George wishes to thank Thomas Messina for his contributions to this month's column. Thomas is a manager in PricewaterhouseCoopers' Technology and Data Services Practice, focusing on anti-money laundering technology strategies and the data management policies and procedures that help make them effective.
Across global capital markets, public and private members of the international banking community are spending millions to meet increasingly stringent "know your customer" (KYC) regulations and anti-money laundering (AML) requirements.
And for good reason. Spurred by terrorist events and driven by new regulations such as the USA Patriot Act and the Financial Action Task Force's 40 Recommendations, the compliance agenda for most companies is rapidly shifting from a discretionary commitment to a mandated one.
It's actually as much about good business practices as it is about compliance. After all, a poor regulatory compliance review can result in impacts to profitability or to liquidity through withdrawal of funds. Other possible consequences include termination of correspondent banking facilities, investigation costs and fines, asset seizures, loan losses and stock value declines.
What many companies have still to discover, however, is that there's a problem that tends to go unnoticed until it's too late. In the crucial gap between these AML strategies and their execution, there's a quiet crisis in data management that is elevating the same risks these AML strategies are intended to mitigate.
The Data Quality Issues
The sobering truth is that poor data quality and data integration issues are often to blame for ineffective KYC or AML programs. And by the time the regulators have arrived, or criminal elements have laundered illegal gains, the damage has already been done.
Why is this happening to so many institutions? Because instead of being accorded a priority status as one of the most fundamental components of any KYC or AML program, data quality tends to be treated as a byproduct of business processes such as account opening, transaction processing and tax reporting.
These processes rarely share common goals, priorities or owners. Isolated solutions are put in place with little regard for the enterprise. Without effective data management disciplines in place, human and system errors, poor control environments and security flaws begin to take their toll.
A Quick Checklist
Are data quality problems undermining your KYC and AML systems? It might help, at this point, to ask yourself and your team several questions such as the following:
- Are you having difficulty risk-rating your customers due to limited amounts of available data?
- Have you discovered that customer information resides in different systems or is inconsistent across systems?
- Does your staff rely on a variety of sources for customer information, and, if so, do they have different reliability or "trust" levels for each system?
- Whether AML vendor packages are in place or not, are less automated solutions such as spreadsheets being used to perform suspicious activity monitoring?
Finding Smoke, But Overlooking the Fire
Don't be content just to ask these questions - gear up to take action. Shouldn't this course be obvious? However, even when symptoms of poor data management practices begin to surface, companies still hesitate to address the problems.
Some managers point to AML systems already in place and read too much into isolated pockets of evidence that suggest these systems are working effectively. Others mistakenly believe that customer information profiles (CIPs) are equivalent substitutes for a KYC program or that spreadsheet solutions can be leveraged as effective databases and analytical tools. And some simply believe, often with expensive consequences, that any benefits of remediating KYC data quality and integration problems are outweighed by the costs.
The Rewards of a Proactive Approach
At a minimum, good governance almost always pays for itself. However, there are other clear benefits of a proactive approach to addressing data quality and data integration issues in an AML system.
For example, integrating a comprehensive, framework-driven approach to customer, account and transaction data can help realize the full potential of a customer relationship management (CRM) system. Also, consolidating the duplicate account opening processes that normally exist within banks can generate clear process improvements. At the same time, increasing the effectiveness of an automated AML system can stimulate related gains in the efficiency and effectiveness of the enterprise's broader compliance program.
Remediate the Weaknesses in KYC and AML Systems
Companies concerned about these issues should take the following steps:
Define and prioritize your KYC data quality requirements. Working closely with regulatory experts in anti-money laundering compliance and data management, determine exactly what your requirements are. This is the foundation of an effective enterprise-wide remediation program.
Include the right executives at the table. Plan on benchmarking data quality by consensus, especially for the critical KYC data fields necessary to detect unusual transactions, identify and risk-rate customers, and prevent financial crime. Get participation from key personnel in compliance, operations, IT and the front office, and expect each of these to have a different view on the data elements that matter.
Profile your data needs and conduct a root cause analysis. These tasks will help you develop an accurate understanding of your current situation and your desired state, as well as important characteristics that define the capability gaps that separate them.
Remediate. This is a delicate and sensitive process. Consider the impact this effort will have on other business areas and processes, and proceed in accordance with the order of priority and number of dependencies.
Sustain data quality over time. Once the data has been cleansed and integrated, develop sustaining measures to ensure that data quality continues to meet or exceed required levels over time. These measures should include data monitoring programs, development of appropriate policies and procedures, and control implementations for all key systems.
Establish accountability. Assign responsibility to the producers, consumers, and custodians of KYC data. Also, designate data stewards that must assume day-to-day responsibilities for KYC data quality and integration.
In summary, don't underestimate the crucial roles that data quality and data integration play in making KYC and AML strategies work or how attractive the benefits are when a proactive response is engaged quickly and comprehensively. Smoke noticed. Fire found. Action taken. Quiet crisis resolved.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access