IBM AML compliance solution Staying ahead of financial crimes Highlights Continuously harnesses a powerful array of advanced analytics that are available to proactively fight the long-term war against financial criminals on multiple fronts Helps you more effectively resolve identities, relationships and ambiguous patterns with entity and predictive analytics, broader cross channel visibility, and stronger risk scoring Continuously adapts and embeds new operating models through retrospective forensic and big data techniques Helps accelerate investigations and the management of cases through SAR filings with improved triage alerts, automation and deep mining of data sets The market environment has evolved Financial crimes are growing in frequency and complexity with advances in technology providing malicious insiders and organized criminals more opportunity to commit crimes. Furthermore, the drumbeat to remain compliant continues. New regulatory guidelines continue to arise with increased scrutiny and complexity, so that standing still is not an option, even for institutions with state-of-the-art compliance programs. Suspicious activity reports (SARs) increasingly cross boundaries between fraud, cyber and anti-money laundering (AML), further increasing the complexity. Regulators are beginning to push for more detailed reviews of implementations, especially for knowing your customer (KYC) requirements. And, new regulations for beneficial ownership, the Fair and Accurate Credit Transaction Act (FACTA), multitenant correspondent banking and counterparty resolution mean you must have better data and understanding than ever before. What s more, the pace of innovation has increased. Businesses are striving to offer an omnichannel experience by delivering new products tailored to how the client wants to be serviced. This requires a strong operating foundation laced with rigor to manage and minimize AML compliance, fraud and security risk. Knowing that fraudulent activity itself is channel neutral, organizations must maintain a competitive edge by adapting quickly while operating in a secure environment.
The status quo isn t working Financial institutions find keeping up with compliance risks extremely difficult and costly, with high false-positive rates. And although the risks seem to be increasing dramatically, resources for managing that risk remain flat or incremental at best. Most institutions are facing these common issues: Single solutions and corporate silos that increase the risk of violations going undetected High IT costs Too many false positives (common results are as high as 20 to 1 for some mainstream vendors) Current analytic operations that are narrowly focused, only able to view limited data Transparency and compliance reporting difficulty Fraudsters who slip through the gaps Difficulty acting nimbly to counter changing threats and advances in technology and data The consequences can be drastic: Big fines for weakest links in regions or countries and systems Personal liability for chief compliance officers Costs that affect the fundamental operation of the institution Throttling of the ability to innovate What the current approach lacks Often, relationship information that spans multiple lines of business is incomplete, inconsistent or unavailable, which increases the risk of undetected suspicious activity or high levels of false positives. What s more, maintaining business unit or functional risk decision tools for all parts of an institution is costly, inefficient and can still miss high-risk customers and transactions. Compounding the challenge is the fact that detection and risk models are not consistently managed, validated or regularly tuned. Finding success for customers Financial institutions are beginning to change the way they manage their businesses to fight this battle. They would like to break down silos (technological and cultural) and use new and more sophisticated analytical techniques throughout the enterprise. They are seeking partnerships that can help them continuously harness the powerful array of technologies that are available to fight a long-term war against financial criminals on multiple fronts. The organizations successfully fighting financial crimes today are those that have embraced a totally new, holistic approach to staying ahead of the threats, improving the bottom line and delivering value to the client. Key challenges in the fight against financial crime KYC and the identification of beneficial owners remain areas for significant improvement for most financial institutions. KYC is understanding who s who and who knows whom while getting clarity about ambiguous, misrepresented and nonobvious identities and relationships. Many times the lack of clarity is unintentional; mistyped, transliterated names, different account holders for the same company and different divisions of the same company all contribute to ambiguity. Other times it is intentional and intentional misrepresentation, organized crime and relationships with sanctioned entities are at the heart of compliance risk. 2
Business 101: Know your customer Must understand customer throughout the lifecycle (also customers customer, broker, vendor, employee) Should we do business? Did we do business? Continuously add context to see a more complete picture of risk (or opportunity) Account origination Account maintenance Transaction review SAR filing New customer: Add account Existing customer: Add brokerage to checking and change address Possible structuring on Wire Xfer: AML investigation required AML suspected: SAR required Figure 1: Knowing your customer means understanding who s who and who knows whom while getting clarity about ambiguous, misrepresented and non-obvious identities and relationships. Organizations seldom have the benefit of this single, complete view of the customer. Pieces of the puzzle, such as their internal and external profiles and transaction activity, typically live in separate and unconnected systems in different places, which makes hunting down accurate and relevant metrics arduous. The result can be spotty risk scoring and segmentation that can make continued monitoring a very difficult task. What the perfect solution looks like Ideally, organizations should have a structured system that enables a reasonable basis for validation of customer identification. Organizations also need the ability to compare customer data with restricted governmental and internal databases. But it doesn t stop there. Constant monitoring of the customer s profile and transactions (and storing those investigative details in a meaningful way) is also a requisite function. In total, the layers of intelligence should: Resolve customer names and understand relationships. Personal and corporate names are often represented differently in different systems used by different business units and regions or countries. Also, the people involved might provide conflicting information. Adapt to evolving custom policies and procedures. KYC must be integrated with a bank s front-office, which is continuously changing based on customer demographics, new product offerings and evolving financial, regulatory and legal requirements. Use flexible customer risk scoring and classification. Banks need the flexibility to create their own risk models based on their operating exposure, customer demographics and product offerings. These risk models can reduce the compliance footprint of the vast majority of low-risk normal behavior. 3
