The practical challenges of sanctions and KYC screening in the Insurance Sector: How to set up an Effective and Efficient Solution Jason Jones, ICSR Tom Devlin, KYC Global Technologies
Reasons for AML failure • Reliance on traditional AML model • Poor governance • Human factors • Defective screening • Failure to meet the ‘Data Challenge ’ jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
‘Traditional Model’ of Money Laundering • Traditional model flows from origins in anti- drugs legislation • Linear: ‘dirty’ money made ‘clean’: Deposit $ Crime Move $ $ used into the generates around + legitimately: buy $ transact assets / spend system ‘Placement’ ‘Layering’ ‘Integration’ jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Language used by regulators FINCEN FATF “First, the illegitimate funds are “The launderer introduces his furtively introduced into the illegal profits into the financial legitimate financial system.” system.” “Then, the money is moved “In this phase, the launderer around to create confusion.” engages in a series of conversions or movements to distance them from their source.” “Finally, it is integrated into the “Having successfully processed…the first two phases, financial system through additional transactions until the ‘dirty money’ the launderer moves them to the appears ‘clean.’” third stage in which the funds re- enter the legitimate economy.” jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Drawbacks of the traditional model • Emphasis on cash / bank accounts • Suggests money is ‘dirty’ to start with and needs to be ‘placed’ into legit. system • Emphasis on ‘laundering’ / active movement of funds: • Layering & integration often indistinct • Best suited to ‘simpler’ criminality jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
A new model: Criminal Disconnect(s) Disconnect(s) Benefit Crime (property) Disconnect(s) jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
‘Enable, distance, disguise’ Criminal Enable Disguise Benefit Crime (property) Distance jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Summary: a new model • Away from three stages of ‘placement, layering, integration’ • Focus instead on ‘enable, distance, disguise’ • Remember the most effective question you can ask: ‘Why?’ jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Obligations and responsibilities • ML regulations don’t apply to general insurance • FCA & Lloyd’s expectations • Proceeds of Crime Act, Terrorism Acts, Bribery Act • Sanctions Cover- Local Local London RI Insured holder Insurer Reinsurer broker insurer broker broker / MGA TITLE TEXT Banks Processing and settlement bureaux jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Screening as part of a risk-based approach Risk Scope Screening Alerting Reporting assessment Ensure Identify the Identify who Match matches are risks inherent Report and what to relevant investigated in the internally and screen policy and and business and externally as against which payment data appropriate customers/ required lists to lists action is transactions taken Policies, procedures, awareness, training, due diligence, contractual protections, monitoring, continuous improvement jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Key screening challenges • Often only minimal client data entered into the database • Abbreviations, truncations, misspellings, inconsistency • Lack of secondary identifiers - date of birth, gender, company registration number • Lack of information on connected parties - beneficial owners, board members, subsidiaries, affiliates, family members, close associates jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Key screening challenges • Additional insureds and/or underlying insureds often not recorded • Missing relevant watch lists • Out of date watch lists • Identifying current vs. historical sanctions jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Key screening challenges • Screening often occurs after client acceptance • Cumbersome transfer of client data to screening system • Data protection concerns exporting client data outside firewall • Resource constraints for reviewing matches jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Defective Screening • ‘Siloed’ screening • Inability to apply the Risk Based Approach • False Positives – signal drowned by noise • Management Information – too little, too late jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Consequences • Failure to socialise compliance • Compulsory one size fits all approach • Needles likely to be missed in haystacks • Inability to conduct dynamic screening and to be sure of catching critical alerts jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
The Data Challenge • Inconsistent onboarding • Disjointed, regional approach to client lifecycle management • Data not live, dynamic or easy to mine • Monitor reactively not in real time jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Consequences • Fallible decisions that are difficult to justify in hindsight • Disproportionate compliance effort spent on finding, analysing and reporting data, instead of problem solving • Massive wasted cost • Defective BRAs • Governance failings jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Critical Data - Alerts • Can you be alerted in real time to: – An attempt to onboard a PEP without following the correct procedure? – KYC deficiencies across a jurisdiction, product or service line? – Failure of staff to respond to red flags? – Suspicious account/relationship activity? jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Critical Data - Reporting • Can you accurately and quickly report on the following: - How a single customer or a group of customers or entire products/client books have risk trended over the past 12 months? - All relationships with KYC deficiencies? - Comparison of customer risk rating against revenue? - Relationship with any customer data nexus to a newly sanctioned country? jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
New Technology jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Takeaways • AML failure is a choice • Poor data = Poor compliance = Poor governance = Culpability • Screening is something we all have to do • Technology exists to make it painless • Empower your first line of defence with screening technology to socialise compliance and create efficiencies • It is possible to optimise AML compliance with less jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Contact Details Jason Jones Director ICSR Jason.jones@icsr.co.uk Tom Devlin Senior Regulatory Adviser KYC Global Technologies tomdevlin@kycglobal.com jason.jones@icsr.co.uk tomdevlin@kycglobal.com www.icsr.co.uk riskscreen.com
Recommend
More recommend