Better Compliance Efficiency Through Regtech – Key Takeaways from IDM Webinar
Many financial institutions (FIs) are using spreadsheet programs for compliance activities. These tools are not built for this purpose and can leave your business at serious risk of enforcement actions.
To view the original with slides, please click here.
Spreadsheets are Dead
When do compliance officers use spreadsheets for Know Your Customer (KYC), Transaction Monitoring, and Fraud Prevention?
Know Your Customer Spreadsheets are used to keep track of the personally identifiable information (PII) collected as part of the onboarding process. This may include name, date of birth, email, address and an identity document (ID). Spreadsheets, however, are cumbersome when it comes to handling PII, including IDs and transaction histories.
When monitoring transactions, FIs must capture sender & receiver PII, as well as the amount and time. This information helps FIs understand who their customers are, and helps with qualifying ‘suspicious behavior’. However, monitoring transactions and creating rules in spreadsheets is highly labor-intensive and not acceptable by most state regulators. Finally, as the volume of transactions increases, this function becomes impossible to run efficiently in spreadsheets.
Analysts use spreadsheets for seeing large amounts of data to draw patterns that can lead to new rules. Spreadsheets cannot easily provide the visuals necessary to spot patterns, identify risk factors, or classify users. In the event of a fraud attack when quick responses are Fraud needed, spreadsheets do not allow for fast reactions.
Multi-Jurisdiction Complexity
Managing a global operation is no longer a problem exclusive to large global institutions. FinTech has opened the door for small companies to sell anywhere in the world as well. The opportunity to grow quickly brings the challenge of complying with multiple sets of regulations. Regulatory and risk frameworks differ across jurisdictions, creating further complexity in manual efforts.
Other Disadvantages
- Data outside systems can be easily lost or compromised, a huge regulatory risk (GDPR, security breach notification)
- Data outside systems can be easily manipulated (useful for analysis, but also poses risks)
- Susceptible to human errors
- Lack of version control, not designed for collaborative work
- May not be physically accessible in case of emergency
- Scales poorly
Benefits of RegTech
Automation
Integrating a RegTech solution automates data capture and processing into one platform. This means that transaction data and KYC information is automatically recorded, freeing analysts to spend time on cases, not pivot tables. Multi-jurisdiction operations become manageable as KYC and Transaction Monitoring requirements are set for each geography.
Recording & Reporting
Case management means that notes can be shared within a team, leading to pre-populated reports that can be automatically generated and sent to regulatory agencies. Access to sensitive data can be adjusted by team member. When reporting to examiners, analysts can be confident of finding all the relevant information and that the data is correct.
Real-Time Information
The platform addresses issues with version control, and the centralized real-time information it makes available means that analysts can have an up-to-date view, with the ability to focus on the information that is important to them when detecting fraud. This means financial institutions can build risk-based approaches, customizing the user experience based on the fullest set of data possible.
KYC: ICOs
Automation – Risk-Based Approach
When launching an ICO, a process has to be in place to perform KYC for people from potentially over 100 countries, with a huge variance in transaction amounts, all as quickly as possible. Our platform performs the correct KYC regardless of customer or company jurisdiction. Higher risk contributors can automatically be put through enhanced due-diligence.
Recording & Reporting – Data Security Risk
The platform keeps a record of every potential sign-up, what tests were run, and what the results were. Information can be exported via API, which avoids the risk of having KYC data on a spreadsheet on a sole machine, which could be lost or accidentally sent out.
Real-Time Information – All KYC Data in One Place
Customers expect a quick onboarding process from ICOs and a failure to do so can cause a bad impression. Having real-time information driving a responsive escalation process allows KYC to be performed quickly and with better results.
We have built a plug-in tool for ICO KYC. By copy/pasting 45 lines of code, information is automatically sent to IdentityMind, no integration required. The results update in real-time, and the system displays the results of all the security tests which were run. Case Management also exists with notes and attachments available. All of this can be shown to regulators to prove you’ve done the right thing.
Transaction Monitoring – MSBs
Automation – Jurisdictional Rule-set
The limited usefulness of spreadsheets is most apparent when we consider the case of AML transaction monitoring. Even within the US, an MSB needs to ensure they are catching the regulatory variations across states. Running an international operation requires tracking regulations, what rules apply when, not to mention exchange rates. Using a RegTech platform automates almost all of this, only leaving alerted transactions for manual review.
Recording & Reporting – Avoid Regulatory Enforcement Actions
We have seen regulators issuing findings and fines for MSBs using spreadsheets for transaction monitoring. Data in this format does not provide the information they expect to see alongside the transaction data, such as timestamps, associated KYC data, and a unified system.
Real-Time Information – All Customer Data in One Place
Having all the information in one system means that it is easy to trace customers from the initial onboarding to every subsequent transaction. Based on alerts, a case can be created and a SAR can be filed. Because everything is tracked, you know which agents at your institution performed what actions and when.
The platform allows granular configuration of alert parameters, for example by geographies and risk profiles, with transactions entering a queue when flagged. We provide multiple ways for analysts to examine their transactions, such as a graphical comparison of a user’s activity against a peer’s over time.
Fraud Prevention: Payments
Automation – Sorting large data sets
Fraud analysts love to export data to spreadsheets and manipulate it with pivot tables, but you cannot get that new data back into your system. Instead of keeping track of multiple tabs and spreadsheets that are close to their maximum size, using our platform lets you work with your dataset inside the system, whether your volume is 1,000 or 10,000,000 transactions a day.
Recording & Reporting – “Building reports shouldn’t be this hard”
Building reports is critical to prevent fraud and report information upwards, and analysts need to pull a lot of information to do their jobs. A single platform makes it easier to gather and filter the information needed, calling up transactions between a certain amount, or see what has been flagged with certain risk elements or tags.
Real-Time Information – Reactive vs Proactive
Instead of only creating new rules in reaction to fraud losses, technology like machine learning can be used to stay ahead of fraudsters. RegTech enables fraud analysts to anticipate potential risks by monitoring risk factors, track chargeback behavior, and shows you the customers who are connected to known bad users.
Each transaction on the IdentityMind platform can be opened to display additional information, displaying information in a format configurable by analysts.
Benefits of the IDM Platform
Digital Identities – API – Third Party Ecosystem
Trusted Digital Identities form the foundation of IdentityMind’s platform.
Trusted Digital Identities (TDIs) are entities that perform transactions online, and that you want to do business with. These entities may be individuals, businesses, affiliates, and others. TDIs combine an individual’s digital activity with real world, static information. It validates that individuals are a real identity, are allowed to use the presented information, are not affiliated with untrusted entities, and do not pose a risk for your business.
The core technology can also be accessed through an API if there is already a risk and compliance system in place.
Our Third Party ecosystem allows you to benefit from 20+ more data sources, all through a single API, and a single contract.
Spreadsheets are a ubiquitous tool, but generate a lot of issues when relied on as a compliance and fraud prevention tool. Transitioning to a platform like ours lets you run your compliance and fraud operations more quickly and securely.
