Cultivating Best Practices for Staying Ahead of Trends and - - PowerPoint PPT Presentation

Cultivating Best Practices for Staying Ahead of Trends and Developments in the Banking Industry

Jean Philippe Soubry Compliance Services Director, Asia Pacific SWIFT

A. THE GLOBAL PAYMENTS INITIATIVE (GPI) B. DE-RISKING: FACTS & FIGURES C. SWIFT FCC: WHAT’s NEW? D. KYC and CYBER SECURITY

5

SWIFT gpi: secure, faster, traceable & transparent cross-border payments 1 Faster payments

Same day use of funds*

Traceable

End-to-end payment tracking

2 3 Transparent fees

Deducts and FX

4 Full remittance data

Unaltered reconciliation info

Your company Beneficiary

gpi

Intermediary bank

Beneficiary’s bank Your bank *Within the time zone of the receiving gpi member

SWIFTgpi

Rulebook

$

Invoice

a1700db1-90b2-4948-83d8-6309c5c34a3d

Singapore Business Forum - February 2017

A. THE GLOBAL PAYMENTS INITIATIVE (GPI) B. DE-RISKING: FACTS & FIGURES C. SWIFT FCC: WHAT’s NEW? D. KYC and CYBER SECURITY

7

REPUTATIONAL/FINANCIAL RISKS and DE-RISKING

75% of the large global banks have reported a decline in their number of CBRs

Source: The World Bank

Some will reduce their number of CBRs by more than 50%

Source: SWIFT / ADB

75% 50%

Number of Active Correspondents

• 500

1,000 1,500 2,000 2,500 3,000 3,500 Singapore Malaysia Indonesia Thailand Vietnam Philippines Cambodia Brunei Darussalam Myanmar Laos 2014 2015 2016

• 1.05%
• 4.50%
• 8.16%
• 4.79%
• 0.64%
• 8.38%

+33.71%

• 0.69%
• 10.61%
• 0.70%

23.5 24 24.5 25 25.5 26 26.5 27 1 2 3 4 5 6 7 8 Jan-14 May-14 Sep-14 Jan-15 May-15 Sep-15 Jan-16 May-16 Sep-16 APAC Active Correspondents Thousands APAC Transactions Sent Millions Transactions sent Active Correspondents

8

DE-RISKING: Potential consequences

For Financial Institutions

1. Higher costs for KYC and remittances 2. Difficulty to maintain and establish new relationships 3. Loss of clients or business opportunities

For Countries

1. Lower regional integration 2. Lesser trade 3. Slower growth

“(…) processing U.S. dollar checks is now lengthier and costlier, with

• ne major bank indicating a cost
• f US$150 per check”

IMF “ De-risking has the potential to destabilize our economies, promote financial exclusion and increase poverty levels. ” CBCS

9

DE-RISKING EXPLAINED

75% 50%

Source: SWIFT / ADB

DE-RISKING EXPLAINED

10

15.5 Billion $

fines levied on financial institutions in 2015 for violation of sanctions regulations

Global review of banking relationships both on profitability and on compliance

11

DE-RISKING EXPLAINED DERISKING FACTORS: Suggested Solutions 1. COST: Reduce the cost of KYC/EDD 2. RISK: Put the right controls in place 3. TRANSPARENCY: Communicate proactively

12

HOW CAN SWIFT HELP? Global utilities DERISKING FACTORS: Suggested Solutions 1. COST: Reduce the cost of KYC / EDD

 KYC Registry

2. RISK: Put the right controls in place

 Sanctions Screening / Testing  Name Screening  RMA Analysis  Daily Validation Reports  Compliance Analytics  Etc.

3. TRANSPARENCY: Communicate proactively

 KYCR  Audit reports (incl. security audit)

A. THE GLOBAL PAYMENTS INITIATIVE (GPI) B. DE-RISKING: FACTS & FIGURES C. SWIFT FCC: WHAT’s NEW?

KYC Registry Sanctions Screening (NEW) Name Screening RMA Analysis (NEW) Payment Data Quality & others

• D. KYC and CYBER SECURITY

NSS – Demo

KYC The KYC Registry Global depository of due diligence documents and data

• 3,500+ financial institutions
• 1,000+ in APAC
• 200+ countries and territories

