BALANCING COMPLIANCE WITH CUSTOMER SATISFACTION

Transcription

1 BALANCING COMPLIANCE WITH CUSTOMER SATISFACTION

2 AGENDA Cost of compliance ID fraud stats On-boarding challenges Passing a FIC inspection Characteristics of a good RMCP CDD & RegTech Conclusion

3 COST OF COMPLIANCE INTERNATIONALLY

4 COST OF COMPLIANCE INTERNATIONALLY

5 COST OF COMPLIANCE INTERNATIONALLY

6 COST OF COMPLIANCE INTERNATIONALLY

7 KPMG SURVEY

8 FINES FOR AML INTERNATIONALLY

9 SAFPS STATS PRESENTED

10 ID FRAUD Statistics from DHA 1 Individual 1 individual 1 woman What is ID theft used for? UIF Medical Aid Insurance Bank accounts Retail accounts Money Laundering 9 different names 26 ID Books children

11 FUTURE TECH FOR VERIFYING ID Voice recognition Facial recognition Retinal recognition Behavioral biometrics such as keystroke recognition Heart rhythm Ear Geometry Vein matching finger of palm

12

13

14

15

16

17 South Africa and KYC Compliance SA s Regulatory framework Financial Intelligence Centre (FIC) established 2002 SARB responsible for managing national money and banking system including the adherence to laws and regulations. Includes FIC Act FIC act amended in 2017 incremental effective dates for implementation FIC applies to Accountable institutions Supervisory bodies such as FSB, Law Societies, Gambling Board etc Reporting Institutions Amendments to definition of Accountable Institutions notice issued Sept 2016 anticipated end of April 18 New inclusions Credit Providers, money / value transfer providers, virtual currency axchanges, accountants, Cooperatives, Auctioneers, short term insurers etc.

18 South Africa and KYC Compliance cont SA has emerged as a growing economic force Economy growing every year Financial sector well developed banks, 4000 branches, Mutual banks & foreign banks Member of good standing of Financial Action Task Force (FATF) Member of Eastern & Southern Africa Anti-Money Laundering Group (ESAAMLG) SARB has imposed fines approximately R100m over 2 years Found non-compliant with KYC, proper recordkeeping & reporting suspicious and unusual transactions Banks not deliberately defying regulators, but does show importance of KYC

19 Financial Watchdog stats Sept 17 Purpose of FIC To safeguard the Integrity of SA s financial system prevent it from being abused FIC Amendment Act bring SA in line with Fin Action Task Force global standards for combating money laundering and terror financing R149m transactions blocked by FIC in matters referred for inspection reports received for suspicious/ unusual transactions Accountable and Reporting Institutions reported 5m financial transactions reported

20 The FIC Inspection

21 How does an AI pass a FICA inspection Inspections Don t just comply show that you comply Be aware of your rights and obligations Auction Alliance case judgement resulted into legislative amendments Enforcements Inspections

22 FIC Inspection powers amendments Key inspection power amendments Business Premises of licensed AI Inspector can enter premises of registered AI without a search warrant Can also enter without search warrant if licensed / authorised by Supervisory body To conduct inspection for determining compliance Private Residence of licensed AI Must have search warrant Private Residence of unlicensed business with a search warrant if inspector believes that premises used for business to which FIC applies Consent overrides requirement for warrant

23 What and how will FIC/ SB inspect Change to Risk based approach requires FIC/SB to change the inspection approach : Does RMCP sufficiently identify risk for it being used for AML/ Terror financing? How does the RMCP mitigate that risk? Does RMCP comply with FIC Act, Guidance notes, Directives and formal requirements? Does AI adhere to its own RMCP? Thoroughness and processes of procedures to be tested FIC will probably ask for RMCP Could result in fully fledged investigation RMCP most valuable tool for AI s to reveal compliance Inspection costs may be recovered from AI/ Reporting Institutions

24 Characteristics of a good RMCP

25 RMCP General introductory comments Sect 42 of FICA 2 Oct Internal rules scrapped - RMCP in AI must develop, document, maintain and implement a programme for Risk Management and Compliance iro AML RMCP must enable AI to: Identify Assess Monitor Mitigate Manage Risk of money laundering or financing of terrorism

26 RMCP General introductory comments - cont AI s ability to apply risk-based approach effectively is largely dependent on quality of it s RMCP stated by FIC Customer friendly approach to compliance is required smooth on-boarding, minimum costs, maximum protection to risks identified FIC does not favour de-risking consumers not to be prejudiced FIC/ Supervisory bodies (SB) will request copies of RMCP poorly drafted and constructed RMCP s likely to result in formal inspections NB Board of Directors and Snr Management must take ownership, responsibility, accountability and approve RMCP RMCP must be more than a policy also processes and how to guide

27 FIC guidance -RMCP Description of Board/ Snr Management s accountability Appointment of Snr person to ensure Compliance Appropriate training for employees understand their obligations Regular / timely information to Board / Snr Management Document AI s risk management policies and risk profile ito AML/ TF risks Decision-making processes ( incl when ) decisions will be escalated to higher authority

28 FIC guidance -RMCP cont Measures to ensure Money Laundering risks are taken into account ito daily operation of AI: Development of new products Taking on new clients Changes to the AI s business profile RMCP must speak to complexity of business and its products/ services Group of companies may implement group-wide RMCP internal processes, systems and controls must be tailored for different entities where appropriate RMCP must be communicated throughout AI Must be reviewed on a regular basis

29 Legislative (FICA) Requirements How AI determines if person is prospective or existing client How AI ensures that it does not do business with anonymous client How AI identifies and verifies different types of clients and why How and why AI will comply with CDD requirements RMCP must provide for how and where required records are kept Must enable AI to determine when a transaction/ activity is reportable to FIC How RMCP will be implemented in branches / subsidiaries or other operations of AI on foreign countries AI must indicate in RMCP if any requirements is not applicable to it and reason why.

