Industry & Solution Use Cases Financial Crime

4. Perspective: Addressing SEC-Identified AML Program Deficiencies at Broker-Dealers

Recent Publication

In late July 2023, the U.S. Securities and Exchange Commission (SEC) Division of Examinations published a Risk Alert entitled, “OBSERVATIONS FROM ANTI-MONEY LAUNDERING COMPLIANCE EXAMINATIONS OF BROKER-DEALERS”1.

The Risk Alert identified AML compliance shortcomings identified during recent broker-dealer examinations. These deficiencies were categorized by the SEC in three areas: i) Independent Testing and Training; ii) the Customer Identification Program (CIP) rule; and iii) Customer Due Diligence and Beneficial Ownership.

The themes highlighted by this analysis point to:

a lack of integration of internal and external data for a holistic understanding of customer risk and to resolve data discrepancies caused by inaccurate data provided by or otherwise on record for a client
gaps in information used to create and maintain customer risk profiles
deficiencies in the execution of enhanced due diligence
ineffective ongoing due diligence, including client activity monitoring and identification of client data changes, both of which may impact the broker-dealer’s view of the client’s risk profile.

While noted by a U.S. regulator, these themes are consistent globally across broker-dealers.

What can be done about these gaps? Using advanced technology solutions like Quantexa, broker-dealers can create and maintain a 360° view of their clients using internal and external data, supporting robust due diligence and providing accurate and timely information to maintain up-to-date profiles and an informed view of client risk.

Exploring the Meaning of a 360° Client View – context, context, context

Data is essential to truly knowing your customer. However, while most financial services firms collect a wealth of information about individual customers, most are challenged to effectively leverage that data to create a single internal view of their client across divisions. And while connecting internal data silos is certainly a sizeable enough challenge, using internal data alone is insufficient for a Financial Institution (‘FI’) to truly know its customer or client. Why? Lack of context.

Context comes from connecting internal – and – external data into a holistic, 360°’ view of a client.

Data can be a headache and challenge – or it can be transformed into an essential asset

What is a 360° view? This approach creates insights about clients by leveraging internal data sources and third-party data sources likely already in use in your organization to create a single view of the client. Intelligence derived about a client grows exponentially by looking at the network of direct and indirect connections, historical and current relationships.

Clients naturally establish numerous relationships with individuals and other entities based on ownership, mergers and acquisitions, transactional behavior, business growth, counterparty and intermediary relationships, etc. Each of the connections inherently contain a wealth of additional information and insights just waiting to be leveraged, such as:

• address history • phone numbers • negative news • stock tickers • directly/indirectly related persons • ownership structures • IP addresses • licenses and registrations • jurisdictional exposure • currency patterns

Overcoming gaps in data is frequently a challenge to creating this holistic view. Using sophisticated Entity Resolution, connections across internal and external datasets can be identified where historical matching techniques have failed. Quantexa is the leading Entity Resolution provider, with unmatched capabilities for accuracy.

Connecting data across numerous disparate datasets into a customer-centric network, provides insights about your clients’ relationships and transactional history, identifying direct and hidden relationships that tell a visual story about:

WHO – Is data consistent with what your client told you about their business/history and risk exposure?
WHO ELSE – Is your client directly or indirectly connected to entities or jurisdictions that have heightened risk?
WHAT – Do transaction patterns reconcile with expected behavior? Are transactions consistent with the type of business and other disclosed information?
WHERE – Are counterparties, intermediaries and beneficiaries located in jurisdictions of concern and/or in locations consistent with their business model?

KYC: Customer Due Diligence (CDD), Enhanced Due Diligence (EDD) and Beneficial Ownership

As outlined by the Financial Crimes Enforcement Network (FinCEN), a department of the U.S. Treasury, core requirements related to the Customer Due Diligence (CDD) Rule include:

Identify and verify the identity of customers and beneficial owners of companies opening accounts
Understand the nature and purpose of customer relationships to develop customer risk profiles2

Practically speaking, many FI’s refer to these processes as KYC, although true KYC can and should go well beyond just the AML aspects of ‘knowing a customer.’ Regardless, the term is often synonymous with AML-related execution.

Quantexa’s market leading software uses Entity Resolution, Network Analytics and AI models to create a single view of a customer, its connected parties and ultimate controllers from internal and external sources to help analysts perform complex due diligence investigations, looking at holistic risks and behaviors more efficiently and effectively.