SWIFT Traffic Profile Aggregated view of transaction activity with high-risk jurisdictions KYC Adverse Media Access to news and regulatory notices about (potential) customers RMA Analysis Understand which of your RMAs have been dormant or inactive, hence creating unnecessary costs and risks COMPLIANCE ANALYTICS Compliance Analytics Global view of your organization's SWIFT message traffic

• 32 financial institutions
• Customer base represents 45% of SWIFT

payments

• 750+ end-users

(NEW) Payments Data Quality Assess quality of originator and beneficiary information to comply with FATF Recommendation 16 (NEW) Daily Validation Reports Detect unusual payment flows quickly and easily SANCTIONS Sanctions Screening Transaction screening with Automatic List updates

• 600+ customer institutions
• 140+ in APAC
• 22 central banks

Sanctions Testing Test, fine-tune and optimize filters and lists with third-party insurance

• 40 customer institutions
• 4 of the top 5 US banks by asset
• Over half of the top 10 European banks
• 430 subscribers to Sanctions List Monitor

(NEW) Name Screening Service Screen individual names and customers, supplier and employee databases List Management Service Manage, customize and automate list data feeds

SWIFT Compliance: Top-4 priorities for LOCAL banks

A. THE GLOBAL PAYMENTS INITIATIVE (GPI) B. DE-RISKING: FACTS & FIGURES C. SWIFT FCC: WHAT’s NEW?

• KYC Registry

Sanctions Screening (NEW) Name Screening RMA Analysis (NEW) Payment Data Quality & others

• D. KYC and CYBER SECURITY

PROBLEM: The cost of KYC & EDD is too high

Maintaining existing relationships is time-consuming, risky and costly DUPLICATED NON-STANDARDIZED INACCURATE TIME-CONSUMING

SOLUTION: SWIFT KYC Registry

DUPLICATED NON-STANDARDIZED INACCURATE TIME-CONSUMING CENTRALIZED STANDARDIZED VALIDATED EFFICIENT

Standardised baseline Up-to-date information Data verification by SWIFT Cooperative business model Secure, user-control access

More than 3,500 financial institutions

1,800+ in Europe, Middle East and Africa 1,000+ in Asia Pacific 600+ in the Americas 200+ countries and territories worldwide C:\Users\jsoubry\Desktop\KYCR\Counterparty coverage by region 2017 v1.xlsb

Launched in December 2014 in collaboration with Bank of America Merrill Lynch, Barclays, Citi, Commerzbank, Deutsche Bank, Erste Group Bank AG, HSBC, ING, J.P.Morgan, Raiffeisen Bank International AG, Societe Generale, and Standard Chartered Bank.

19

SWIFT KYC Registry, the new global standard

434

100 200 300 400 500 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec New APAC Users in 2016…

1456

200 400 600 800 1000 1200 1400 1600 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec New Global Users in 2016 (Accumulative)

21

"The KYC Registry will be a key differentiator in ensuring the correspondent banking industry increases the accuracy and efficiency around its KYC process. This is not a 'nice to have' but rather an imperative (…)” Standard Chartered

C:\Users\jsoubry\Desktop\KYCR\KYCR Baseline & SWIFT Support.pdf

"Data collection times in many cases have been reduced from days or weeks to a few hours" Unicredit “(…) Converse Bank positions itself as a more transparent, trustworthy and reliable business partner in its relations with existing and potential correspondent banks." Converse Bank

A. THE GLOBAL PAYMENTS INITIATIVE (GPI) B. DE-RISKING: FACTS & FIGURES C. SWIFT FCC: WHAT’s NEW?

KYC Registry

• Sanctions Screening

(NEW) Name Screening RMA Analysis (NEW) Payment Data Quality & others

• D. KYC and CYBER SECURITY

CHEATSHEET: Why manual checks are not enough

• Lists are updated all the time

Example: SWIFT sanctions lists have been updated 360 times last year => Manual updates have to be done everyday

• Banks need to check all message content, not only name

Example: Sanction lists also include legal entities, addresses, passport number, countries etc. => screening name is not enough

• Free lists don’t provide full coverage

Example: There are 112 spelling variations in Muammar Kaddafi’s name in print media (see table below) OFAC list provides 8 of them, the UN sanction uses only 1 => Manual screening will only stop 9 out of 112

