing the risk of inadvertent involvement in money laundering.
  • Enhanced due diligence: Payment screening enables insurers to conduct enhanced due diligence on high-risk transactions, ensuring they are fully aware of the sources of funds.
• Fraud Detection:
  • Alert explainability: Robust fraud detection solutions not only generate alerts but also provide detailed explanations for why an alert was triggered. By providing context and transparency, alert explainability helps insurers make informed judgments about potential fraud, improving their ability to manage risk effectively and reduce false positives. 
  • Pattern recognition: Machine learning and data analytics help identify patterns of behavior that may indicate fraud, allowing insurance companies to take prompt action.
• Sanctions & Watchlist Screening:
  • Global compliance: This software helps insurance companies comply with international regulations by screening against global watchlists, reducing the risk of inadvertently doing business with prohibited parties.
  • Automated processes: These screening solutions automate the process of checking customers and transactions against watchlists, ensuring efficient and consistent compliance

Incorporating these AML and anti-fraud solutions into their operations allows insurance companies to protect their businesses from legal and reputational risks while ensuring that they operate within the bounds of regulatory compliance. These tools help identify and prevent money laundering, fraud, and exposure to sanctioned entities, ultimately safeguarding the industry’s integrity.

Learn more about AML solutions for the insurance sector.

The post AML in insurance: How to detect & combat money laundering appeared first on ComplyAdvantage.

Since 2012, the United Nations Convention against Corruption (UNCAC) Article 52 has significantly impacted FIs’ identification and management of PEPs. This article requires enhanced due diligence (EDD) for PEPs, meaning stricter background checks, verification of wealth sources, and close monitoring of transactions for suspicious activity, expanding on previous regulations by including foreign PEPs and domestic officials, their families, and close associates. 

Of course, being a PEP does not equate to being a criminal or suggest a link to abuse of the financial system. However, as PEPs are higher-risk customers, FIs and DNFBPs must be familiar with the PEP red flags and indicators used to detect such abuse. 

What are 7 PEP red flag indicators?

The Financial Action Task Force (FATF) has developed a list of PEP red flags/indicators to assist in detecting misuse of the financial system by PEPs during a customer relationship. 

Often, matching one or two of these indicators indicates a statistically raised risk of doing business with a particular customer, and several indicators need to be met before grave suspicion is warranted. However, in some cases – depending on specific circumstances – matching just one or more of these indicators could lead directly to suspicion of illegal activity, such as money laundering.

The FATF’s recommended red flags, as outlined in recommendations 12 and 22, are as follows:

 1. PEPs attempting to shield their identity

PEPs know their status may facilitate the suspicion of illicit behavior. With that in mind, they may conceal their true identity through various means to avoid detection, protect unearned assets, or evade legal trouble. Under the FATF’s recommendation, some of the key red flags to watch out for include the following:

• The use of corporate vehicles to obscure (i) ownership, (ii) involved industries, or (iii) countries.
• Use of corporate cars without a valid business reason.
• Use of intermediaries that don’t match with everyday business practices
• Use of PEP relatives and close associates (RCAs) as legal owners.

2. Suspicious behavior from PEPs 

When liaising with entities and monitoring activity, firms need to stay vigilant regarding a PEP’s movements and general behavior.  In particular, firms should be aware of any unusual inquiries about their AML/CTF policies, alongside uncommon transfers to accounts in different countries. As a result, the FATF encourages firms to monitor the following: 

• Investigate any inconsistencies between the information provided by entities and publicly available data, such as asset declarations or salaries, as these discrepancies could warrant further investigation.
• Pay close attention to entities conducting business in your jurisdiction without a clear and justifiable reason – a legitimate business purpose should be readily available.
• Carefully scrutinize entities that provide inaccurate or incomplete information, as deliberate misinformation is highly suspicious and requires further investigation.
• Entities who inquire about a firm’s AML/PEP policies, which could signal potential attempts to exploit vulnerabilities.
• Be cautious of entities seeking services they wouldn’t usually require, as this might suggest attempts to hide assets.
• Monitor entities who frequently transfer funds to countries with no apparent connection, as these unrelated financial activities raise concerns about potential illicit sources of income.
• Conduct additional due diligence for entities denied a visa to your country, as entry restrictions might suggest past issues or security concerns.
• Closely monitor entities from countries with restrictions on foreign account ownership, as country-specific limitations on holding accounts can be a risk factor.

