The growing "Panama Papers" scandal regarding the disclosures from Mossack Fonseca highlights the difficulty that financial institutions face in ensuring that their anti-money laundering (AML) programs obtain sufficient customer transparency.
The seriousness of this development, and the inevitable regulatory backlash that will result, should cause banks to "kick the tires" on their AML programs in a number of ways.
One is to reconsider the degree to which they adhere to best industry practices regarding obtaining information on beneficial ownership (a concept that includes both legal ownership and effective control).
The challenges in this area are great, and include the difficulty of “looking through” layers of legal ownership—particularly for entities such as shell companies, trusts, partnerships, and special purpose vehicles—as well as the need to consider ownership and control changes globally, and to keep pace with the enormous number of such changes.
But the Mossack Fonseca news will only heighten already existing concerns regarding beneficial ownership that already have taken centre stage in the compliance world, and have led to the Financial Crimes Enforcement Network’s (FinCEN) proposed guidance in this area.
As Financial Action Task Force (FATF) has stated, knowing beneficial ownership allows banks to better judge whether a corporate client is a money laundering risk, and enables law enforcement to more easily “follow the money.”
Historically, compliance officers have implemented procedures that require navigating through a multitude of corporate registries, internet pages, mergers and acquisition data, and public databases (such as the US Securities and Exchange Commission’s EDGAR).
While they may appear comprehensive, these time-consuming searches often prove to be unproductive. Banks need to continue to up their game in this area. Customers, especially those rated high risk, should be required to periodically provide meaningful information about changes in beneficial ownership.
Moreover, as customer-provided information can be unreliable (or deliberately falsified), banks also should consider increasingly targeted and automated searches using the most advanced solutions for comprehensively scouring and analyzing country registries, enforcement lists, and intelligence-servicebased databases that may not be public.
Managing data appropriately
Obtaining information is only part of the process. The data must then be managed appropriately.
Banks, particularly larger ones, need to address issues related to AML data warehousing, accessibility, and quality (i.e., ensuring integrity and completeness and avoiding duplication); their ability to transform data into actionable information; and problems in tying together disparate data bases, such as those for Know Your Customer (KYC) requirements versus sanctions screening.
Regulators expect banks to harness all the knowledge they have about their customers, but banks often have data trapped in unrelated applications and technology silos.
One way to provide more effective management KYC information is through a utility model where multiple financial institutions share a service.
This is an area where digital tools and platforms can make a huge impact. For example kyc.com, a joint venture by Genpact and Markit that together offer a robust set of compliance, tax, data validation, and reference data services that are relied upon by more than 1,500 buyside firms, 7,000 corporations, and 80 banks.
By standardizing and centralizing the collection, validation, and management of KYC information, such a shared service helps banks benefit from high quality client data and an optimized compliance process that reduces operational risk and lowers costs, and in the long run also provides greater transparency to the industry as a whole.
Managing third-party relationships
The Mossack Fonseca news also highlights the need for institutions to focus on knowing more about their customers’ customers in certain highrisk situations, as well as manage key third-party relationships, particularly with off-shore companies.
Moreover, banks that use payment processors must ensure that they can monitor and understand the nature and source of the transactions processed through accounts established for payment processors, and that the processors have an effective customer-approval program.
The Panama Papers scandal should cause banks, particularly global ones, to reconsider whether a lack of sufficient transparency regarding their customers might lead them to violate the US. Treasury Department’s Office of Foreign Assets Control (OFAC) and other global sanctions screening requirements, particularly rules that challenge their knowledge of customers’ ownership structures, such as the Russia-Ukraine sanctions.
Finally, financial institutions should ensure that they have sound processes for handling the potentially huge reputational and regulatory harm that getting swept up in these developments may cause.
For example, several banks have been mentioned publicly as being closely connected with Mossack Fonseca. In such cases, whether or not they actually did something wrong or negligent becomes almost irrelevant.
The Panama Papers scandal provides a wake-up call for financial institutions to take a closer look at their AML risk management procedures as a whole. Assuring effective robust data management and effective due diligence, including considering a shared service model for KYC management and compliance, not only helps banks improve their own processes but also can improve transparency for the industry as a whole.
This point of view was co-authored by Manish Chopra, Senior Vice President and Global Risk Leader at Genpact, and Jeffrey Ingber, a consultant at Genpact’s anti-money laundering (AML) practice and a former Senior Vice President at the Federal Reserve Bank of New York. The article was published in TechCityNews.com at http://techcitynews.com/2016/04/22/why-banks-need-to-strengthen-amlprograms-in-wake-of-panama-papers-scandal/
For more information, contact, firstname.lastname@example.org and visit, genpact.com/what-we-do/business-services/enterprise-risk-compliance/third-party-risk-management