Onboarding and Customer Due Diligence

Many firms leverage Client Lifecycle Management (CLM) software to manage the complex operational processes necessary for onboarding, due diligence and ongoing client profile management. Using Quantexa, FI’s can connect to an existing CLM to better understand prospects before fully onboarding a customer. Benefits include the ability to:

Identify current exposure to a prospect within the financial institution (direct or indirect)
Pre-populate KYC profiles to reduce analyst and customer efforts
Execute a high-level pre-assessment of the risk profile
Integrate with upstream systems to consolidate additional information collected during onboarding and enrich with third-party tools

Enhanced Due Diligence

Enhanced Due Diligence is the process of performing additional risk investigation on customers presenting a high level of risks. Some customers require enhanced due diligence (EDD) efforts due to the nature of the business they operate and/or the products that they utilize with your Financial Institution. EDD can be a resource-intensive exercise where analysts may execute a series of manual data searches across different data sources and collect additional documentation to inform the firm’s view of the customer risk profile.

Quantexa enables FI’s to quickly perform thorough investigations on high-risk customers. We unravel complex relationships in ownership and control structures, as well as counterparty behavior. We centrally and automatically build an enriched customer picture from internal and external data sources including ownership, corporate structures, product usage and transactional history, AML transaction monitoring and investigative findings, sanctions exposures, negative news or watchlist connections and third-party relationships.

Client Risk Rating (CRR) via Network Risk Scoring

Traditionally, customer risk scoring has been largely based on initial customer attributes, such as entity type, country of operations, politically exposed person (PEP) involvement and sanctions risks. None of these factors are particularly effective at predicting true client financial crimes risk to the institution.

Quantexa enables firms to move away from traditional customer risk assessment to assess relationship, behavioral and counterparty risks in a more effective manner. Our solution identifies connections to known risk elements and facilitates more efficient reviews through the application of context and behavioral analytics.

These networks of connections and associated exposures quickly establish a customer’s baseline risk profile. This helps build a complete understanding of the customer at the point of onboarding and facilitates the ongoing control and monitoring of risk over time.

This approach provides a centralized and enriched view of riskier customers, enables more consistent assessments of customer risk and elevates the effectiveness of customer risk rating process.

Score risk by leveraging networks and enriched data to automatically detect direct and indirect risk
Optimize the risk rating model across customer segments by automatically highlighting risk factors

KYC: Ongoing Monitoring and Refresh

The final requirement of the CDD rule is “ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.”3

Transaction monitoring executed by financial crimes compliance teams will in part satisfy this requirement, but the first line of defense is also expected to understand client behavior holistically and determine whether the client is acting as anticipated. Front-line units should be aware of client changes in behavior patterns that may indicate risk, such as increased exposures to higher risk jurisdictions or a shift to higher risk products than previously utilized.

In updating client/customer information, many firms executed a calendar-based refresh process or a reactive event-driven process. Typically, these processes were labor-intensive and fraught with human execution error, in addition to creating significant “friction” for clients. As firms look to increase efficiency and effectiveness, current techniques provide firms with opportunities to work smarter, not harder.

Shift from reactive to event-driven regulatory reviews to achieve proactive risk and cost management
Reduce client/customer friction
Work smarter, not harder

Trigger-Based Refresh

To achieve better efficiency and more accurate client records, FI’s need to transition from periodic reviews to event-driven (or trigger-based) refresh. This helps firms manage time and resource demands, focus resources on value-added activities and improve customer risk management. It is necessary to employ advanced technologies that can:

Leverage multiple data sources to monitor for changes against current KYC profiles, including legal entity structure and beneficial ownership changes – keep CDD/KYC data updated continuously
Integrate with downstream systems for optimized treatment of triggers – know about changes when they occur
Automatically recalculate risk profiles by identifying new direct and indirect material risks – dynamic risk rating
Integrate aspects of transactional activity monitoring into the KYC process for account activity reviews - integrate with existing CLM and workflow solutions for KYC operations and financial crime

Quantexa: Offering Intelligence-Led Solutions for KYC

What Does Quantexa Offer for KYC?

Our KYC offerings include:

Learn More

To find out more about Quantexa's KYC offering join our KYC - Know Your Customer Specialist User Group for discussions with industry experts and explore our website to learn more about our KYC Solutions.

Sources

1. https://www.sec.gov/files/risk-alert-aml-compliance-examinations-bd-073123.pdf

2. https://www.fincen.gov/resources/statutes-and-regulations/cdd-final-rule

3. https://www.fincen.gov/resources/statutes-and-regulations/cdd-final-rule