But how do firms discern reality from exaggeration? And when the AI models get increasingly complex, will they do what they are told?

Data tests have become an industry standard to verify the performance of complex AML screening products.

What is a data test?

A data test is a systematic evaluation of data sets and algorithms to assess their quality, accuracy, and reliability. They are a practice run for a screening provider in their most basic form, with many examples being tested. They typically involve applying predefined criteria or algorithms to identify anomalies, errors, or inconsistencies within the data.

While data tests serve as the bedrock of sound analysis, common pitfalls often emerge. This article scrutinizes three of the most common missteps in the data testing process and provides insights into effective remediation strategies. 

The 3 most common data test mistakes and how to fix them

Mistake 1: Testing true positive matches in isolation from noise levels 

For compliance screening providers, two objectives reign supreme:

1. Matching true positive entities: When a risky entity undergoes screening, firms expect the system to flag that risk, even amidst corrupted input data. This corruption could manifest in various forms: The alternative transliteration of names, missing middle names, transposed dates of birth, or relocated entities. 
2. Managing false positive levels: False positives constantly challenge compliance teams. As regulatory requirements increase, so do compliance costs, leading to prolonged onboarding processes and increased expenses. These costs can spiral out of control if unchecked, making products uncompetitive.

Surprisingly, many data tests overlook the interconnectedness of true and false positives, failing to acknowledge the tradeoff between them.

When this crucial link is missed, an inefficient loop is created where a data test result recommends the loosest engine settings, causing compliance processes to crumble under an unrealistic workload a few weeks later.

The fix: When designing a data test, include both true positive searches and false positive searches. Whenever possible, make false positives plentiful and representative of real-life searches.

Pro-tip: Don’t tell potential screening vendors which searches are supposed to generate hits.

Mistake 2: Failing to consider data pipeline and target demographics

Data tests can assess a plethora of use cases. However, not all tests apply to every use case. An ideal data test would be designed with a firm’s data pipeline and customer demographics in mind.

When considering a plausible case of corruption, for example, firms should consider the following:

1. Additional information: Tested examples should be equipped with the typical information a pipeline collects. For example, if the year of birth information is always collected, it should be included. This way, firms can partner with a screening vendor whose engine works for their data.
2. Identity verification checks: Similarly, if a pipeline collects middle names, whenever present, the data test should mimic this.
3. Demographics: Varying jurisdictions and demographics will present nuances that should be accounted for. For example, if a large proportion of customers are located in the Middle East, it may be worth doubling down on testing the sensitivity of alternative Arabic transliterations.
4. Counterparty screening: In some cases, firms may lack data to differentiate between personal and corporate accounts when screening counterparty risk. This information should not be included in the firm’s data test.
5. Joined accounts: One of the most common real-world corruption cases relates to joint account screening, e.g., “Mary Sue-Smith and Vladimir Putin,” where the screening engine needs to detect both account holders before screening them individually. If a firm’s data includes joined accounts, this must be a feature in the data test.
6. Unrealistic corruption for modern pipelines: If engineering teams perform their jobs exceptionally well, certain errors should not be feasible. For instance, it is only reasonable to test scenarios such as “GARAF Afatsom” if it could realistically occur, where the search is for a mirror image of the authorized individual “Mostafa FARAG.”

The fix: Carefully consider the data pipeline when designing tests. If there are any known historic true hits, test them too.

Mistake 3: Underplaying “the unfindables” problem

Despite various tests to detect the deliberate use of homoglyphs (aka search engine gaming) and mirror image tests (where names are spelled back-to-front), some major compliance pain points remain unaddressed.

Imagine a new valuable customer named “Mohamad Ahmad” needs to be onboarded. 

There are ~150 million people in the world named Mohamad. And about one in 25 of them has the surname Ahmad. A back-of-the-envelope estimation says there should be about six million people with this name, and a few dozen of those six million people will be sanctioned, while others will have other AML risks attached.

With a basic search engine, investigating all potential risks associated with “Mohamad Ahmad” could take days. Even then, the investigation is likely to be flawed due to the sheer volume of manual work involved. Without additional supporting information, risks associated with individuals like Mohamad Ahmad remain virtually unfindable.

While a relatively small proportion of names (up to 10 percent) are extremely common, they are responsible for many remediation efforts. Hence, most data tests underplay the importance of this compliance pain point.

The fix: Add supporting information that helps narrow down the search. Mohamad Ahmad, born in 1990 and living in the UK, should be a much easier case to screen when all data is used effectively. For data tests, add common names and supporting information to test these cases.

As more AI-powered screening solutions enter the market, rigorous testing will be the cornerstone of informed decision-making. By scrutinizing screening providers through comprehensive data tests and addressing common pitfalls, businesses can harness the full potential of AI while mitigating compliance risks and maximizing operational efficiency.

The post 3 common data test mistakes when evaluating an AML vendor appeared first on ComplyAdvantage.

• Anti-money laundering (AML) software that’s designed for banks.
• A way to quickly tell what differentiates leading solutions.
• How respected third parties assess top adverse media and AML vendors’ capabilities.

This article summarizes the ten top AML software vendors for banks, listing their key strengths and explaining the use cases they respond best to.

