Leveraging automation to meet the challenges of the proposed prepaid access regulation

The scope of anti-money laundering (AML) and suspicious activity tracking took another step with the June 28, 2010 release of the Notice of Proposed Rule Making (NPRM) from FinCEN regarding prepaid access. [i] Under the proposed regulations, there will be greater customer and transaction information record keeping requirements as well as potential suspicious activity reporting requirements not only for prepaid issuers, but also for the sellers of prepaid access cards. This NPRM effectively brings the world of prepaid under the AML regulatory umbrella, treating the sector much like other financial institutions that are subject to the Bank Secrecy Act (BSA).

“One of the current trends emerging in financial service is managing the AML risk rating process at account opening and throughout the customer lifecycle.”
-Debra Geister

While many issuers have already put certain components of AML programs into place, the new rules implement such parameters for the sellers of these instruments as well. Final requirements for customer information data gathering, know your customer, and the filing of Suspicious Activity Reports (SARs) will evolve and be shaped over the next few weeks as the comment period of this regulation plays out. [ii]

Regardless of the segment or line of business in financial services, the balancing act continues. One of the current trends emerging in financial services is managing the AML risk rating processes at account opening and throughout the customer lifecycle. With increased global scrutiny on AML, Foreign Corrupt Practices Act (FCPA) and other processes, financial institutions are finding previous methods of risk rating unworkable.  A priority for many financial institutions of all sizes is finding a systemic method of creating such ratings, moving from manual and subjective processes to automation - not only for time savings but for consistency across raters. Providers that can give AML officers the assurance that they can programmatically create dynamic risk ratings based on the risk policies and profiles of the organization are gaining more traction. 

Traditionally risk rating systems focused primarily on internal transactions; in other words, the behaviors and attributes of the client.  Refreshing risk rating exercises based upon external risk factors-typically found during initial due diligence-are often only triggered following client-initiated information changes.  The gap is obvious:  if someone does not want you to know about a change of address or new employment in a high risk industry, they certainly will not volunteer that information.

AML operations departments are now looking for other external risk factors to get both a clearer and broader view of risk that an entity brings to the organization, including discovery of risk factors not disclosed by the customer. Foreign political affiliations, political office, income source and other factors can help give the organization more information as to the true risk of money laundering, corruption or fraud. Creating a systemic method for this risk rating provides a number of advantages to the organization which could explain the sudden rise in activity and research on these kinds of solutions. 

Customer due diligence (CDD) and in particular risk rating processes have been subjective and relied heavily on human assessment to help define risk levels. In some cases, financial institutions had analysts that would sit in the back office and look at the factors on a system or spreadsheet and assign values. It could be a high, medium or low designation and for some it was a numeric scale that was manually fed into the transaction monitoring system. That rating, in turn, drove the level of due diligence that may be required by the customer as well as driving the amount of transaction monitoring and review that occurred. The challenge with the process is that it is time consuming, labor intensive and exposes the institution to risk. There are obvious opportunities for inconsistency in the ratings using this methodology that can open the organization to regulatory scrutiny. These issues can all be effectively managed and addressed with an automation system that allows a financial institution to remove subjectivity and manual process while effectively managing risk according to their policies.

There is another notable limitation to risk rating that relies on information provided by customers. A challenge exists in balancing customer service and providing a positive experience for the client without being overly invasive, yet gaining a clear picture of the risk to the institution.  According to their annual banking study, JD Power says that "Only 34 percent of customers surveyed said this year that they "definitely will not" switch banks in the next twelve months, compared with 46 percent in 2007." [iii] That makes balancing the satisfaction and service ratings against institutional risk imperative.  A systemic solution that can supplement internal data with external data can, in many cases, alleviate some of the challenges of intrusive questioning.  It can also help the organization discover unknown risk. For example, a customer may pass a Customer Information Program (CIP) assessment and be accepted quickly.  This will help expedite and streamline onboarding.  If that same customer is identified to have eight social security numbers and relatives that are suddenly added to a corruption watchlist, an automation system can escalate that kind of risk to the staff. By leveraging automation, the bank gains a valuable alert regarding a change in risk with minimal impact to the customer.

By utilizing outside information, these risk rating systems can be leveraged not only by the AML systems, but the Fraud Detection platforms as well. Multipurposing allows maximum ROI out of such a system.  Increasingly, financial institutions are recognizing the synergies between fraud detection and anti-money laundering. By taking a "loss prevention" attitude, it helps move the AML department out of a cost center status and maximizes transactional and operational efficiencies. By monitoring fraud attributes and triggers, transaction monitoring systems can really help prevent loss of risk as well as managing reputation risk.

Making an initial investment in a reliable automation product may save your institution from incurring much larger regulatory and reputational costs in the future. Besides the potential revenue drain caused by civil money penalties in the millions-such as those incurred by ABN Amro, Riggs, and AmSouth-an institution can also lose millions daily from damage done to its reputation.  For instance, a publicly announced cease and desist order can cause investors and customers to lose trust in an institution leading to funding withdrawals and business loss. In addition, according to a McKinsey Consulting study, a regulatory fine can have an immediate impact on a financial institutions stock value of an average 5.5%[iv].  And the long term cost climbs even higher over an average 18-month period after the fine event, the true cost of the event amounted to a staggering 12 times the actual fine amount[v]. 

Corrective actions typically mandated in enforcement actions can far outweigh the price of proactive compliance. A good example of this is the 'lookback', which has recently been a favored demand by regulators in cease and desist orders. These transactional reviews done by independent consulting firms can be a huge drain on a financial institution's budget, contributing significantly to the 12 times variable. This is what makes a regulatory fine one of the top five loss events for a financial institution.

Another regulatory operation that is moving into the AML domain is the Foreign Corruption Protection Act (FCPA). By utilizing watchlist management and some additional risk types and detection rules, many institutions can also monitor against corrupt activity and gain efficiencies from such a system as well as tying potential bribery activity back into the rating and monitoring systems. 

Foreign corruption and money laundering are very real threats to financial institutions today, and regulations designed to mitigate through prevention, detection and reporting continue to increase.   Regardless of whether you are new to these regulations, as the sellers of pre-paid access, or have been a subject for years, maximizing operational efficiencies and cutting costs has become critical in today's tough economic conditions. By making sure the tools and systems that you choose have the flexibility to allow you to manage risk levels and pull in other risk and compliance functions, you can definitely turn the investment into an effective risk management and operationally efficient solution for your entire business and make it a benefit to your customers.

[i] Federal Register, 31 CFR Part 103, http://edocket.access.gpo.gov/2010/pdf/2010-15194.pdf, (accessed June 28, 2010)

[ii] The comment period closes Wednesday, July 28, 2010.

[iii] JDPowers 2010 Retail Banking Study, http://www.jdpower.com/finance/articles/2010-Retail-Banking-Satisfaction-Study

[iv] Dunnett, Robert S., Levy, Cindy B., and Simoes, Antonio P., "Managing operational risk in banking", The McKinsey Quarterly, 2005 No. 1, pp 9 -11

[v] Ibid

Biography

Kristine Regele-Cechovic is the Senior Compliance Analyst, AML Compliance Solutions at LexisNexis Risk Solutions and specializes in data integrity through process control, data testing and analysis, and source identification and validation. Kristine is certified with the Association of Certified Anti-Money Laundering Specialists (ACAMS).