Financial crimes compliance has historically been solely the realm of banks and financial institutions. Sujata Dasgupta discusses how and why customers are taking a larger role in ensuring their own compliance.
Financial crimes compliance (FCC) in banks has traditionally been an internal function, spread across front, mid and back offices. Customers have never been involved in this function, unlike the other banking operations like deposits, loans, payments and so on. Whether branch banking or online/mobile banking, the FCC has been kept insulated from customers due to its serious and confidential nature.
The FCC is a non-revenue generating operation, but banks have been spending huge amounts on people, processes and technologies to remain compliant with all FCC obligations. The regulatory environment in this space having become extremely dynamic, banks are facing huge challenges in meeting those mandatory obligations, which essentially involves huge manual efforts. A lot of the technology spend we are witnessing in recent times in the compliance profession is aimed at addressing such challenges while also making the FCC process more effective.
Emergence of Customer-Driven Compliance
Banks globally have been adopting digital innovations in a big way across almost all lines of businesses. The FCC has also been witnessing this disruption with machine learning, analytics, robotics, NLP (natural language processing) and so on slowly expanding their footprints into compliance. This development is slowly enabling the movement of the FCC from being a solely bank-driven function to one where customer collaboration is integrated for certain compliance activities.
Individual Customers to Conduct Their Own KYC
Millennial customers rarely need to visit bank branches to open an account. Online account opening has been in operation for close to a decade now. However, the customer information and document scans submitted during the process still have to go through manual review and matching in the bank to ensure authenticity. Back-end data entry by bank analysts and the rest of the KYC (know your customer) process would then follow.
The last couple of years has seen the advent of sophisticated ID&V (identification and verification) systems, which use new-age digital technologies, often embedded in mobile banking apps, to conduct customer identification and verification. Facial recognition and liveliness checks, triggered by prospective customers on their mobile apps, help to authenticate the customer ID. Documents can be scanned through the app, where NLP-based document verification and forensic tests help to authenticate documents, including checks for forgery and counterfeit. Cognitive automation and risk-based decisioning algorithms are then used to complete the rest of the processing, eradicating the need for manual data entry or verification in the bank.
Corporate Customers to Maintain Their List of Beneficial Owners in a Central Register
The European Union’s (EU) 4th AML Directive adopted in 2015 introduced a new requirement – that all member States should set up a central register of beneficial owners for corporate entities within their jurisdiction to maintain their beneficial ownership details centrally.
Close to 50 percent of the member states have implemented it so far, and others are in the process. This makes it imperative for corporate customers in the EU to keep this register updated with their list of beneficial owners rather than for the banks to follow up and maintain the same from their back end. And based on the lessons learned from Honduras’ blockchain-based land registry, the beneficial owners registry could also move to blockchain very soon. While this is an EU initiative currently and the U.K. has implemented it as well, the immense value this new mechanism brings may also drive other jurisdictions globally to follow suit!
Customer Biometrics to Be Used for Fraud Prevention
With most banks having taken the digital plunge, banking has turned multi-channel – from branches to online, mobile and social channels. But these digital channels are fraught with threats of online fraud, which by far accounts for the largest percentage of bank fraud. The two-factor authentication being used so far for making online transactions, supported by two pillars – what a customer has (a card or a token) and what he knows (password or secret questions) – has not been able to eradicate online fraud.
Fraudsters who are lurking on the web can always steal information about cards, tokens and passwords. A bank has no way to identify whether a real customer or a fraudster is using such information when an online transaction is being executed. This gave birth to multi-factor authentication, introducing a third pillar: what is inherent in a customer (e.g., fingerprint, face or iris scan, voice or keyboard dynamics). Such inherent customer biometrics can be very difficult to steal or replicate and can help prevent online bank frauds.
Customers to Provide Granular Transaction Details for KYT (Know Your Transaction)
Transactions form the input data used to monitor customer activity and behavior for money laundering, fraud and other financial crimes that have been growing phenomenally in recent years. KYT is emerging as an endeavor to bring greater rigor and granularity to the transactions data transmitted for compliance processing. With the implementation of the new messaging standard, ISO 20022, KYT is set to get a substantial impetus.
ISO 20022 requires capture of a lot of granular payment information and, in some cases, also requires relevant documents to be attached. SWIFT, the most commonly used global payment messaging network, is moving from MT to MX message types to incorporate these standards. SEPA (Single European Payment Area) is embracing this standard as well.
A lot of this additional payment data (and documents in some cases) will have to be provided up front by the customer while initiating payments. This would reduce the bank’s burden of looking for delta information about the transaction and contacting the customer for the same after a payment has been initiated as part of KYT.
Financial institutions are constantly working toward enriching customer experience and services provided on one hand and enabling customers in complying with regulatory obligations on the other hand in an attempt toward prevention and early detection of financial crimes. This shift has been slow, yet steady, as the banking fraternity have started adopting the above and several other measures to engage customers in the first line of defense. The fight against financial crime begins here!
Sujata Dasgupta is the Global Head of the Financial Crimes Compliance Advisory Services at Tata Consultancy Services Ltd. and is based out of Stockholm, Sweden. She is an experienced industry consultant in banking risk and compliance (R&C), with a demonstrated history of working in banking, IT services and consulting, having worked for global banking clients in all major financial hubs, viz. New York, London, Singapore, Hong Kong, Frankfurt and now Stockholm. She also authors articles on risk and compliance in international banking R&C journals. Sujata can be reached on LinkedIn at 