AML software for banks: 4 features to look for

When compliance leaders in banks are assessing their AML software options, key considerations should include:

1. Data quality: The breadth, depth, and timeliness of vendors’ AML data is critical to a successful program. Compliance teams should ask where vendors source their data, how they manage updates, and what quality controls they have.
2. Use of AI: While many vendors will discuss AI in marketing materials, compliance leaders should dig into specific use cases and the benefits existing customers have experienced. Effective examples are improving efficiency, prioritizing highest-risk alerts, and building a network view of risk.
3. An integrated approach to fraud and AML: Deploying fraud and AML in an integrated way – as opposed to in siloed teams/operations – will improve efficiency and efficacy, helping to identify potentially connected activities and behaviors that may otherwise be missed.
4. Keeping pace with regulatory change: From real-time payment rails to emerging fraud typologies, the expectations of customers – and the challenges to protecting them – change frequently. Legacy providers may be slower to adapt to these developments. At best, this could leave banks slower to implement new products – at worst, customers may be exposed to financial crime risks due to a lack of agility.

Top AML software vendors for banks

1. ComplyAdvantage

ComplyAdvantage’s AI-driven fraud and AML risk detection solution improves the efficiency of banks’ compliance workloads by reducing false positives by up to 70 percent and shortening onboarding cycle times by up to 50 percent. Its automation scans unique data using graph network detection, identity clustering, and dynamic thresholds to give banks three central capabilities:

• Customer screening: With a real-time risk database using flexible screening parameters for automated monitoring, integrating data feeds, case management, and CRM.
• Adverse media screening: Using an AML and combatting the financing of terrorism (CFT)-focused taxonomy aligned to regulatory guidance to trigger the most relevant alerts against comprehensive, structured profiles.
• Transaction monitoring: Through a unified cloud-based platform that monitors risks in real-time and maximizes straight-through processing with configurable risk-based rules.

Top ComplyAdvantage Features

ComplyAdvantage’s AML solution is ideally suited to digital and regional/mid-market banks and larger banks looking to leverage AI at scale. To help these banks balance business goals with compliance obligations, the solution offers the following features:

• AI-powered risk detection – Capture novel AML risks using machine learning (ML) models, identity clustering, and graph analytics instead of pre-defined rules.
• Anomaly detection – Spot hidden red flags with peer group data, unsupervised ML algorithms, and dynamic tuning based on analyst feedback.
• Real-time risk approach – Get system-wide updates based on global watchlists, sanctions lists, and politically exposed person (PEP) lists every hour, and keep configuring rules as you go.
• Alert prioritization and flexible workflows – Identify and prioritize alert risk factors and set specific rules for different customer tiers according to your risk-based approach.
• Coverage for all payment rails – Cover every payment type, including ACH, Swift MT, SEPA, Direct Debit, FedNow, Faster Payments, and SEPA ICT.
• Coverage for non-transaction events – Take advantage of holistic insights on customer behavior events like logins and profile changes.
• Integrated case management – Open an investigative case directly from an alert with easy integrations across the workflow and automation to reduce human error.
• Behavioral analytics – Use identity clustering based on customer behavior to identify accounts controlled by a single hidden entity.
• Built-in archiving – For continuous transparency and easy access to all transaction records, making it easier to collaborate with regulators.

Get a closer look at our AI-driven AML solution for banks

Find out how banks of all sizes use ComplyAdvantage to scale intelligently.

Request a demo

2. LexisNexis Risk Solutions

According to Aspiring Solicitors, LexisNexis is “a leading global provider of legal, regulator, and business information and analytics that help customers increase productivity, improve decision-making and outcomes, and advance the rule of law around the world.”

3. Dow Jones Risk and Compliance

According to G2, Dow Jones Risk and Compliance is “a global provider of third-party risk management and regulatory compliance solutions.” The firm has operated since 1882, evolving from a news agency to offer a wider range of services.

4. LSEG Data and Analytics (formerly Refinitiv)

According to Crunchbase, the London Stock Exchange Group (LSEG) is a “provider of financial markets data and infrastructure.” LSEG acquired Refinitiv in 2021, expanding its service offering.

5. Oracle 

According to Crunchbase, Oracle is an integrated cloud application and platform service that sells a range of enterprise information technology solutions. The firm was founded in 1977 in California.

6. Accuity

According to Crunchbase, Accuity offers a suite of innovative solutions for payments and compliance professionals. The first has been in operation for two decades, evolving its service offering through expansion and an acquisition.

7. NICE Actimize

According to Crunchbase, NICE Actimize provides real-time fraud prevention, anti-money laundering, enterprise investigations, and risk management solutions. The firm operates in more than 30 countries worldwide.

8. Smart Search

According to Crunchbase, SmartSearch is an online provider of AML verification services.

9. FinScan

Crunchbase describes FinScan as providing “the most advanced sanctions list and PEP compliance solutions available to help financial services organizations.” The company was founded in 2008 and is headquartered in Australia.

10. Napier

According to Crunchbase, Napier is “a new breed of financial crime compliance technology specialist.” Founded in 2018 and based in London, the firm has secured investment from Crestline Investors.

How to measure success

While every bank will have different objectives and challenges, success metrics should include:

• Protect the firm and its customers’ reputation. Effective AML software ensures firms stay on top of the latest typologies and risks. 
• Deliver an outstanding customer experience. A well-deployed AML stack aligned with a bank’s risk appetite and risk-based approach should not hinder delivering new products and services to customers. 
• Effective internal processes. Intuitive workflows should allow compliance leaders to delegate resources, prioritize the greatest risks, and resolve alerts faster. 
• Continuous improvement and optimization: What success looks like will change as the bank and its financial environment evolve. Compliance leaders should work with their vendors to understand what other financial institutions are focused on and if there are more effective ways to achieve their financial compliance objectives. 

