PreviousIncluding technology in your Data Privacy and Protection Program
What 14 years of AML implementations has taught us!
14 years ago, Symptai Consulting Limited set out to do it’s very first Anti-Money Laundering (AML) implementation in the Caribbean.
The primary focus at that time was continuous monitoring of customer’s transactional activity, and retroactive Know Your Customer (KYC) compliance to identify customers doing business who were not KYC compliant. It was accepted that a large percentage of customers who were inactive would remain KYC non-compliant.
Learn more about Alessa today!
Since that time our "likkle but tallawah" continuous monitoring solution (then known as SymSure Monitor) was acquired by CaseWare Inc, renamed CaseWare Monitor, and most recently rebranded as Alessa; which means “noble defender”.
Today Alessa has been implemented in over 20 countries across the world while Symptai has maintained its role providing sales, training, implementation and support services across the Caribbean region.
We have seen and learned quite a bit over the years:
Screening of cross border and high-risk transactions to address de-risking by Intermediary banks frantically came and went. This was primarily because the AML solution provides this service in real time thanks to technology integrations with Thomson Reuters World Check and other sanction list providers.
Automated regulatory reporting has become the standard. While all jurisdictions have not become fully automated as yet, they are all headed in that direction; particularly with the proliferation of GoAML and other such standards. It is only a matter of time before these platforms will allow AML solutions to report directly to and interact with the Regulator in real-time rather than the post reporting that now obtains.
Risk rating at on-boarding (and post for existing customers) has shifted the compliance focus to a risk-based approach where the team can now accept all activities for low risk customers and focus their resources on customers with medium and high-risk. This is further supplement by Enhanced Due Diligence (EDD) requirements to ensure every customer is reviewed periodically.
Screening of prospective customers prior to on-boarding now has shifted this critical control to being proactive rather than detective.
Continuous KYC compliance means that customers must always maintain KYC compliance. This has created opportunities for Governments to open access to the systems that validate identity such as Driver’s Licenses and Passports for individuals and for companies. Our client organizations can now directly validate customer information in their absence. The next frontier to hurdle is for custodians of Company data to reveal the Ultimate Beneficial Owners (UBO’s) so that corporate transactions can be directly linked to the individuals behind these corporations and customer onboarding and screening of real time transactions can consider these individuals.
Over the last 2 to 4 years, we have observed how these last three factors have coalesced across the region to support the digital business agenda that is typically appearing as a key strategic initiative for most if not all corporations.
In a recent presentation to the House of Representatives in Jamaica, Minister of Finance Dr. Nigel Clarke “It is, imperative that Jamaica, via ministries and agencies with critical AML/CFT mandates, and the private sector collaborate in a national effort and marshal collective resources with the assistance of our international development partners, to address the gaps across the various systems and processes in the country’s overall AML/CFT regime.”
Locally, the government of Jamaica is doing a lot to become more ‘digital friendly’ and as a result of this, has shifted to make data more accessible. All while supporting the need to maintain aggressive data privacy and cybersecurity policies. A large reason for this shift is the steady increase of Data Protection and Privacy laws which require information to be collatable and shareable on request, but rigorously protected. Customers personally identifiable information (PII) can no longer be stored in file cabinets in forgotten back rooms only to be dusted off when needed.
For organizations looking to optimize the Digital Transformation journey, good customer data which provides a single view of that customer is essential. In addition, targets for marketing campaigns for goods and services must be low to medium risk and KYC compliant while not having any adverse screening results. Consequently, the good governance practices of today’s compliance teams and regulators are a good foundation for digital business opportunities.
In conclusion, with regulators now pushing real-time screening and continuous KYC compliance underpinned by a risk-based approach, the best way to do this at scale is using automation. Automation allows advantage using current and emerging digital capabilities. The next frontier for our customers is to collaborate and share insights in a bid to erect a common minimum standard for entry into their collective institutions to retain KYC compliance and uniformly determine risk. More anon.