Qaddafi, Muammar Kaddafi, Muamar Muamar Al-Kaddafi Mu'ammar Qadafi Moammar Khadaffy Muammer Gadaffi Al-Gathafi, Muammar Kaddafi, Muammar Muamar Kaddafi Muammar Qaddafi Moammar Khaddafi Muammer Gaddafi al-Qadhafi, Muammar Kadhafi, Moammar Muamer Gadafi Muammar Qadhafi Moammar el Gadhafi Mummar Gaddafi Al Qathafi, Mu'ammar Kadhafi, Mouammar Muammar Al-Gathafi Mu'ammar Qadhdhafi Moammer Gaddafi Omar Al Qathafi Al Qathafi, Muammar Kazzafi, Moammar Muammar al-Khaddafi Muammar Quathafi Mouammer al Gaddafi Omar Mouammer Al Gaddafi El Gaddafi, Moamar Khadafy, Moammar Mu'ammar al-Qadafi Qadafi, Mu'ammar Muamar Gaddafi Omar Muammar Al Ghaddafi El Kadhafi, Moammar Khaddafi, Muammar Mu'ammar al-Qaddafi Qadhafi, Muammar Muammar Al Ghaddafi Omar Muammar Al Qaddafi El Kazzafi, Moamer Moamar al-Gaddafi Muammar al-Qadhafi Qadhdhāfī, Mu`ammar Muammar Al Qaddafi Omar Muammar Al Qathafi El Qathafi, Mu'Ammar Moamar el Gaddafi Mu'ammar al-Qadhdhafi Qathafi, Mu'Ammar el Muammar Al Qaddafi Omar Muammar Gaddafi Gadafi, Muammar Moamar El Kadhafi Mu`ammar al-Qadhdhāfī Quathafi, Muammar Muammar El Qaddafi Omar Muammar Ghaddafi Gaddafi, Moamar Moamar Gaddafi Mu'ammar Al Qathafi Qudhafi, Moammar Muammar Gadaffi Omar al Ghaddafi Gadhafi, Mo'ammar Moamer El Kazzafi Muammar Al Qathafi Moamar AI Kadafi Muammar Gadafy Gathafi, Muammar Mo'ammar el-Gadhafi Muammar Gadafi Maummar Gaddafi Muammar Gaddhafi Ghadafi, Muammar Moammar El Kadhafi Muammar Gaddafi Moamar Gadhafi Muammar Gadhafi Ghaddafi, Muammar Mo'ammar Gadhafi Muammar Ghadafi Moamer Gaddafi Muammar Ghadaffi Ghaddafy, Muammar Moammar Kadhafi Muammar Ghaddafi Moamer Kadhafi Muammar Qadthafi Gheddafi, Muammar Moammar Khadafy Muammar Ghaddafy Moamma Gaddafi Muammar al Gaddafi Gheddafi, Muhammar Moammar Qudhafi Muammar Gheddafi Moammar Gaddafi Muammar el Gaddafy Kadaffi, Momar Mu`amar al-Kad'afi Muammar Kaddafi Moammar Gadhafi Muammar el Gaddafi Kad'afi, Mu`amar al- Mu'amar al-Kadafi Muammar Khaddafi Moammar Ghadafi Muammar el Qaddafi

“The Sanctions Screening service allows us to comply with the sanctions laws by blocking and flagging prohibited transactions. It is an easy-to-use solution that keeps us up-to-date and reduces the operational complexity …”

Huang Weibo, Head of International Business, Huizhou Rural Commercial Bank in China

Public Sanctions lists available on SWIFT Sanctions Screening

Public sanctions lists updated by SWIFT daily

36

+ Private lists & Good-guys lists

managed by the users

Country Description Australia Department of Foreign Affairs and Trade (DFAT) DFAT Iran Specified Entities List DFAT Country List Canada Office of the Superintendent of F.I. (OFSI) OSFI - United Nations Act Sanctions Department of Foreign Affairs and Trade (DFAIT) DFAIT Countries Embargoes European Union European Official Journal EU Countries Embargoes EU Ukraine Restrictive Measures France Journal Officiel français Hong Kong Hong Kong Monetary Authority (HKMA) HKMA Countries Embargoes Japan Ministry of Finance Special Measures Netherlands Frozen Assets List - Dutch Government New Zealand New Zealand Police China Ministry of Public Security of the PRC Ukraine State Financial Monitoring Service of Ukraine National Security and Defense Council (NSDC) Country Description Norway Ministry of Foreign Affairs (MFA) list MFA United Nations list MFA Countries Embargoes Singapore Monetary Authority of Singapore - Investor Alert List Singapore Government - Terrorism (Suppression of Financing) Act Switzerland Secrétariat d'Etat à l'Economie (SECO) SECO Countries Embargoes United Kingdom Her Majesty's Treasury HMT Countries Embargoes HMT Ukraine Restrictive Measures United Nations United Nations UN Countries Embargoes United States