Next steps: Explore AML software for banks at ComplyAdvantage

Discover why banks worldwide choose ComplyAdvantage’s AI-powered AML software and book a demo to see it in action. 

All information is sourced from publicly available websites and is correct as of March 2024. If you’d like to request a correction, please e-mail content@complyadvantage.com, and we’d be happy to review this with you.

The post Top 10 AML software for banks appeared first on ComplyAdvantage.

AML fines in 2023

While fines are typically issued several years after AML failings occur, the top AML fines incurred in 2023 occurred across the following sectors:

1. Cryptocurrency – $5.8 billion+ in fines
2. Banking – $835 million+ in fines
3. Gambling – $475 million+ in fines
4. Trading and brokerage – $194 million+ in fines

Cryptocurrency – $5.8 billion+ in fines

In 2022, the cryptocurrency industry was ranked fourth in our review of AML fines, with $30 million in financial penalties. However, in 2023, the industry jumped to the top spot, with crypto companies fined over $5.8 billion for inadequate AML programs. According to a Financial Times analysis, this total results from 11 fines, compared to an average of less than two per year over the last five years.

AML compliance failures that led to these fines included:

• Violating the Bank Secrecy Act (BSA).
• Security shortcomings.
• Not registering as a money-transmitting business.
• Not conducting customer checks.
• Failing to uphold sanctions.
• Violating the International Emergency Economic Powers Act (IEEPA).

Banking – $835 million+ in fines

Although there was a significant decrease in AML penalties in the banking sector in 2023 compared to the previous year, some institutions faced substantial fines. Many of these fines resulted from years-long investigations that revealed institutions failing to make considerable progress in areas they had pledged to address multiple years prior. For example, one multinational bank was fined $186 million by the US Federal Reserve for persistent weaknesses in its controls on sanctions compliance and transaction monitoring. This is despite being fined $99 million a few years prior for the same issues. 

Similarly, the Financial Conduct Authority (FCA) discovered that a bank continued using inadequate AML systems, even though the regulator had raised concerns about them previously. The bank failed to make effective changes, allowing money to pass through the firm without appropriate checks. The bank also neglected to properly check its customers’ source of wealth (SoW) and source of funds (SoF), allowing the money to be used within the UK without proper scrutiny. 

Gambling – $475 million+ in fines

For the second year in a row, the Australian Transaction Reports and Analysis Centre (AUSTRAC) issued a substantial fine to an entertainment group for repeatedly violating the country’s Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CFT Act). Specifically, the company did not have a transaction monitoring program in place that was appropriate for the size and complexity of the organization. Additionally, its enhanced due diligence (EDD) program was found to lack appropriate procedures to ensure higher-risk customers were subjected to extra scrutiny.

Insufficient EDD programs were also key to many of the fines issued by the UK Gambling Commission. In one case, a customer was able to spend over £36,000 before any EDD checks were conducted. Inadequate SoF and SoW checks were also repeatedly noted, leading to another customer depositing £71,000 and losing over £70,000 without the operator having knowledge of the customer’s SoF or SoW. 

Additional failings by gambling companies identified by regulators in 2023 included:

• Accepting bets before being licensed.
• Violating advertising regulations or engaging in inducement practices.
• Accepting wagers that are prohibited by law.
• Offering bonuses that violate local gaming laws.
• Failing to prevent excessive spending and imposing account limits.

Trading and brokerage – $194 million+ in fines

In 2023, the Financial Industry Regulatory Authority (FINRA) issued three times the amount of fines compared to the previous year as the regulator upped its focus on non-compliance with Regulation Best Interest (Reg BI), which requires companies to prioritize customer interests ahead of their own. In one case, a former securities broker was fined by FINRA for engaging in unsuitable trading where they had de facto control. The trading resulted in high turnover rates and cost-to-equity ratios that were well above the traditional guideposts of six percent and 20 percent. As a result, multiple customers incurred significant losses, including one account losing $80,072.

In another instance, an investment banking firm was fined by the FCA for AML failings related to cum-ex trading. Despite red flags during the onboarding process, the firm ignored financial crime risks when executing trades on behalf of 11 clients, which resulted in a loss of over €22 million for one client. However, in this case, and many of the other penalties issued by the FCA, the firm did not dispute the regulator’s findings, making them eligible for a 30 percent reduction under the FCA’s settlement discount scheme.

AML violations with the biggest penalties

In light of the examples listed above, the AML violations that received the biggest penalties included:

• Lack of proper CDD/EDD measures: Many of the penalties relating to inadequate due diligence checks manifested as incomplete or insufficient verification of customer identities, failure to assess the nature of business relationships, or overlooking the ongoing monitoring of customer transactions.
• Failing to uphold sanctions: A key underlying factor that led to a large majority of penalties relating to sanctions noncompliance related to outdated systems that did not reflect current sanctions lists. 
• Not submitting suspicious activity reports (SARs): In addition to overlooking unusual or suspicious transactions, this common type of non-compliance also manifested in failing to train staff adequately on recognizing and reporting potential financial crimes. 

The State of Financial Crime 2024

Unpack the results of our global survey on what senior compliance decision-makers believe will shape 2024.

Download now

Recent and upcoming regulations to be aware of

In last year’s top AML fines blogs, we shared a concerning statistic that more firms are choosing to incur AML fines and make violations “all the time.” While the reasons behind why firms are becoming increasingly desensitized to fines are complex, keeping up with recent and upcoming changes to global AML regulations remains key to the overall stability of the financial system.

Our State of Financial Crime 2024 report explores these regulatory developments and their impact at length, a summary of which can be found below.