3. The PEP’s position or involvement in business 

While the previous section highlighted behavioral red flags, understanding a PEP’s position and power within their organization adds another crucial layer to the risk assessment. As outlined by the FATF, individuals holding roles with greater control, authority, and influence can be inherently more susceptible to involvement in illegal activities. Here’s why: 

• Substantial authority over or access to state assets, funds, policies, and operations.
• Control over regulatory approvals, including awarding licenses and concessions.
• The formal or informal ability to control mechanisms established to prevent and detect money laundering and terrorist financing (ML/TF).
• If they (actively) downplay the importance of their public function or the public function they’re associated with.
• The PEP does not reveal all positions (including ex officio).
• Access to or control or influence over government or corporate accounts.
• Own or control financial institutions or DNFBPs, either privately or ex officio.
• The PEP (partially) owns or controls the financial institution or DNFBP (privately or ex officio) that is a counterpart or a correspondent in a transaction.
• The PEP is a director or beneficial owner of a legal entity that is a client of a financial institution or a DNFBP.

4. High-risk industries and sectors for PEPs 

Alongside the PEP’s position in their organization, connections with high-risk industries can raise their risk level. FIs and DNFBPs should use national guidance and conduct thorough risk assessments per the FATF’s recommendation 1. While high-risk industries will indubitably vary from country to country, the FATF presents the following as examples of higher-risk sectors in its recommendations 12 and 22:

• Arms trade and defense.
• Banking and finance.
• Businesses active in government procurement (i.e., those whose business is selling to government or state agencies).
• Construction and (extensive) infrastructure.
• Development and other types of assistance.
• Human health activities.
• Mining and extraction.
• Privatization.
• Provision of public goods and utilities.

5. Transaction indicators 

Accurate transaction monitoring is essential as a PEP’s transactions and banking history can reveal a complete overview of their income, spending, and saving activity for any period. The purpose of a transaction, as well as the nature of the business relationship behind it, should be scrutinized, along with the examples below:

• Private banking.
• Anonymous transactions (including cash).
• Non-face-to-face business relationships or transactions.
• Payments received from unknown or unassociated third parties.
• Using several separate bank accounts for unknown purposes.
• Consistent use of rounded amounts that can’t be justified.
• An account shows a sudden flurry of activity after a dormant period.

6. Products, services, and delivery channels red flags 

Another key indicator, depending on the nature of the PEP, is their connection to certain industries, products, services, transactions, or delivery channels that can be labeled as high-risk and easy to exploit for money laundering or other illicit purposes. Some of these include:

• Businesses that mainly cater to (high-value) foreign clients.
• Trust and company service providers.
• Correspondent and concentration accounts.
• Dealers in precious metals, precious stones, and other luxurious goods.
• Dealers in luxurious transport vehicles (such as cars, sports cars, ships, helicopters, and planes).
• High-end real estate dealers.

7. Country-specific PEP red flags and indicators

As defined by the FATF in recommendation 19, due diligence is vital if a foreign or domestic PEP is from a higher-risk country. Additionally, the FATF also recommends taking the following geographical considerations into account when entering into a business relationship with a PEP: 

• Foreign or domestic PEPs from countries that have yet to sign or ratify relevant anti-corruption conventions (or otherwise have not or have only insufficiently implemented these conventions), such as the UNCAC and the OECD Anti-Bribery Convention.
• Foreign or domestic PEPs from countries with mono-economies (economic dependency on one or a few export products), especially if their countries have export control or licensing measures.
• Suppose a PEP from a high-risk country has control or influence over decisions that aim to address any shortcomings in the anti-money laundering and combating the financing of terrorism (AML/CFT) system. In that case, it can lead to additional risks.
• Foreign or domestic PEPs from countries that depend on the export of illegal substances, such as narcotics.
• Foreign or domestic PEPs from countries with high levels of organized crime.

Detect red flags with automated solutions 

With so many red flags to be wary of, manually analyzing a PEP’s financial transactions, wealth sources, and business relationships can be time-consuming and prone to human error. 

Fortunately, advanced AML solutions offer sophisticated tools that empower comprehensive EDD for PEPs. These solutions surpass basic EDD by delving deeper into their finances and finding the true nature of wealth and transactions. 

Even after initial due diligence, continuous monitoring remains crucial – dynamic screening tools can provide a safeguard by automatically monitoring transactions and activities for suspicious patterns or red flags that may indicate money laundering or other financial crimes.

Implementing these solutions can offer significant advantages – streamlined data analysis and automated workflows significantly reduce operational burdens, freeing up resources for your team to focus on strategic tasks.

The post PEP red flags: 7 indicators for suspicion appeared first on ComplyAdvantage.