Link structured and unstructured data, internally and externally. To know their customers, banks must integrate the data they collect about their customers with a wide variety of external sources. These external sources consist of a significant range of formats and access mechanisms and new sources are coming online every month. Much of the information that identifies a person, relationship, or risk is unstructured on a website, in a letter of credit, in a document or in correspondence. Maintain an integrated investigative workflow. In a rush to meet specific compliance deadlines, banks have implemented applications silos for CIP, EDD, KYC, AML, fraud, cyber, and various case management and regulatory reporting requirements. Often these applications are in silos. An integrated, composite view that spans these applications can improve the investigative process, reduce risk and audit the entire relationship flow. Consolidate data. To understand customer risk, financial institutions need to correlate data that is spread over different product-specific transactional systems, customeraccount systems, alert generation systems, investigation tools and regulatory reporting systems. Standardization of as many applicable processes as possible is critical, and they should be fully integrated to reduce gap exposures and operational costs. And lastly, if all functions as it should, the system can increase customer satisfaction, provide new revenue opportunities and give organizations a real competitive advantage. Countering evolving threats requires a holistic view The cycle of crime from cyber, fraud and AML is intertwined. That s why IBM strives to help break down siloes, not just in organizations and their systems, but across the fraud landscape at large. The IBM Counter Financial Crimes Management Solution and the IBM Red Cell Advanced Financial Crimes Intelligence Group are working closely with major financial services, consortiums and law enforcement groups to share intelligence over all these domains. The ultimate goal is to extend observation, increase the array of analytical tools available to counter threats and radically decrease the cost of compliance by orders of magnitude. To that end, applying techniques like context computing, predictive analytics, big data, and the amazing cognitive power of IBM Watson, customers can take advantage of a deep arsenal. The IBM AML solution layers analytical techniques to provide customers with the tools they need to combat threats and the control to evolve their defenses as their needs change. This integrated, flexible platform reduces redundant systems, processes, errors and, ultimately, operating costs. A holistic view of relevant relationship data at the time of decisionmaking increases the ability of organizations to identify high-risk relationships and transactions, but it also gives them the intelligence they need to make informed risk and reporting (Figures 2 and 3) decisions at the relationship level. 4
Figure 2: Analytics give clarity on identities and relationships 5
Figure 3: Management report on Money Movement 6
Roundup of core capabilities KYC Customer identification program (entity resolution, list screening, correspondent banking, counter party) Customer due diligence KYC scoring (customer onboarding and lifecycle score) Alert generation, prioritization, workflow and management KYC alert investigation, alert escalation, enhanced due diligence, relationship analysis QA and QC review of cases KYC dashboards and reports Customer list screening Customer identity resolution Customer screening with watch lists (OFAC, FinCEN, Dow Jones, bank s own watch list) Customer screening based on bank s own Good Guy list Screening of new and existing customers, transaction initiators, beneficiaries and intermediaries Alert generation, prioritization, workflow and management for list screening AML transaction monitoring (compliance) Suspicious behavior monitoring: Statistical profiles, business rules and models Transaction fraud detection Transaction fraud alert generation, prioritization, workflow and management Transaction fraud alert investigation, alert escalation, enhanced due diligence, relationship analysis Suspicious activity reporting QA and QC review of cases Dashboards and reports A partnership that evolves with your needs With IBM Counter Financial Crimes Management, organizations can proactively and more effectively combat fraud, AML and cyber threats to improve business results and potentially reduce losses while maintaining a positive customer experience. A combination of internal development, strategic big data and analytics software and service capabilities, cutting-edge analytic methods from 12 research labs, and more than 290 fraud-related patents enable IBM to offer solutions for enterprise fraud management that are characterized by: Innovation. IBM is driving state-of-the-art advancements on a massive scale in machine learning and analytical techniques for managing risk in the financial crime lifecycle. Intelligence. The IBM Red Cell intelligence team and security-related offerings from IBM, such as IBM X-Force and Trusteer, can help an organization further reduce its exposure to threats and fraudulent activity connected with cyber-related crime and fraud. Simplicity. IBM delivers technical components in one integrated solution that can be applied to one or more counter fraud or compliance programs and processes. The data, models, case components, reports and APIs are transparent, so you can configure aspects of the system to meet business needs. For more information To learn more about IBM Counter Financial Crimes Management, contact your IBM representative or visit ibm.com/smartercounterfraud 7
Copyright IBM Corporation 2015 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America January 2015 IBM, the IBM logo, ibm.com, IBM Watson, Trusteer, and X-Force are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at Copyright and trademark information at www.ibm.com/legal/copytrade.shtml. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. It is the user s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs. THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANT- ABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. Please Recycle IIS03009-USEN-00