• f America

Financial Crimes Enforcement Network (FINCEN) OFAC Specially Designated Nationals OFAC Embargoed Countries OFAC non-Specially Designated Nationals, including:

• OFAC Palestinian Legislative Council
• OFAC Part 561
• OFAC Foreign Sanctions Evaders
• OFAC Sectoral Sanctions Identifications
• OFAC Non-SDN Iranian Sanctions Act
• OFAC 13599 list

SWIFT Sanctions Screening

Your institution Your correspondents

• Automated screening engine
• No Hardware needed
• Block and report non-compliant

trades in real time (web based GUI)

• 36 lists
• Updated daily
• Private list and good guys list

600+

Clients

120+

countries

22

central banks

SWIFT Sanctions Screening Users since launch in 2012

120 in APAC

A. THE GLOBAL PAYMENTS INITIATIVE (GPI) B. DE-RISKING: FACTS & FIGURES C. SWIFT FCC: WHAT’s NEW?

KYC Registry Sanctions Screening

• (NEW) Name Screening

RMA Analysis (NEW) Payment Data Quality & others

• D. KYC and CYBER SECURITY

SWIFT Name Screening: Reduce your Risk Profile

• Name Screening
• Screen single names, as well as customer, supplier and employee databases
• Includes Sanctions, PEP and private lists
• Options

1. New client screening: Online screening 2. Periodic reviews: Batch Name screening 3. Real-time updates: API

NSS – Demo

PEP Lists SOR Lists Sanctions Lists Private Lists Adverse Media

SLD Bespoke by Institution

Public Sanctions Lists provided by SWIFTs List

• Mgmt. Operations team have

been cleansed, standardised and enriched with BIC and ISO country codes. They are updated on a daily basis. Providing institutions with an easily manageable list scope. Using Dow Jones world- class global Politically Exposed Persons (PEP) lists Customers can segment categories to screen against. Both domestic and international lists Focuses on PEPs, and relatives and close associates (RCAs) who could pose a risk. Sanctions Ownership Research covers associated entities of sanctioned individuals from all jurisdictions on EU and OFAC lists if they;

• have 10% or more
• wnership
• are on the Board of

Directors

• have controlling

interest Sourced by DJ’s specialist research team Institutions have the flexibility to upload their

• wn bespoke lists to be

screened This also includes local lists that are not publicly available (e.g MAS lists that are only provided directly to SGP institutions) Powered by Dow Jones Adverse Media lists Benefitting from DJs specialist research teams with vast language skills 4 categories can be filtered – Regulatory, Financial, Environmental and Social

Mandatory Report Mandatory EDD Sanctions EDD AML Policy (Optional) Risk Based Approach

March 2017 Q3 2017

How do you use NSS Online?

Enter Entity Decision Workflow Results & Audit

• Clients
• Suppliers
• Employees
• Individuals
• Companies
• Organisations

Review Sanctions and PEP alerts Decision workflows based

• n requirements.

2 eye or 4 eye Checks

Investigate Entity

Fuzzy matching and other advanced alerting techniques generate a match based on:

• Sanctions lists
• PEP & other lists
• Private lists

NSS – Demo

A. THE GLOBAL PAYMENTS INITIATIVE (GPI) B. DE-RISKING: FACTS & FIGURES C. SWIFT FCC: WHAT’s NEW?

KYC Registry Sanctions Screening (NEW) Name Screening

• RMA Analysis

(NEW) Payment Data Quality & others

• D. KYC and CYBER SECURITY

RMA analysis and review 33

What is RMA

RMA (Relationship Management Application) is a SWIFT mechanism to control the traffic you want to accept from your correspondents and vice-versa

34

Why is it important to review your RMA relationships? Wolfsberg Guidance on SWIFT Relationship Management Application (RMA) Due Diligence (Jul 2016) - extracts

Why is it important to review your RMA relationships?

