ACFCS Lessons Learned: Compliance convergence to continue, training must extend to frontline
Friday, January 12, 2018
Posted by: Brian Monroe
By Brian Monroe
January 11, 2018
As ACFCS looks ahead to 2018, we are querying experts across the spectrum of financial crime compliance, investigations and technologies to find out what they believe were the key trends in 2017 and what financial institutions and corporations should be ready for this year.
We asked these questions to Sujata Dasgupta, the practice lead in financial crimes compliance at Tata Consultancy Services in Bangalore, India. The Mumbai-based company consults on several areas, including information technology, compliance and business operations.
She believes that in order to better counter the next generation of financial crime, banks must take a holistic approach to creating anti-money laundering (AML) programs, weaving together fraud and cybersecurity – convergence.
That is a stratagem backed by global watchdog groups and countries including the United States, Europe and the United Kingdom.
But that expansive, nuanced and detailed training shouldn’t be limited to just those in dedicated compliance functions. They need to be spread to every part of the bank, from tellers to top management, business lines to the boardroom.
The reason, she said, is that the “first line of defense in a bank must be equipped to identify a suspicious transaction at the initial stages, so that the cost of detection and investigation at later stages can be minimized.”
Dasgupta was kind enough to share her thoughts and insight with ACFCS Director of Content, Brian Monroe. Here is an edited transcript of that conversation.
1. What do you think were the biggest financial crime trends in 2017 and why?
a. Paradise papers leak, revealing hidden funds and tax evasion by the world’s elite through offshore investments in tax havens.
b. Cybercrimes through ransomware attacks like WannaCry and Petya. The spread of WannaCry was stemmed only after losses to the tune of 52 Bitcoins (equivalent to at the time roughly $130,000). But Petya caused significant losses to affected corporates due to system outages and disruptions in operations.
c. Breaches in AML regulations by Commonwealth Bank of Australia (CBA) were unearthed by Austrac, the Australian financial crimes regulator. The bank has been charged with 53,700 instances of AML/CTF breaches during the last five years, including failures in submitting suspicious matter reports (SMR), and non-adherence to risk assessment requirements.
d. Data breach incidents surfaced in UniCredit Bank, resulting in the theft of customer data and International Bank Account Numbers (IBANs), which cannot be used to carry out transactions, but can expose such customers to phishing attacks.
2. How did the industry respond to those vulnerabilities, regulatory focal points or criminal tactics?
a. The European Union (EU) has published a tax havens blacklist last month, to identify locations where the rich park their funds to evade taxes. In the initiative, 17 countries have been named, however, no sanctions have been applied to the countries in this list, which makes this ineffective in countering financial crimes.
b. As well, in 2017, Australian regulator Austrac filed charges on CBA for AML lapses, the penalty of which could go up to $1 trillion, if the bank is found guilty. While CBA has defended that most of the breaches were on account of a software problem, the bank has simultaneously put in place some stringent transaction rules and thresholds to plug any further money laundering incidents. They are also aggressively working on upgrading their AML platforms to make them more robust.
3. What else do you think financial crime compliance professionals, regulators and FIs should be doing to better detect and prevent financial crime?
a. Implementation of the tax haven blacklist with sanctions imposed, as part of know your customer (KYC) and transaction monitoring, should be mandated by Regulators to block tax evasion.
b. Banks and Regulators should also explore the formalization of blockchain-based payments globally, given its superior security and distributed ledger format. While Honduras is implementing a blockchain-based land registry, which can prevent mortgage frauds, the State Bank of India (SBI) along with a consortium of banks in India have launched Clear Chain – a blockchain powered, shared KYC and AML registry for sharing intelligence on financial crimes as well as mutualizing costs of compliance.
c. Banks across the globe are looking at new age technologies to tackle the menace of rapidly rising financial crimes, which are also getting more sophisticated. Digital solutions are being considered by banks’ Compliance offices, e.g. Machine Learning-based pattern and anomaly detection, Analytics-based hidden linkage detection for suspicious behavior, dynamic risk profiling of customers, using social media and other sources of unstructured data for gathering early warning signals of impending financial crimes and so on.
4. What do you think will be the big issues to tackle in 2018?
a. Some major regulations in the KYC and AML space will come into effect in 2018, e.g. FinCEN’s new customer due diligence (CDD), also called the beneficial ownership rule, and the New York Department of Financial Services’ (NYDFS) Part 504 in U.S., and the General Data Protection Regulation (GDPR) in EU. While some banks are on track, many others are trailing in the implementation of systems and process changes relating to these new regulations.
b. Cybercrime prevention remains a top agenda item for banks, as digitization has opened up multiple channels like mobile banking, which are highly susceptible to cybercrimes.
5. Lastly, do you have any tips to help banks maximize resources and better keep their teams strong in a time of tight budgets?
a. Financial institutions must consider a holistic approach to financial crimes detection, e.g. unified trade and communications surveillance, integrating FRAML (fraud and AML) with cybersecurity and so on, a movement that would go against the current practice of siloed monitoring and investigation systems prevalent now.
b. Upskilling people with knowledge required to work on next-gen digital technologies, and training them on the new regulations from an operational point of view are also necessary. The first line of defense in a bank must be equipped to identify a suspicious transaction at the initial stages, so that the cost of detection and investigation at later stages can be minimized.
About the expert:
She is an experienced Industry Consultant in Banking Risk and Compliance (R&C), with a demonstrated history of working in Banking, IT services and consulting.
Dasgupta is currently leading RegTech solutions, alliances and client programs in the area of Financial Crimes Compliance tower within the BFS Risk & Compliance Practice at Tata Consultancy Services Ltd., Bangalore, India.
She is also a subject matter expert in R&C, specializing in Financial Crimes Compliance covering KYC, AML, Fraud control and Regulatory Compliance.
Dasgupta also has worked for premier international banks globally, in major financial hubs like New York, London, Singapore, Hong Kong, Frankfurt, on large regulatory transformation programs, leading teams on KYC/CDD, AML, and regulatoryreporting engagements.
She is also the author of various published thought papers.