Key changes in AML regulations in 2023

• Hong Kong: In February 2023, the Hong Kong Monetary Authority (HKMA) published revised guidance relating to transaction monitoring, screening, and suspicious transaction reporting. The guidance underscored the regulator’s aim for authorized institutions to adopt a system that generates targeted alerts to deliver more actionable insights.
• United Kingdom: The UK’s Economic Crime and Corporate Transparency Act (ECCTA) was introduced in 2023 to combat illicit finance. The act included reforms such as a new failure to prevent fraud offense, a beneficial ownership registry, improved transparency, and enhanced intelligence-gathering powers for law enforcement. De-banking also became a significant regulatory obstacle in the UK after allegations of unfair treatment.
• United States: Preparing for the requirements set out in the Corporate Transparency Act (CTA) was – and continues to be – a major focus area for financial institutions (FIs) operating within the US. A key change that was introduced via this act was the requirement for firms to submit beneficial ownership information (BOI) to the Financial Crimes Enforcement Network (FinCEN). 

AML regulations in 2024

• Markets in Crypto-asset (MiCA) regulation: New regulations for stablecoin issuers in the EU will take effect in mid-2024, under the MiCA regulation. Other countries such as Hong Kong, Singapore, and the UK are also working on similar legislation. These regulations will increase scrutiny and require issuers to hold sufficient reserves, protect holders, and safeguard assets. The improved regulatory framework will promote transparency and accountability and boost institutional investor confidence.
• The Corporate Transparency Act (CTA): In the past, businesses in the United States were not required to publicly disclose or maintain a record of their shareholders or ultimate beneficial owners (UBOs). This lack of transparency allowed anonymous shareholders to control businesses and create shell companies to disguise and move illicit funds. To prevent this kind of activity, Congress passed federal legislation to collect beneficial ownership information (BOI) for entities formed under US state laws. This legislation, known as the Corporate Transparency Act, was passed in January 2021 and took effect on January 1, 2024.
• The European Union’s New AML Package: 2023 marked a big step toward the full implementation of the EU’s new AML package, consisting of (1) a new AML regulation (AMLR), (2) the 6th Anti-Money Laundering Directive, (3) a regulation establishing a European Anti-Money Laundering Authority (AMLA) and (4) an update to the Wire Transfer Regulation (TFR). The TFR was fully agreed upon in May 2023, bringing crypto-asset service providers (CASPs) within the regulatory framework and requiring them to collect and share originator and beneficiary information (the ‘Travel Rule’). Further steps toward full implementation will be made in 2024.
• The Economic Crime and Corporate Transparency Act 2023 (ECCT Act): The ECCT Act has been introduced to combat economic crime and promote transparency in corporate entities. One of the key features of this act is the reform of the UK companies registry, Companies House. The ECCT Act also includes provisions to hold organizations accountable if they profit from fraud committed by their employees, through the creation of a new failure to prevent fraud offense. Additionally, it reforms the corporate criminal liability laws for economic crimes, making corporations liable for their own economic crimes. The implementation of the provisions in the ECCT Act will be in stages since many of them will require systems development and secondary legislation before they can be implemented. However, as of January 2024, the Companies House Registrar has confirmed that initial changes will be introduced from March 2024.
• The FCA’s review of PEPs: In July 2023, the UK government asked the FCA to review its guidance on risk management for PEPs. In September 2023, the FCA announced it would examine how firms apply the definition of PEPs, conduct risk assessments, implement EDD and ongoing monitoring procedures, decide on account closures, communicate with customers, and review PEP controls. Although not a confirmation of new or updated PEP regulations, corrective measures may be taken based on the FCA’s findings – which will be presented by June 30, 2024.

How to avoid AML fines in 2024

Iain Armstrong, a Regulatory Affairs Specialist at ComplyAdvantage, believes that compliance officers need to prioritize good outcomes by emphasizing the human cost of financial crime over the financial cost. Firms should also not ignore the long-term reputational effects of widely-publicized fines and enforcement actions.

To mitigate potential AML fines in 2024, firms should:

• Improve customer screening measures to automate onboarding processes and exceed regulatory requirements.
• Access real-time global coverage with robust watchlists and sanctions screening software.
• Implement a transaction monitoring solution that screens in real-time and can be configured based on different risk appetites for various business flows.
• Provide adequate training to compliance staff on AML requirements, including reporting obligations, conducting sufficient SoF and SoW checks, and sanctions/asset-freezing measures. 

The post The biggest AML fines in 2023 appeared first on ComplyAdvantage.

In chapter four of our Insurtech Financial Crime Guide, firms can score their programs against our fincrime checklist. Based on the list, this article explores five best practices that insurtechs can use to manage financial crime risks and regulatory compliance effectively.

1. Adopt a truly risk-based approach

A risk-based approach is foundational to financial crime risk management for insurtech companies. Instead of relying on a generic regulations checklist, insurtechs should embrace a more holistic strategy that assesses the specific risks they face and tailors their controls accordingly.

To embark on a risk-based approach, insurtechs should undertake an annual enterprise-wide risk assessment (EWRA). This comprehensive evaluation should encompass:

• Inherent financial crime risks: Identify the inherent risks associated with the insurtech’s operations, considering factors such as the types of insurance products offered, customer demographics, and distribution channels.
• Control effectiveness: Assess the effectiveness of existing controls in mitigating financial crime risks. Evaluate how well current practices align with the identified risks.
• Residual risks: Calculate the residual risks that remain after applying current controls. This step is crucial in determining where additional measures are necessary.
  