30 Conclusions on RMCP RMCP must endure regulatory scrutiny it may reveal AI s weaknesses. AI will be held accountable for compliance with FIC Act as well as their RMCP RMCP must display AI s understanding of it s business, products and services being abused for purposes of ML / TF Must apply their mind and show application of mind Why RBA, CDD, CIV, RMCP, Sanction screening? To provide the FIC with great quality Fin Intelligence Reports. All about information and intelligence A well drafted RMCP may just avert the eye of the Regulator or relevant SB

31 Customer Due Diligence

32 Customer Due Diligence No anonymous clients! AI s must not establish business relationship or conclude a single transaction with an anonymous client / client with a fictitious name Transaction < R5 000 full scope of CDD not required Request minimum information Name, ID, Contact number NB Sect 20A applies even where single transaction > R5 000

33 Identification and Verification CDD starts with knowing the Identity of your client AI must in the course of establishing a business relationship, or entering into a single transaction establish and verify the identity of the client Also applies to person representing the client Verification takes place during course of conduction the single transaction / business relationship & must be completed by the time the transaction is concluded Greater freedom to choose how to identify clients & means to verify the information CIV must be aligned to RMCP

34 Other Due Diligence requirements Obtain information re future transactions that will be performed in course of business relationship are consistent with the knowledge of that prospective client: Nature and intended purpose of the business relationship concerned Source of the funds to be used in the course of the business relationship AI must conduct ongoing due diligence including monitoring of transactions to check for inconsistent activities AI must repeat verification steps if it doubts the veracity or adequacy of previously obtained information If AI cannot conduct CDD may not establish business relationship or conclude single transaction. Must terminate existing business relationship consider STR under S29.

35 Other Due diligence requirements cont. Foreign Prominent Public Officials & Domestic Prominent Influential Persons Obtain snr Management approval for establishing business relationship Take reasonable steps to establish source of wealth/ funds Conduct enhanced due diligence monitoring of business relationship FIC Foreign PIP s always a high risk Domestic PIP s not necessarily FIC provided some sites that may assist in identifying who is Foreign and Domestic PIP FIC Act also applies to immediate family members and known close associates of a person in a foreign or domestic PIP.

36 Conclusion cont Apply your mind and show application of mind Scrutinise amendments what is states & what, by design, is omitted A well drafted RMCP may just avert the eye of the Regulator.

37 Utilisation of Third party/ Data FIC Guidance notes allows for AI s to outsource verification identification Obligation to comply and accountability lies with the AI Processing of Personal Information for FICA may only be done within confinements of PoPIA Processing and further processing of Personal Information of a client for purposes of FICA is allowed in PoPIA But be cautious of 3 rd Party data sources may have obtained personal information about a client without the client s consent or knowledge. Who is allowed to hold Personal information refer to NCA definition of Consumer Credit Information as well

38 RegTech for CDD/ KYC/CIV RegTech utilising technology for Regulation / Compliance Most important for use of technology to do CDD/ CIV Data Components Data Sources Matching Algorithms Data housing Def of Consumer Credit Information Def of Personal Information South Africa has unique datasets and profile of consumers make sure that the solutions are designed specifically for the South African market.

39 RegTech for CDD/ KYC/CIV Challenges around data leaks Proposal to utilise data that sits in secure environment Credit Bureau optimal to provide this function Data providers/ vs credit providers submitting data Allowable data sources for Credit Bureaus Credit Providers no consent needed compulsory Data Providers- with consent Public Data Reminder you have to notify FIC if you are utilising 3 rd Party providers to assist with your compliance requirements.

40 ONBOARDING BEGINS BEFORE ACC IS OPENED

41 ONBOARDING FOR KYC/AML TIPS User-Friendly Shortest, friction free process Easy to complete and comply Workflow to be easy and staff friendly Build Relationships Interact, assist, understand Keep records up to date Periodic automated monitoring and updating Avoid inconsistencies Clearly defined processes and standards Educate All staff to be up to date with compliance if they are required to make decisions Tick all compliance boxes - RMCP

42 CONCLUSION Cost for compliance is high Fraud is rife Why RBA, CDD,CIV, RMCP, Sanction screening etc? To provide FIC with great quality Financial intelligence Reports All about information and intelligence AI s have greater freedom under RBA and with CDD than before with freedom comes greater responsibility and greater need for application of mind Invest in good on-boarding tools that will enhance customer experience.

43 Questions