Correspondent Risk Open door to undesirable traffic

750k +

Dormant relations with APAC BICs

50%

Of total number of outstanding RMA relations is dormant on average

Cost of relationships

RMA Analysis: Process

• 1. Identify the status of RMA relationships

Traffic No Yes

Not in recent 12 months In recent 12 months

Unused Dormant Active

• 2. Provide Report
• 3. Clean-up RMAs (optional)

A. THE GLOBAL PAYMENTS INITIATIVE (GPI) B. DE-RISKING: FACTS & FIGURES C. SWIFT FCC: WHAT’s NEW?

KYC Registry Sanctions Screening (NEW) Name Screening RMA Analysis

• (NEW) Payment Data Quality & others
• D. KYC and CYBER SECURITY

Other Compliance Solutions to Reduce your Compliance and Reputational Risk

• Sanctions Testing
• Test your existing Sanctions Screening system’s performance and refine the filter to reduce manual
• intervention. Benchmark your performance & risk profile against the industry practices.
• (NEW) Payments Data Quality
• FATF recommendation 16: Beneficiary as well as originator information should be included in wire

transfers and related financial messages

• Provides a global overview of group-wide payments data quality
• Compliance Analytics
• Monitor Country risks, Sanctions, Counterparty risk, nesting activities, suspicious transactions etc.
• Unique to SWIFT
• (NEW) List Management
• Automatic update, cleaning and enrichment of all Major Sanctions Lists
• Helps your bank and your correspondents ensure you are using correct, complete and up-to-date lists

A. THE GLOBAL PAYMENTS INITIATIVE (GPI) B. DE-RISKING: FACTS & FIGURES C. SWIFT FCC: WHAT’s NEW?

D. KYC and CYBER SECURITY

40

Payment fraud prevention and detection – What we know

Challenges are:

• Knowing you have been attacked
• Understanding the nature of the attack
• Knowing how to respond to incident

Attackers are organised, sophisticated and well funded Modus operandi

CSP | Overview

You Your Counterparts Your Community

Secure and Protect Share and Prepare Prevent and Detect

Customer Security Programme

“There are only two types of companies: those that have been hacked and those that will be hacked”

Robert S. Mueller, III, Director FBI

41

Internal Security Audit as part of KYC? Daily Validation Reports

SWIFT DVR USAGE

Validate you daily inbound or outbound traffic Focus your investigation and quickly identify anomalies

Daily Validation Reports – CSP – Transaction Pattern Detection – Nov 2016

Validates your daily traffic High variation in traffic compared to average – does not match records! Currency report

SWIFT DVR USAGE

Validate you daily inbound or outbound traffic Focus your investigation and quickly identify anomalies

Daily Validation Reports – CSP – Transaction Pattern Detection – Nov 2016

Identify suspicious transactions & focus your investigation Uncharacteristic high value or high volume transactions Counterparties

Daily Validation Reports – CSP – Transaction Pattern Detection – Nov 2016

Quickly identify new payment flow combination New payment flow not seen in the last 24 months New Counterparties

Daily Validation Reports – CSP – Transaction Pattern Detection – Nov 2016

CHEATSHEET: How DVR can help identify fraud – A fictitious scenario Attackers gain access to the back office systems of Bank X and send fraudulent payments. A total of $150M in fraud is sent from Bank X to accounts in Bank Y ($100M) and Bank Z ($50M). Statements are intercepted by malware in Bank X’s environment – payment records are wrong! Payments to Bank Y are uncharacteristic, values are usually lower! There have been no previous payments to Bank Z

Bank X Bank A Bank Y Bank B Bank Z

11 fraudulent payments totalling $150M 1 fraudulent payment

• f $50M

10 fraudulent payments totalling $100M

Identifies new counterparties Validates activity Highlights unusual payments 1 2 3 1 2 3

DVR Benefits

Validates

Back-office

Detects

Incident response with

• Uses SWIFT’s record of

institution traffic

• No reliance on integrity of

internal systems

• Identify deviations from

usual

• Highlights new

relationships

• Daily refresh for quick

recovery A simple, secure way to validate your SWIFT transaction activity and understand your payment risks

Secures

Data protection with

• Centrally hosted
• SWIFT.com protected

access

• Out-of-band

Daily Validation Reports – CSP – Transaction Pattern Detection – Nov 2016

Conclusion

HOW TO TURN COMPLIANCE INTO A COMPETITIVE ADVANTAGE?

HOW SWIFT HELPS TURN COMPLIANCE INTO A COMPETITIVE ADVANTAGE: Conclusion

 REDUCE YOUR COMPLIANCE COSTS  REDUCE YOUR RISK PROFILE & IMPROVE RISK MONITORING  COMMUNICATE TRANSPARENTLY

Q & A