By conducting an EWRA, insurtechs can gain a deep understanding of their specific risk profile and make informed decisions about risk management strategies.

Building on insights from the EWRA, insurtechs can develop a framework for managing financial crime risks. This framework should include calibrated policies, procedures, and controls tailored to the actual levels of risk. A practical example of this approach can be found in the Wolfsberg Group’s Guidance on a Risk Based Approach for Managing Money Laundering Risks. This framework has been successfully applied across multiple sectors and can serve as a reference for insurtechs looking to fine-tune their risk management strategies.

2. Conduct a gap analysis to identify vulnerabilities

Comprehensive anti-financial crime programs encompass a wide range of activities, including the appointment of senior compliance officers, the establishment of governance structures, and the formulation of policies and procedures. While these elements are critical, other core activity areas that insurtechs must address to meet their obligations and identify risks effectively include:

• Identity verification (IDV): Insurtechs must collect, verify, and securely store sensitive personal data that confirms the client’s identity. Robust IDV processes are essential to prevent identity theft and fraud.
• Customer due diligence/know your customer (CDD/KYC): This involves collecting, assessing, and securely storing documentation and data on the client’s financial circumstances. It creates a baseline understanding of how clients will likely use insurance products.
• Customer screening: To identify potential risks, insurtechs should conduct a thorough screening of client names against sanctions lists, politically exposed person (PEP) data, and adverse media sources.
• Fraud detection: Detecting and preventing fraud during applications, claims processing, or policy changes is a critical ongoing activity. It includes verifying the identity of the claimant or beneficiary and assessing the validity of the claim.
• Transaction monitoring: Regularly reviewing client transactions, such as premium payments and claims histories, can help identify unusual or suspicious behavior.
• Ongoing screening: Monitoring existing client names for updates to relevant sanctions lists, PEP status, and adverse media is necessary to stay informed about evolving risks.

While the Financial Action Task Force (FATF) and national regulators do not prescribe specific processes for these activities, they encourage firms to develop responses tailored to their business and risk profile. In practice, insurtechs must decide how much they should automate and digitize traditionally paper-based and face-to-face activities. Given the scale and growth of the insurance market, rising customer expectations, and the need to control costs, technology is often seen as the solution. However, challenges exist in adopting regulatory technology (regtech) solutions, particularly for digitally native firms like insurtechs.

3. Confront implementation challenges

Insurtechs need to be confident that the AML and anti-fraud measures they implement will mitigate risks to a level that will prevent criminals from taking advantage of them and their customers and satisfy the exacting demands of regulators. When it comes to implementing these measures, several common challenges require attention: 

• Remote access: Insurtech operations are often conducted online, and employees may never have direct contact with clients. This presents the risk of impersonation or using fake documentation to support fraudulent claims.
• Incomplete risk data: Many firms rely heavily on vendors for risk information. While reputable vendors provide valuable data, some may exaggerate the scope and scale of their information, leaving clients with significant risk coverage gaps during onboarding and ongoing monitoring.
• Time gaps: The dynamic nature of sanctions lists, with rapid changes, can pose challenges for insurtechs. Many vendors offer updates every six to 12 hours, but some firms only run batch checks once a day or overnight. This time lag can result in payments that should be blocked passing through due to delays in updating.
• False positives: Many automated platforms for fraud, money laundering, and sanctions detection rely on hard-coded, rules-based triggers and basic name-matching techniques. However, criminal behaviors are sophisticated and agile. Rules-based systems often generate many false positives, making the processes resource-intensive and inefficient.
• Lack of flexibility and integration: Legacy platforms may function as standalone offerings, struggling to interact with other systems within a firm’s technology suite. Siloed financial crime platforms and processes have, in the past, led to the oversight of real risks.
  

Insurtechs must address these challenges to ensure that the measures they implement effectively mitigate risks and satisfy regulatory demands. This requires a thoughtful and dynamic approach to risk management.

4. Explore advanced solutions offered by RegTech providers

To overcome these challenges and optimize financial crime risk management, insurtechs must explore innovative solutions and leverage the capabilities offered by RegTech providers. But not all vendors are created equal. Capabilities to assess vendors for include:

• Cloud computing for real-time risk data and screening: Distributed cloud computing allows the secure storage of extensive risk data, eliminating physical storage limitations. Additionally, it enables real-time data updates in all locations simultaneously, ensuring that screening lists are always up-to-date.
• Machine learning (ML) for pattern recognition: ML algorithms are increasingly effective in identifying discrepancies in client documentation during onboarding. They can also detect subtle changes in client behavior, making it easier to spot potential fraud and other financial crimes. ML can significantly reduce false positives, lowering the costs associated with unnecessary alerts and unjustified payouts. Furthermore, ML can be employed for fuzzy matching of equivalent names in screening and to assess the likelihood of a match. These tools can identify duplicate records, resolve gaps, match names in multiple languages and scripts, and allow characters to be inserted, omitted, or replaced.
• APIs for flexibility and integration: Platforms that incorporate application programming interfaces (APIs) are well-suited for enabling flexible and integrated systems. APIs facilitate the pooling of risk data from multiple sources and allow different platforms to communicate important information promptly. This prevents missed opportunities that could lead to financial crime risks falling through the gaps.
  

Insurtechs should carefully evaluate these solutions and ensure that they align with their specific needs. It is crucial to select regtech vendors capable of delivering the most effective and appropriate technology for each particular task. By leveraging these innovative solutions, insurtechs can significantly enhance their financial crime risk management processes.

