The pandemic has drastically increased business exposure to financial crime. Enhanced due diligence is needed for corporate vigilance and compliance.

2020 was a trying year for compliance teams whose mandates included helping to keep their clear of complicity in financial crime.

Widespread remote-work and hasty digitalization had introduced significant challenges to institutions that had traditionally relied on manual or paper-based processes. This caused initial delays and then a sudden shift toward digitalizing anti-money laundering (AML) and know your customer (KYC) checks and workflows.

The high-profile FinCEN leaks then pushed into the spotlight the need for organizations to enhance their due diligence on customers and counterparties—including the identification of these parties’ sources of funds and their beneficial owners, especially those with probable high-risk connections.

Within the current tumultuous and dynamic environment, and amidst greater scrutiny, KYC and AML professionals must be aware of three major blind spots that could jeopardize their financial crime screening processes in 2021.

  1. Dynamic risk profiles and limited sanctions lists
    Screening customers and financial counterparties typically occurs during initial onboarding, followed by periodic reviews and remediation. The problem with this approach is the assumption that the party’s risk profile remains static during the review cycle.

    This is not always the case. During this time frame, a party’s risk profile could shift dramatically. For example, a change in shareholders to include a Politically Exposed Person (PEP) or a sanctioned entity could significantly alter your customer or counterparty’s risk profile and put your institution in jeopardy.

    Organizations also typically screen customers or financial counterparties against readily available sanctions lists provided by the four heavyweights: the US Treasury Department’s Office of Foreign Assets Control (OFAC); Her Majesty’s Treasury (HMT); the European Union (EU) and the United Nations (UN)—as required by the regulators of most jurisdictions in which they operate. However, the risk of an organization encountering a local criminal or someone with adverse repute who is not on any of the heavyweights’ sanction lists is greater. It is therefore prudent to additionally screen for what we call Reputationally Exposed Persons (REPs), using local data on criminals, blacklists and lists of debarred companies released by the local regulators, authorities and law enforcement bodies of a particular jurisdiction.

    The COVID-19 pandemic has only increased the need for REP and adverse news screening. Already a global hotbed for sex trafficking and slavery, South Asia and many South-east Asian countries expect these and other crimes to worsen as a result of the pandemic. Lockdowns have pushed illicit activities further into the shadows, making it increasingly difficult for vulnerable parties to seek help. At the same time, more people are facing financial hardships that could force them into the arms of abusers out of desperation.

    Entity or name screening against sanctions lists alone is not likely to catch all the perpetrators of human trafficking and other humanitarian or financial crimes. A deeper and more complete view of the associated risk is required—one that looks at connections and alternative sources of information, while providing a localized view of organizations and customers that you are doing business with. That is exactly what screening using PEP, REP, adverse news and enforcement data brings to bear.

    To capture changing risk, screening should be conducted at onboarding and on a continual basis. This monitoring process ensures your customers or counterparties’ risk profiles are informed by the latest information, enabling you to trigger event-driven KYC reviews, take remediation actions quickly and protect your institution from regulatory and reputational scrutiny.
  2. Ever-changing regulations
    While KYC and AML screening continue to be vital components of proactive risk management, the goal posts keep shifting as regulators constantly adjust their requirements for effective compliance and frequently publish updates to sanctions lists.

    According to our data, the four regulatory heavyweights saw 445 more records added throughout the first nine months of 2020 alone, as more entities were freshly barred from participating in the global financial system due to their roles in elections interference, arms trafficking, and human rights abuses, for example. The US’ Office of Foreign Assets Control – Sanctions Programs and Information (OFAC), in particular, has continued to release updates at pace despite the pandemic, reinforcing the adage “crime never sleeps”.

    A case in point is OFAC recently placing six Hong Kong- and China- based shipping companies on its specially designated nationals (SDN) sanctions list in connection with prohibited transactions involving the Islamic Republic of Iran Shipping Lines. Reach Group, one of these shipping companies, had business ties with Iran’s shipping industry that predated the sanctions regimes of both the Obama and Trump administrations, but it was ultimately punished for not remediating its behavior since these regulations came into effect. 

    Against the backdrop of the pandemic and increasing geopolitical conflicts, sanctions are getting complicated and it is important that organizations conduct deeper Enhanced Due Diligence (EDD) on their customers and counterparties, rather than a mere name-matching exercise against a basic dataset.

    The periodic KYC process leaves out key changes in regulatory information, exposing institutions to increased risk. When running a KYC review once every 12 to 36 months, an organization would only produce a snapshot of the customer or counterparty’s risk at a single point in time. However, when performing on-going screening, you view the equivalent of a livestream video.

    Automating ongoing screening enables institutions to know exactly when their customer or counterparty’s risk status changes with minimal cost and manual effort. Remediation can happen as the need arises to mitigate unnecessary risk between reviews. By leveraging continuous screening, organizations can closely manage their business relationships in real-time.
  3. Elusive ownership structures
    According to the recent FinCEN leaks, banks in India, Singapore and New York were found to have moved money for Altaf Khanani, a Pakistani money launderer who is also said to have been a key financier for drug cartels and terrorist organizations like Al-Qaeda, Hezbollah and the Taliban.

    Elusive ownership structures played a part in this, as Khanani’s operations were done through a Dubai-based company and his dealings with a small New Delhi-based firm. Other companies eventually found to be associated with Khanani were also used for multiple transactions through Standard Chartered Bank and Deutsche Bank.

    Regulators are increasingly requiring ownership structures to be defined down to even 10% of ownership, in some jurisdictions: to facilitate a more comprehensive understanding of who is behind your customer or counterparty. This has proven to be a difficult feat for KYC teams, as gathering such information is complex and time consuming. In addition, there is often no concrete audit trail to track and demonstrate this research to regulators. Relying on a central repository of Ultimate Beneficial Ownership information can combat this tedious process and ensure organizations remain compliant. By choosing a reference set fueled by the most accurate and regularly updated UBO data, you can be confident that you know who is behind your customer or counterparty’s organization during the onboarding and review process.

Transforming your KYC DNA

To avoid unnecessary KYC and money laundering breaches in 2021, any organization involved in a financial transaction (not just banks)—must consider how to best manage the gaps created by each of the abovementioned blind spots.

Our recommendations to address these blind spots include digitalizing processes and streamlining back-end architecture to cut across operations and prevent screening from happening in a silo. Then, look at AI, application programming interfaces and other KYC rules-engines and case management solutions to enable greater screening efficiency and effectiveness. Finally, form an action plan to address any red flags that may emerge.

While transformation does not happen overnight and there is no silver bullet to managing financial crime compliance challenges, having the right framework and technologies in place will no doubt strengthen your day-to-day KYC DNA and contribute to your organization’s business success this year and beyond.