How to Make AML/KYC Compliance More Effective
In a recent FinCEN advisory the regulator pointed to bad actors using digital manipulation of identity documentation as a significant risk to financial institutions. So what identity verification tools for KYC AML compliance are available to FIs that are fraud resistant and yet easy to use?
In this webinar we take a hands-on approach and show how the integration of CLEAR ID Confirm with the Alessa solution will make digital onboarding and customer reviews so much easier and reliable. We walk-through specific scenarios so you can see what data is available to you and how results can be incorporated into your AML compliance process.
Specific scenarios that we dissect during the session include:
- Onboarding an individual including document verification and due diligence for Know Your Customer
- Onboarding a new business, including reviewing and screening beneficial ownership information, for Know Your Business
- Performing a customer review based on a transaction alert
Q&A On AML/KYC Compliance
Q: (From within Alessa) is there a way to download the KYC responses from customers to Excel or CSV format?
A: Yes, absolutely. So those reports can also be printed, can also be exported into Excel or any other format. Absolutely.
Q: For international clients, does Alessa validate national identification numbers from all countries? I am thinking Venezuela, Kazakhstan, Russia, electoral record ID, driver licenses, etc.
A: In early 2021, within CLEAR there will be an international ID person verification option for 30 countries, including EU, China, India and Mexico. It does not include Canada right now.
Therefore, in response to that question yes, we are looking at all sorts of data sets such as just like in the U.S (like credit bureaus and national records). This will allow you to get to that better step one. Moreover, you do not have to be JP Morgan. You could be the community bank and have this type of solution.
I think it’s worth having a conversation with a risk specialist, whether it’s your existing vendor, or CLEAR, to understand what you already have, and what your needs are, and where the gaps are, and to see whether there is a solution that will meet your needs.
Q: What specific criteria is used to establish thresholds for individuals and businesses?
A: If you were leveraging the CLEAR data within Alessa as example, there will be an administrator at your business who would see the picklist. It’s actually all fully itemized. Every criminal record in the U.S. has been classified from a driving record to a bribery offense to murder.
Every type of lean docket, bankruptcy, every type of public record is sitting in a picklist and you just check boxes by what you want to see and the weight you want to give it. So something like an MRB license from, say, a professional law license, you are going to score those differently, but we let you see it. It is a very easy essentially module where you are just selecting the data components you want to see on a person or business.
So if we think about how due diligence used to be done and still is done in many places, it’s looking through 300-page reports, 100-page reports, or somebody who’s been in open-source Google searching and grabbing 50 websites and grabbing and building together some type of document. If you think about what I’m talking about here, in five seconds, I’ll grab all that data, categorize that data, read that data, and you can look at it in the form of a score and an overview document sitting right within Alessa. So you go from hours, if not days to seconds in that environment, seeing what you want to see.
Q: In my organization, UBO KYC is not mandatory. Can you elaborate the importance of having UBO KYC and its effects?
A: We all know everyone’s in different stages on how they are dealing with their beneficial owners. However, you are going to want to do an ID check on your beneficial owner anywhere they sit and we can offer that. Then, just being able to sanction screen those UBOs, again, that all sits within the Alessa platform.
And, truthfully, I know one of the enhancements we’re going to be adding into CLEAR, and someone like Alessa who’s a partner with us would obviously see it as we build enhancements. We’re getting more UBO directories and databases embedded into CLEAR. We are a data aggregator. We are constantly enhancing the data we gather and UBO is actually data we are going to be adding more information.
So I think everybody is struggling with what to do, right? There isn’t a U.S. example, a corporate registry that says I own 20% of my company. You’re getting that through other records, which is why there’s just an identity check really required. There really isn’t a way to confirm the percentage of ownership, but where those records exist, where companies are disclosing it, whether publicly, privately, what have you, we’re going to be aggregating more information around UBO.
I think it is important to reiterate that this is one of the tools that allows you to see your actual risk to fraud. We sort of talk so much about people showing up on OFAC lists and that, you know, I pretty much guarantee that everybody in our audience has shown up to a demo where somebody has screened somebody who’s actually on OFAC.