5. Play to the inherent strengths of insurtech business models

While it’s easy for insurtechs to focus on the risks their innovative business models pose, it’s important not to overlook some of the advantages too. For financial crime risk management, these include:

• Cultural familiarity with technology: Insurtech companies are inherently tech-savvy and have a cultural appreciation for the value of technology. This cultural alignment allows for smoother integration of technology solutions into their operations.
• Richer and cleaner data sets: Insurtechs often benefit from more extensive and cleaner data sets compared to legacy insurance companies. This enhanced data quality can improve the accuracy and effectiveness of financial crime risk management systems.
• Agile technology: Insurtechs are typically more agile in their technology adoption and implementation. They can readily pivot to implement advanced regtech solutions, responding swiftly to emerging risks and compliance requirements.

Incorporating these advantages into their approach to financial crime risk management positions insurtechs as regtech adopters who can efficiently manage risks and meet regulatory demands. Their ability to innovate and stay at the forefront of technology adoption is a competitive advantage in the insurance industry.

By following these five best practices, insurtechs can build a strong foundation for financial crime risk management, ensuring their operations are both secure and compliant. As the insurtech industry evolves, staying committed to effective risk management is essential for building trust with customers and regulatory authorities while achieving long-term success.

The post Financial crime risk management: Best practices for insurtechs appeared first on ComplyAdvantage.

We’ve summarized the key developments – read on or click below to jump to a particular section: 

• Changes to the grey list.
• Indonesia’s new FATF membership status.
• Improving asset recovery.
• Combating the abuse of non-profit organizations (NPOs) for terrorist financing.
• Crowdfunding for terrorism financing.
• Illicit financial flows from cyber-enabled fraud.
• Misuse of citizenship and residency by investment programs.
• Beneficial ownership and transparency.
• The recent joint mutual evaluation of Brazil.

#1: Bulgaria added to the grey list 

At the plenary, the FATF noted that Bulgaria had made progress on recommendations listed in its 2022 mutual evaluation report (MER) to improve international cooperation. However, the watchdog highlighted several areas of Bulgaria’s AML/CFT regime that required strengthening, leading to the country being subject to increased monitoring and a ten-point action plan. Standouts include:

• Implementing a risk-based supervision model for postal money operators, currency exchange providers, and real estate agents.
• Establishing market entry controls for virtual asset service providers (VASPs) and postal money operators.
• Ensuring beneficial ownership information (BOI) in its register is accurate and up-to-date.
• Implementing an automated system to automate the prioritization of suspicious transaction reports (STRs).
• Improving investigations and prosecutions of different types of money laundering in line with risks, including high-scale corruption and organized crime.
• Addressing gaps in the terrorist financing (TF) and proliferation financing (PF) targeted financial sanctions frameworks.

Bulgaria’s addition to the grey list follows a season of high-profile cases involving the misuse of EU funds by Bulgarian politicians, the implementation of Magnitsky sanctions on corrupt Bulgarian officials by the Office of Foreign Assets Control (OFAC), and a multi-billion dollar cryptocurrency pyramid scheme. Firms operating in Bulgaria may choose to conduct a thorough risk assessment to consider various factors, including: 

• Adverse media relating to politically exposed persons (PEPs). 
• The legal and regulatory environment.
• Political stability.
• Corruption levels.
• Economic conditions.
• The presence of high-risk industries.

#2: Albania, Cayman Islands, Jordan, and Panama removed from the grey list

Albania

In February 2020, Albania was added to the grey list and subjected to increased monitoring by the FATF due to deficiencies in its AML/CFT regime. The FATF recommended actions including:

• Conducting additional in-depth analysis to adequately understand money laundering and other financial crime risks.
• Improving the implementation of targeted financial sanctions through enhanced supervisory action. 
• Strengthening the powers of competent authorities to take necessary action.
  

Since 2020, Albania made commendable efforts to improve its AML/CFT framework, resulting in a significant increase in money laundering cases prosecuted, especially those involving foreign criminal proceeds laundered in Albania. As a result, Albania has been removed from the grey list. 

Cayman Islands

In February 2021, the Cayman Islands was added to the grey list due to deficiencies related to “sanctions on financial institutions for anti-money laundering breaches” and a lack of “up-to-date beneficial ownership information.” While the Cayman Islands’ Technical Compliance assessment in 2021 rated the jurisdiction as compliant or largely compliant with 39 out of the 40 FATF Recommendations, the evaluation also outlined 63 action points aimed at improving overall effectiveness. 

At the October 2023 plenary, the FATF highlighted the Cayman Islands’ substantial progress in enhancing the effectiveness of its AML/CFT framework, particularly in proportionately applying sanctions, resulting in the watchdog removing it from the grey list.

Jordan

In its 2019 MER, multiple deficiencies in Jordan’s AML/CFT framework were identified, including:

• Poor quality suspicious activity reports (SARs) resulting in an inconsistent amount of SARs being sent to the Public Prosecutor’s Office.
• Ineffective and disproportionate penalties served for money laundering offenses. 
• A lack of a clear, unified understanding of terrorist financing risks in the non-profit organization (NPO) sector.

While the country amended its anti-terror and money laundering law in June 2021, it came into effect after the FATF’s deadline, contributing to the body’s decision to subject Jordan to increased monitoring in October 2021. 

However, at the FATF’s October 2023 plenary, the watchdog highlighted the progress made by the country in addressing these deficiencies, leading to its removal from the grey list. 

