Big data technologies led by Apache Hadoop can help financial services firms comply with a myriad of regulations, including US Anti-Money Laundering (AML) laws and requirements.
In 2015, it goes without saying that Banking is an increasingly complex as well as a global business. Leading North American Banks now generate a large amount of revenue in Global markets and this is generally true of all major worldwide banks. Financial crime is a huge concern for banking institutions given the complexity of the products they offer their millions of customers, large global branch networks and operations spanning the spectrum of financial services. The BSA (Bank Secrecy Act) requires U.S. financial institutions to assist U.S. government agencies to detect and prevent money laundering. Specifically, the act requires financial institutions to keep records of cash purchases of negotiable instruments, to file reports of cash transactions exceeding $10,000 (daily aggregate amount), and to report suspicious activity that might signify money laundering, tax evasion, or other criminal activities. It was passed by the United States Congress in 1970. After the terrorist attacks of 2001, the US Patriot Act was passed into law by Congress. The Patriot Act augments the BSA with Know Your Customer (KYC) legislation which mandates that Banking institutions be completely aware of their customer’s identities and transaction patterns with a view of monitoring account activity.
Thus, from a regulatory perspective, banks and other financial institutions now need to comply with legislation that governs financial crimes under the umbrella Anti Money Laundering (AML) legislation which covers a wide variety of compliance requirements. These must be set in place from a data management, process, culture and IT perspective. AML legislation has now expanded to include tax evasion as well with the advent of the FATCA (Foreign Account Tax Compliance Act). Thus, the important sections of the act that institutions must comply with include the BSA (Bank Secrecy Act), KYC (Know Your Customer) and the FATCA.
The US Government also formed the FinCEN (Financial Crimes Enforcement Network) in 1990 as the primary enforcing authority that collects and analyzes transactions flowing through the system to detect AML violations.
Financial institutions are required to file FinCEN SAR’s (Suspicious Activity Report). Dealing with financial crimes also provides a significant social benefit in that drug money & other ill gotten finance does not get laundered into the system.
For every transaction flowing through the retail banking system – Banks, BHC’s (Bank holding companies), and their subsidiaries are required by federal regulations to file a SAR with respect to:
- Criminal violations involving insider abuse in any amount.
- Criminal violations aggregating $5,000 or more when a suspect can be identified.
- Criminal violations aggregating $25,000 or more regardless of a potential suspect.
- Transactions conducted or attempted by, at, or through the bank (or an affiliate) and aggregating $5,000 or more, if the bank or affiliate knows, suspects, or has reason to suspect that the transaction:
- May involve potential money laundering or other illegal activity (e.g., terrorism financing).
- Is designed to evade the BSA or its implementing regulations.
- Has no business or apparent lawful purpose or is not the type of transaction that the particular customer would normally be expected to engage in, and the bank knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.
A transaction includes a deposit; a withdrawal; a transfer between accounts; an exchange of currency; an extension of credit; a purchase or sale of any stock, bond, certificate of deposit, or other monetary instrument or investment security; or any other payment, transfer, or delivery by, through, or to a bank.
(Source – FFEC Online Manual for Bank Secrecy Act enforcement)
In the Capital markets space, the FINRA (Financial Industry Regulatory Authority) regulates the broker dealer industry and deploys hundreds of professional examiners to look for any suspicious activity across the entire range of traded instruments. Classical Wall Street’s focus on compliance has dated back to 2003, with the passing of the Patriot Act. Since then Global Banks have put into place strong compliance functions to monitor their customers, bank accounts and transactions.
Implementation and re-engineering AML processes has been a focus for banks, especially as they adopt technologies around Enterprise Middleware, Cloud, Analytics and Big Data. As Banking is increasingly an Omni-channel world, compliance architectures need to be able to adapt to not just Branch & ATM banking but also Mobile, Call Center, IoT etc etc.
Technology underpins an effective compliance program. As data volumes grow and more types of data are on-boarded, the challenges for IT Organizations when it comes to AML are manifold:
- The need to monitor every transaction for fraudulent activity, such as money laundering, beginning right from customer on-boarding i.e looking for needles in a haystack
- The ability to glean insight from existing data sources as well as integrating new volumes of data from unstructured or semi structured feeds; and to achieve this in a world full of data silos
- The need to create aggregate and individual customer personas that adjust dynamically based on business rules
- Presenting information that matters to the right users as part of a business workflow
- Integrating with other financial institutions to support complex business operations such as KYCC (Know Your Customers Customer)
- Provide a way to create and change such policies and procedures on the fly as business requirements evolve
- Provide an integrated approach to enforce compliance and policy control around business processes and underlying data as more regulation gets added with the passage of time
- There is a need to enable Data Scientists and Statisticians to augment classical value compliance analytics with model building (e.g Fraud Scoring) through knowledge discovery and machine learning techniques. There is a strong need to adopt a mechanism of pro-active alerting using advanced predictive analytic techniques
Existing solutions in the AML space clearly fall behind in almost all of the above areas.AML has evolved into a heavily quant based computational domain not too unlike Risk Management.Traditional Compliance algorithms cannot scale with this explosion of data as well as the heterogeneity inherent in reporting across multiple kinds of compliance.
The definition of Financial Crimes is fairly broad & encompasses a large area of definition – the traditional money laundering activity, financial fraud like identity theft/check fraud/wire fraud, terrorist activity, tax evasion, securities market manipulation, insider trading and other kinds of securities fraud. Financial institutions across the spectrum of the market now need to comply with the regulatory mandate at both the global as well as the local market level.
Finally, the harm done to a financial institutions reputation is immeasurable especially if they’ve have been sanctioned and otherwise penalized by the regulatory authorities for failure to institute appropriate supervisory guidelines. It is important to note that effectively tackling and implementing AML guidelines itself does not provide a source of competitive advantage but it needs to be done as a price of entry into the business of banking.
The next post will examine how Hadoop is proving to be the perfect platform in solving Compliance related business challenges. We will examine a real world reference architecture that can serve as a strong basis for any Global Scale Compliance Regime.