Those people are not the people who are coming into your institution and opening accounts. You have a regulatory requirement, but the people who are actually putting you at risk are the ones who are attempting to obfuscate who they are. Therefore, your return on investment is actually significant because of the fact that you are able to identify people who…people in organizations you truly do not want to do business with.
Q: Do you offer digital verification for consumers, including velocity rules, for IP address, geolocation stated versus actual?
A: There is a two-fold component to IDs today. There is a authentication component and that is the customer who owns the data presenting it. And that’s what this attendee’s asking us. There’s a second component and they have both have to be met. The second component is the person actually real? Is the business actually real?
We answered the second component. We’ll answer they exist as a true and correct person or a true and correct business. You’re going to be leveraging. And, I mean, we’re partnering to help solve that first prong, but that is really kind of is the device accurate. It says, is Amanda DuPont wanting to open this account? Is she based in a dine-in Minnesota per her cell phone, per her IP location, all those kinds of authentication components? So I hope that explains it’s actually a twofold issue.
I see some people only solving that device question and guess what? They’re fake people. That’s how synthetics are getting in the door. They’ve only done device and authentication. They have not validated in a true CIP manner the person is real. So it’s a two-prong issue. It’s important to get your hands around it. And it’s a good question because you all have to be educated on how fundamentally important both prongs are today.
Q: Can Alessa identify geographical risks?
A: Yes, absolutely. Alessa has customers applying that type of logic. So as long as that information is available, we can absolutely track and create rules around that.
We do have a webinar playback available on how to calculate geographical risks because there is not a standard list anywhere that you can use. And so, our presenter, Laurie Kelly had gone through how you can use different tools, including Transparency International, TRACE, and a few others on how to calculate geographical risk.
Q: Is there a way to create an internal company watch list as some high-risk persons may not receive a match or alert?
A: I hear it a lot and I definitely hear financial institutions making their own homegrown watch lists and sharing it internally. Yes, absolutely. So we have that capability, it’s called Custom List. So essentially any type of list that the customers maintain, we are able to process that and do screenings against that specific source of data.
Q: How long is the calibration period when onboarding a customer?
A: Building the rule sets, we like to give customers a tried and true starting point. And I’d say within, in truth, you know, depending on how much my AML/BSA team wants to dig into it a week has certainly been sufficient for their testing purposes. Everybody has different kind of risk tolerances. But if you’re already familiar with public records data, this really isn’t very complicated. It is just putting a filter on the data you want to see.
And I think the more the industry starts talking. Like I said, this is actually not new technology. This has been here. It’s being used in many spaces, typically more FinTech, but it’s just one of those things where it’s one of the hats you have to wear in the AML/BSA space. You have to know technology now and how to, you know, work with it. But truthfully, we have not seen it taking huge amounts of time to do tools like this.
Once all the rules are created, the validations, and the definitions, then it is a straightforward process just to enable that into Alessa.
Q: Can Alessa risk rate info as it relates to sanctions group followed by your specific jurisdiction?
A: It would be able to do that. Leveraging the tools we’re talking about, if they included our global sanctions data.
We have a risk profile module that is enabled in a customer’s implementation of Alessa. You can define the different factors, the weight, and how it is going to be affected. Whether it’s, for example, a hit on a sanctions list, maybe an ID verification fail, or maybe a transaction monitoring flag, how are those weights are going to affect the overall score? So yes, we have a flexible risk profile that can be implemented into Alessa that is completely aligned to their risk profile or risk-based approach.
Q: Does Alessa allow you to access reports gathered by other compliance officers as it relates to specific name clients via name ID and date of birth?
A: As part of the case management capabilities of Alessa, there is the capability to escalate, reassign, and the relying on different people. You can share the alert, you can share the case with other members, with other compliance officers so they can augment and maybe compliment that specific investigation process. So, yes, you define the roles, the privileges, and what type of access they will have into Alessa.