Panama

Panama was originally added to the grey list in 2014 but removed in 2016 after amending its laws to address the deficiencies in its money laundering framework, including laws targeting designated non-financial businesses and professions (DNFBPs). However, the country found itself back on the grey list in 2019 when it failed to adopt key pieces of legislation, including criminalizing tax fraud and making tax crime a predicate offense for money laundering. Panama made significant efforts to address these deficiencies, leading to the FATF removing it from the grey list in October 2023.

#3: FATF memberships: Indonesia and Russia

The FATF also welcomed Indonesia as its 40th member, placing the country on equal footing with other G20 countries and improving international trust in Indonesia’s financial integrity. Ivan Yustiavandana, Head of the Indonesian Financial Transaction Reports and Analysis Center (PPATK), said this membership will increase Indonesia’s economic credibility and positive perception of its financial system, which will influence economic growth through investment.

Discussions also centered around the Russian Federation’s suspended membership, which still remains in effect.

#4: Strategic initiatives

The FATF also discussed multiple strategic initiatives ranging from improving asset recovery and BOI information to helping public and private sector entities better identify potential terrorist financing activity via crowdfunding.

Improving asset recovery

Echoing Kumar’s objectives presented at the June 2022 plenary, the FATF highlighted its aim to prioritize asset recovery to tackle money laundering and terrorist financing. Globally, countries recover only a fraction of the assets generated by criminal activity, fueling further criminal activity. The FATF has previously led efforts to strengthen legal and operational frameworks for asset recovery, including introducing non-conviction-based confiscation regimes. The revised standards aim to bring about a cultural shift to make asset recovery a core component of crime prevention. The FATF will adjust its assessment methodology to account for the changes in recommendations, and the updated Recommendations will be published in November 2023.

The FATF also announced that it has analyzed the Asset Recovery Inter-Agency Network (ARIN) model – international or regional networks that unite law enforcement and judicial practitioners who work towards tracing, freezing, seizing, and confiscating assets. In an upcoming report, the watchdog said it would outline recommendations for closer collaboration with ARINs to help investigators and prosecutors follow the money and recover assets in transnational crime cases. This report will also be published in November 2023.

Combating the abuse of NPOs for terrorist financing

As part of the FATF’s focus on protecting NPOs from terrorist financing abuse, the watchdog revised one of its recommendations. The revisions clarify that recommendation eight only applies to NPOs that fall within the FATF definition. Countries must identify the types of organizations within the definition and assess their risks. The revised recommendation aims to prevent undue disruption or discouragement of legitimate charitable activities. Countries in the global network will be assessed against these revised standards without disrupting legitimate charitable activities. The updated recommendations will be published in November.

The FATF also updated its best practices paper to reflect the changes made to Recommendation 8 and help stakeholders implement the revised requirements more effectively. The paper serves as a guide for the non-profit sector, protecting NPOs from terrorist financing abuse without hindering legitimate charitable activities. With the revisions, the FATF has made its standards clearer and more aligned with the risk-based approach (RBA). The best practices paper will be published in November.

Crowdfunding for terrorism financing

Kumar also announced the release of a new report (published on October 31) that analyzes how terrorists exploit crowdfunding platforms. It discusses the challenges faced in detecting and preventing terrorist financing in the crowdfunding ecosystem, citing the complexity of crowdfunding operations, the use of anonymizing techniques, and the lack of expertise within the industry to detect suspicious activity.

The report suggests good practices such as:

• Including crowdfunding in national terrorist financing risk assessments.
• Outreach to the crowdfunding sector.
• Effective domestic and international information-sharing mechanisms. 

It also provides a list of risk indicators that can help public and private sector entities, as well as the general public, identify potential attempts at terrorist financing activity via crowdfunding. Some of these risk indicators include:

• Donations that are made through mechanisms designed to obscure the identity or source of funds or that are overly complex in their routing.
• A lack of information about the purpose, goals, or ultimate beneficiaries of the campaign.
• Crowdfunding platforms or intermediary organizations that host or enable other projects related to violent extremism or radicalism.
• Donation methods that make it difficult to trace the source of funds (SoF), such as unique donation links.
• Platforms that require payments through unregulated financial institutions.

Illicit financial flows from cyber-enabled fraud

In partnership with the Egmont Group and INTERPOL, the FATF also identified strategies to combat cyber-enabled fraud, including: 

• Breaking down silos within compliance teams.
• Promoting collaboration.
• Enhancing detection and prevention. 

A report highlighting these strategies and risk indicators will be published in November.

Misuse of citizenship and residency by investment programs

Citizenship and residency by investment (CBI/RBI) programs are initiatives that grant citizenship or residency to foreign investors. Although they stimulate economic growth, they also come with significant risks of money laundering, fraud, and other misuse. A joint project by the FATF and the Organisation for Economic Co-operation and Development (OECD) highlights how criminals can exploit CBI programs and proposes measures to manage these risks. Due to be published in November, the report will emphasize the importance of multi-layered due diligence and clearly define the roles and responsibilities of all parties involved in RBI/CBI programs to detect fraudulent activities. 

Beneficial ownership and transparency

During the plenary, the FATF amended the methodology for upcoming mutual evaluations that guide assessment teams in determining the effective implementation of updated beneficial ownership and transparency requirements. 

The revised methodology will be published in November. The watchdog also announced the development of updated risk-based guidance on beneficial ownership and transparency of legal arrangements to help stakeholders assess and mitigate money laundering and terrorist financing risks. The plenary agreed to release the revised guidance for public consultation and expects to finalize this work during its February 2024 session.

