AML Compliance: Spotlight on Nordic Banks

The Changing Landscape

As AML regulations are getting more stringent globally, criminals are focusing on using countries with lowest risk categorizations and intermediary banks with high credibility to launder money. The latest victims of this crime are the Nordic banks, which were until recently among the safest and most stable banks in the world. In this article, Sujata Dasgupta explores what these banks are doing and the additional measures needed to restore them to their former glory.

Introduction

During 2017, Commonwealth Bank of Australia (CBA) was charged by Australian Regulator Austrac with more than 53,700 compliance breaches – a rude shock to the entire banking fraternity worldwide! It was not just the enormity of the breaches that raised several questions about the effectiveness of the three lines of defense in compliance at CBA, but also that the lapses had gone unnoticed, as they occurred continuously for five years.

The same year, U.K.’s Business Insider reported that three of the Nordic countries (Sweden, Norway and Finland) were among the 10 countries having the safest banks, with Finland in the top spot! A year later, in 2018, a couple of banks in Scandinavia – Denmark’s Danske Bank and Finland-headquartered Nordea Bank – were charged with serious anti-money laundering (AML) violations, investigations on which are currently underway, that have shaken up this region which had not seen such crimes in the past!

Nordic Banks: The New Target of Financial Criminals

As regulations are getting more stringent globally around AML and financial crimes compliance, both banks and criminals are trying to strengthen their systems and processes in an attempt to outsmart each other. Criminals are now focusing on using countries with lowest risk categorizations and intermediary banks with high credibility to launder money, as there are minimal chances of getting caught in AML screening and generating alerts for suspicious behavior.

The Nordic region, comprised of five countries (Norway, Sweden, Denmark, Finland and Iceland), has always had a superior track record in the financial world, with high stability and very few instances of criminal activity. Even while the global banking fraternity was going through technological and operational process transformations in the aftermath of 2008 financial crisis, the Nordic banks stood strong and relatively unaffected. Probably this operational stability has been one of the chief reasons banks in this region have not aggressively looked at changing their own system landscape, including the compliance systems, which have undergone quantum changes globally in the last decade. And as financial criminals lurking out there saw this as an opportunity, they started using the banks in this region as their potential target for laundering money.

AML Compliance Landscape in the Nordic Banks

Almost all the Nordic banks originated close to 150 years ago, or even earlier. After several mergers, acquisitions and other structural and organic integrations, the banks stand as they are today – thriving in their proud legacies. This is one of the reasons these banks are at the same time grappling with issues like disparate legacy systems across business lines, unsophisticated and siloed data management systems and complicated customizations added over the years. Their AML compliance platforms are no exception, and these are facing serious challenges, including:

• Lack of enterprise-wide 360-degree customer view
• High volume of false positive alerts, with slippages in true positives
• Huge manual effort in compliance functions, like alert triaging and disposition, customer due diligence (CDD) and others
• Low quality of data around customers, accounts, transactions and related parties
• Noncompatibility for integrating structured and unstructured data, which has become essential in recent times for network analytics to generate early warning signals for suspicious activity

Overcoming Challenges: How Nordic Banks are Strengthening Compliance

The major Nordic banks (e.g. Nordea, Handelsbanken, SEB, Danske and DNB) are investing heavily in improving their financial crimes prevention and compliance systems, processes and control mechanisms. From upgrading legacy compliance systems to adopting risk-based approaches for customer classification and review, enterprise investigation and case management and collaboration for information sharing, the banks have been using a multipronged approach to prevent and detect money laundering. Some of the initiatives undertaken by Nordic banks in this vein include:

• Collaboration on customer data – The banks are collaborating on strengthening AML in the region through initiatives like formation of a shared know your customer (KYC) utility for a single point of customer onboarding and sharing customer information. They are also working on creating standard KYC processes and forms for improving customer data quality, which is currently a pain point in most banks.
• Adoption of goAML for standardised FIU reporting – Sweden, Finland and Denmark have signed agreements with UNODC (United Nations Office on Drugs and Crime) for deploying the latter’s software, called “goAML,” a step toward standardising AML reporting to the respective FIUs (Financial Intelligence Units). Most banks in these countries have initiated implementation of goAML.
• Central register of beneficial ownership – The European Union’s 4^th AML Directive, adopted in 2015, introduced a new requirement: that all member states should set up a central register of beneficial owners for corporate entities within their jurisdiction to maintain their beneficial ownership details centrally. The implementation deadline was June 2017. While the current implementation status shows close to 50 percent of the EU member states have failed to meet this deadline, the Nordics is again leading in this initiative. Three of five Nordic countries (Denmark, Sweden and Finland) have already implemented, while Norway proposed a framework for such a register to its Parliament earlier this year.

Leveraging Digital Innovations in AML Compliance: The Road Ahead for Nordic Banks

As systemic challenges in AML compliance in the Nordics have come into the spotlight recently, several banks here have stepped up measures to strengthen their AML landscape across all three pillars: systems, people and processes. The below initiatives, which are now being adopted globally, are just some of the ways banks are leveraging digital innovations to combat financial crimes.

• Risk-based approach to CDD and AML – Banks have generally taken a rule-based approach in the AML compliance function, which criminals can now manipulate to launder money. Upgrading to a risk-based approach would enable banks to risk-rate customers dynamically based on their transactions and account behavior in near real-time and review them more frequently if alerted based on risk rating changes. Risk scoring of transactions – in isolation as well as aggregated at the customer level – can aid in prioritizing alert investigations as well as assigning proportionate effort for their disposition (e., more and urgent effort for higher-risk transactions).
• Entity resolution for single customer view – Banks can leverage sophisticated analytics-based solutions to identify multiple profiles of a single customer without having to overhaul any of their legacy systems, which hold the siloed customer data, thus getting a single view. This approach is being increasingly used for identity resolution to aid in enterprise-wide transaction monitoring and alert investigation for AML and anti-fraud.
• Analytics for detection and investigation of suspicious activity – Complex, hidden relationships between entities engaging in money laundering can be unearthed by sophisticated analytics that is now earning recognition as network and linkage analysis. Some analytics platforms integrate the bank’s structured and unstructured data – including mails and chats – with data from external sources, including social media, to unearth suspicious networks, which can then be red flagged by the bank and subjected to greater scrutiny for detecting financial crimes.
• AI to reduce false positives – Machine-learning-based alert generation solutions are enabling discovery of suspicious behavior, and detection of outliers even when they do not breach any defined suspicious scenarios – something rule-based platforms are incapable of. Some banks are also using artificial intelligence (AI) tools for automatically hibernating false alerts generated by the rule-based systems based on dynamic rules created by the AI algorithm.
• RPA for speedier processing of rule-based AML functions – A large part of AML functions are manual and, thus, error-prone. Robotic process automation (RPA) is now being used in several areas like KYC, screening and transaction alert triaging. While RPA can be used to complete cumbersome, repetitive tasks in a fraction of the time taken by humans, manual analysts can focus on in-depth investigation and analysis of suspicious cases.

While some banks are ahead in this journey, others need to take strategic measures to future-proof their compliance systems and policies. This is imperative to meet dynamic regulatory obligations as well as to prevent and detect increasingly sophisticated financial crimes.