FATF Recommendation 16, Compliance ‘attestations’ spark discussion at Business Forum London
Compliance-related risk and cost remain a major concern for financial institutions. Uncertainty about potential risks has led a number of banks to cut back on their correspondent relationships to avoid falling foul of regulatory requirements. Attendees who visited the SwiftLab at the recent Business Forum London were shown how Swift’s Compliance Analytics service can help banks identify potential risks and enable them to act with speed and precision as the situation warrants. Compliance Analytics is, for example, able to show an institution’s activity share in a particular market as well the originating and downstream banks in transactions for which the institution is acting as an intermediary.
Compliance Analytics is already used by about 30 of the world’s largest banks to analyse their global Swift message traffic in order to identify unusual patterns and trends, hidden relationships, and high levels of activity with high-risk countries and territories. The product uses the bank’s own Swift data to compare its position with total Swift traffic for predefined countries and transaction types, enabling its compliance teams to adjust their systems, focus their investigations, and monitor correspondent relationships. A highly visual tool, Compliance Analytics brings data to life and supports sanctions, Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance.
Understanding payment data quality
The SwiftLab session was followed by a discussion of the environment which will make products such as Compliance Analytics increasingly indispensable. Paul Taylor, director, compliance services, Swift, moderated a panel discussion sponsored by consulting firm Navigant on compliance trends and their implications for both institutions and their compliance officers. He was joined by Tim Mueller, director, Navigant, working in the firm’s compliance and investigations practice, Dave Bradshaw, associate director, Navigant, who works primarily on sanctions assurance, and Tony Wicks, head of AML initiatives at Swift.
Good data quality will improve straight-through processing rates and streamline business.
The session focused on two forthcoming challenges in particular: FATF Recommendation 16 and Compliance attestations. While ‘FATF 16’ is officially described as a recommendation, participants agreed that different versions of it will be incorporated into regulations with implications for compliance processes and the need for further controls. The FATF 16 recommendations are designed to ensure the correct identification of all parties, provide transparency to all participants in the payments chain, and make it easier to identify criminals and terrorists when illicit or suspicious activity is detected. Specifically, it aims to ensure that basic information such as the name, account number and address (including country) of the originator and beneficiary of wire transfers is immediately available to all institutions involved in a given transaction.
Mueller explained that while the European Commission has set June 2017 as the target date for its equivalent legislation to come into effect, it is in fact pushing for member countries to put the relevant regulations in place this year in preparation.
Contrary to much of the general industry sentiment on regulatory burdens, panellists agreed that improvements in payment information as envisaged by FATF 16 could bring significant benefits to financial firms in terms of sanctions monitoring, sanctions screening and downstream transaction monitoring. “Every financial institution that I’ve seen has some level of high-risk jurisdiction transaction monitoring filter,” said Mueller. “When information such as country of originator is not present, firms have to assume that it is a high-risk jurisdiction.” Investigating whether that is the case takes time and money.
Wicks agreed. Any transaction that is delayed for compliance reasons adds cost and reduces liquidity, he noted. Improving data quality should reduce the number of transaction messages entering the repair queue, which could bring a noticeable cost saving. “Good data quality will improve straight-through processing rates and streamline business,” he said.
Swift is introducing a new Payments Data Quality service to help banks monitor the quality of originator and beneficiary information in their outbound and inbound payments messages. The service uses quality verification rules developed by Swift in line with industry practice and in cooperation with its community. “This reporting service will help you identify and evaluate whether payments messages contain the requisite information as outlined by the FATF 16 guidelines,” said Wicks.
Bradshaw pointed out that FATF 16 requirements will not only impact Swift, but also wire transfer systems such as Chips and Fedwire. “Banks have a bit of remediation to do,” he said. The requisite information is often contained in existing messages, but is not necessarily in the right format or the right place. Muller added that, in essence, regulators would be asking banks to show that they control those parts of the transaction process that are within their remit, even if the exact compliance requirements would only become clear over time as regulatory and market practice evolves.
It gets personal
The need for a firm to demonstrate sanctions compliance led on to the question of attestation. Regulators are increasingly trying to tie representations of enterprise compliance to individual executives through an attestation process. The New York State Department of Financial Services, for example, has unveiled plans to require financial executives to certify that their institutions have sufficient controls in place to prevent illicit transactions. There are similar initiatives in Europe, including the Bank of England’s Senior Managers Regime (SMR). The DFS attestation requirement is likely to come into force in 2017. Requirements are likely to include details on risk assessment processes for sanctions and AML, and assurances that the systems are operating correctly and in alignment with business risks, as well as evidence that staff are trained to understand their obligations.
Taylor wondered what the consequences of such requirements might be for staffing, given that a number of smaller institutions are already struggling to attract the right compliance specialists. Putting an optimistic spin on this development, Mueller suggested that compliance executives may well find it easier to get budget authorisation to implement the necessary controls. They could otherwise withhold signature of attestations, if unsatisfied with the programme in place. As with much else in the regulatory pipeline, further guidance on specifics is eagerly awaited.