#5: Results of Brazil’s mutual evaluation

Finally, the FATF approved Brazil’s MER for compliance with AML/CFT and counter-proliferation financing measures. According to the watchdog’s review, Brazil has shown improvement since the last assessment in 2010, with strong international cooperation, risk assessment, and policy coordination. However, cooperation and coordination between certain authorities were noted as still requiring improvement, and the prosecution of money laundering needs enhancement. A report on the subject will be published by December after completing the quality and consistency review.

The next FATF plenary is due to take place in February 2024.

Previous plenary coverage from ComplyAdvantage can be found here:

• FATF Plenary June 2023
• FATF Plenary February 2023
• FATF Plenary October 2022
• FATF Plenary June 2022
• FATF Plenary March 2022
• FATF Plenary October 2021
• FATF Plenary June 2021

The post FATF plenary October 2023: Outcomes and initiatives appeared first on ComplyAdvantage.

In light of these illicit finance risks, chapter four of our Guide to AML/CFT Reforms in the US Real Estate Sector outlines a financial crime checklist for real estate businesses. With a volatile global economic and sanctions environment piling further pressure on compliance teams, this article explores five customer due diligence (CDD) best practices for the US real estate sector.

Real estate best practices: Customer due diligence

In the real estate industry, CDD plays a crucial role in preventing money laundering and terrorist financing. By identifying and addressing potential risks, real estate professionals can reduce their exposure to financial crime and minimize their exposure to legal penalties and regulatory scrutiny. But what specific actions can compliance teams take to ensure their CDD measures are both effective and efficient? 

1. Understand the risk environment

Money laundering and terrorist financing are incredibly dynamic threats. Businesses can’t afford to simply check boxes on a pre-determined list of potential issues. Instead, real estate firms of all types should ensure they understand the risk environment in which they operate.

The Financial Action Task Force (FATF) highlights three criteria for firms to consider: 

• Customer risks: Clients can be categorized into three levels of risk – low, medium, and high. Low-risk clients may include first-time buyers in small cities, while medium-risk clients can be individuals with an average net worth. High-risk clients usually involve high net-worth individuals, foreign politically exposed persons (PEPs), or luxury property buyers. Firms should adopt a risk-based approach and customize their risk management measures based on the client’s risk level. For example, performing enhanced due diligence (EDD) on high-risk clients is crucial.
• Geographic risks: It’s vital to identify high-risk jurisdictions highlighted by organizations like FATF, such as North Korea, Iran, and Myanmar. Organizations must understand the implications of operating interests overseas concerning these jurisdictions.
• Product/service/channel risks: With the rise of online platforms in real estate transactions, firms must recognize the potential for fraud prevention measures. Especially for non-face-to-face interactions, it’s essential to implement preventive measures to guard against impersonation and fraud.

2. Implement effective controls

After conducting a risk assessment, companies must determine what type of anti-financial crime framework is necessary. Comprehensive anti-financial crime programs include appointing a senior compliance officer and creating governance structures, policies, and procedures, among other things. However, given the current focus of the US government on identifying beneficial ownership and enhancing CDD standards, companies should prioritize the following areas:

• Identity verification (IDV): Companies should implement secure mechanisms to collect, verify, and store personal data to prevent fraud, money laundering, and sanctions evasion.
• Know your customer (KYC) measures: Organizations need to establish processes for collecting, assessing, and securely storing client’s economic and financial profiles. This will help them to gain a deeper understanding of their clients’ needs and inherent risk levels.
• Screening: It is important to conduct thorough screening checks on clients and beneficial owners, including sanctions lists, political exposure, and adverse media mentions. This will ensure compliance with US sanctions laws.
• Ongoing monitoring: Organizations should continuously monitor client behavior for consistency with CDD/KYC information. They should also be prepared to file suspicious activity reports (SARs) with the Financial Crimes Enforcement Network (FinCEN) for suspicious behavior.

3. Apply controls to business partners

When dealing with real estate transactions, it is important to extend CDD and KYC measures to other firms involved in the transaction, especially when dealing with less-established partners. To identify any additional risk factors, it is recommended to implement know your business (KYB) practices when conducting deals involving business partners.

4. Strategically leverage technology 

Technology is pivotal in enhancing CDD processes by streamlining, automating, and improving various aspects of customer risk assessments and compliance. Technologies to consider implementing into the CDD process include:

• Machine learning (ML): ML algorithms can analyze large datasets and customer profiles to identify patterns associated with high-risk behavior. This helps assess customer risk levels more accurately and enables a more targeted CDD approach. 
• Cloud computing: Cloud-based CDD solutions can quickly scale to handle large volumes of customer data and transactions, ensuring organizations can accommodate growth without significant infrastructure investments.
• Application Programming Interfaces (APIs): Firms can leverage third-party CDD services via APIs, accessing specialized tools and databases for identity verification, risk assessment, and screening.

To ensure the best results, selecting reliable technology partners who offer high-quality risk data and adaptable platforms is important.

5. Calendarize regulatory deadlines and milestones

As a real estate business in the US, it is crucial to stay informed about the latest regulatory changes and key dates. Make sure to keep track of the filing deadlines for beneficial ownership information (BOI), which run from January 1, 2024, to January 1, 2025. Additionally, it is important to monitor updates from FinCEN regarding final rules on access, changes to CDD, and real estate reporting and recordkeeping. 

Firms can proactively manage compliance and financial crime risks by following these detailed best practices while meeting evolving regulatory demands.

The post CDD best practices for the US real estate sector appeared first on ComplyAdvantage.