Strategies to Enhance your Screening and Transaction Monitoring Processes
Transaction monitoring and sanctions screening are crucial processes for both traditional and non-traditional financial institutions. With changing regulations coupled with increased regulatory scrutiny being the new normal, having a streamlined and flexible approach has become more important for AML Compliance teams looking to improve cost savings and resource allocation.
In this webinar, our presenters from ICICI Bank and Transfast join CaseWare RCM to discuss
- How to assess and factor risk criteria such as regulatory, country, customer and services risks;
- Data elements to consider when determining lists selection and customer and/or transactions attributes
- Policies and procedures to determine monitoring and screening type and frequency as well as management of high risk situations
- Strategies for increasing detection of real reportable activities and reducing false positives and time for investigations
Here are the questions and answers from the event.
Q: Can you give specific examples about what you mean by residual risk?
A: Daniel Buckingham, Director of Compliance Strategy, Governance and Technology, Transfast: When we talk about inherent risk, that is really looking at a product or service and looking at the attributes and how that product or service can be used and how it could be abused by a customer. It’s looking at its inherent setup and saying what is its potential for being abused?
When we start talking about residual risks though, it’s saying OK, I’ve applied a level of control framework against the risk of that product, so I may have certain monitoring controls in place. I may have certain first line of defence mechanisms in place. When we talk about residual risk, all we are trying to say is do we believe that the control environment across the first and second line has the ability to manage that risk in totality or is there some risk left over?
So for example, the front line of defence control could be face-to-face because it’s an over-the-counter transaction. Part of that is visualizing and verifying the person that is doing the transaction with you, but in the background you are monitoring to look for certain typologies. But the data that’s coming in means you are not able to properly target that and so your monitoring control produces a lot of noise, as the result, when you produce a lot of noise you also run the risk that from an investigation standpoint you may miss something as well.
So in that case you may believe there is an element of residual risk left over and it’s not fully mitigated and it’s up to you to then say, do I need to do that or is that within my risk appetite? If you look at the residual risk only you are potentially looking at a very small subcomponent of the risk or a symptom of the risk, not the actual risk itself.
Q: Given that sanctions are essentially regulated to report on hits from a list, once a hit has been verified and returned on good data how does risk even enter into the equation?
A: Mandar Vaidya, Assistant Vice President Compliance, ICICI Bank Canada The risk really comes in if you are not able to identify and detect a match or not able to do proper due diligence in terms of the alert that comes in.
Let’s say if you get a match and you ignore the match and say it’s a false positive, it could really be a true match or a potential match. If it is a Politically Exposed Person (PEP) and you don’t classify them as a potential high risk client, then you are exposing yourself for non- compliance and the regulators could find your program non-compliant.
Q: Can Alessa be integrated with other lists or just World-Check? Do you provide screening services to be in compliance with OFAC – CACR list for Cuba?
A: Eric Hansen, Senior Risk Specialist, CaseWare RCM: Yes. CaseWare has taken the approach where we have an integrated partnership with World-Check where we include not just the names but the additional second-level identifiers such as the year or birth, the citizenship, the relatives and close associates. But we can integrate other lists, especially internal lists.
An important consideration when you are trying to integrate a third-party watchlist is that it is getting it integrated into the software properly. Our clients work with all sorts of external data sets lists now from cannabis related business lists to adverse media and our team here is always working on integrating new data sets.