On October 5, 2020, Ron Giammarco, EY Americas Financial Crime Operations, Technology and Managed Services Leader, addressed the SIBOS audience on the topic of ‘Friction or fiction: compliance in a real-time world.’
After the event, The Paypers discussed with Ron what his main takeaways of the event were.
Ron, you have impressive professional experience in anti-money laundering (AML), know-your-customer (KYC), and sanctions risk management. Could you tell us more about it? What is the state of play of the AML and KYC processes/strategies within financial institutions across the world?
I’ve been working in financial crime compliance and risk management domains for my entire career. It’s an area that I’m very passionate about, as I find helping our clients improve their programs and overcome technical and business challenges incredibly rewarding.
In terms of the state-of-play across the industry, as you would expect, there are significant differences in the maturity, complexity, and technological capability among financial institutions around the world as it relates to their AML, KYC, and sanctions processes. Many have been built and rely on highly manual processes, although some have begun to utilise innovative, quantitative approaches to financial crime risk management and implement advanced technologies to automate these manual activities and analyse larger data sets. Most large/global institutions fall somewhere in between, where smaller institutions may have different or lower AML risk profiles or lesser funds to spend on technology innovation.
While working for EY Americas Financial Crime Compliance Innovation, Technology & Operations, have you spotted any particular fraud characteristics in this Region (North and South America)?
The Americas Region is particularly characterised by identity-based frauds, such as synthetic identity, identity theft, and account takeover events. The region places a high value on decentralisation and market-based services, so it’s very fragmented, resulting in many ‘sources of truth’ regarding identity. For example, the US does not have a single database of residents, a national identifier, or a central authority that validates identities or monitors transactions. Instead, we have hundreds of forms of official physical ID. Fraudsters exploit this to create synthetic identities and shell accounts.
Law enforcement relies heavily on financial institutions to proactively prevent fraud and detect and report on other financial crimes based on the data that flows through their institution. Thus, a fraudster can get away with millions of dollars through attacks on dozens of institutions over a period of months to years, create a new set of identities and start the cycle again. The problem isn’t only with banks. Insurance and wealth management fraud has been steadily increasing for many years.
The consequence is that regulators place ever-increasing expectations on financial institutions to invest in control and monitoring processes and technologies. The good news is that the move toward digital channels creates a wealth of data. Financial institutions have made great strides in mining this data to reduce the risk of financial crime with the help of technological advancements such as machine learning, biometrics (physical and behavioural), and link analysis.
In a world where customers expect speed, certainty, and transparency in payments, in what way do traditional correspondent banking models need to evolve to secure transactions?
There’s no doubt that there has been tremendous change in the payments landscape. Customer expectations are certainly changing, and much of this has been driven by the rise of new payment methods and fintechs.
There has also been significant change in correspondent banking models. US financial institutions have gone through extensive efforts to re-evaluate the risks associated with correspondent banking. Many institutions have reduced the number of correspondent banking relationships they maintain; changed or eliminated some of the highest-risk correspondent banking services (for example, nested correspondent banking); and eliminated relationships in jurisdictions that are perceived to be very risky.
This is a good start, but more needs to be done. Many financial institutions must enhance their AML, KYC, and sanctions screening processes, and their surveillance and data analytics capabilities. Additionally, the financial services industry and its service providers must drive greater collaboration to achieve better outcomes. A good example of this is the development of the SWIFT KYC Registry, which can drive down KYC efforts and costs for many financial institutions and results in better financial crime prevention outcomes due to consistency and breadth of available data.
Finally, financial institutions must work with their regulators and their governments to enhance information sharing protocols to allow for greater data availability and, therefore, improved monitoring.
How can innovation/technology help to fight financial crime?
Innovations in technology must be a key tool that financial institutions use to identify financial crime. Replacing poorly performing legacy systems with better solutions and utilising the latest techniques in artificial intelligence and machine learning can significantly enhance a financial institution’s surveillance capabilities, reduce the amount of time spent analysing false positive suspicious activity alerts and identifying fraud patterns proactively. Leveraging innovative capabilities can help financial institutions move compliance activities that are performed periodically in a batch mode to more real-time activities that can identify changing customer behaviours much faster and proactively.
An example of this is the KYC refresh process utilised in most global financial institutions. Today, most institutions evaluate the AML risk of their customer relationship periodically over a one- to five-year cycle based on their customer risk rating. Innovative financial institutions are moving to a dynamic KYC process whereby customer data is gathered from multiple internal and external (both public and private) sources, coupled with the monitoring of customer transaction activity to proactively identify changing behaviour, red flags, and risk identifiers.
How can the financial community together with payments experts and regulators stop and prevent cyber criminals and fraudsters from defrauding the financial system?
There needs to be a focus on solving the ‘identity’ problem. Institutions must continue the push to use large data sets and advanced analytics to resolve digital identities, determine any links to real-world identities and focus their control at the customer level. However, this alone won’t be enough.
Increased collaboration and data sharing amongst the institutions will enhance the effectiveness of resolving digital identities, as well as identifying fraud. Increased industry data sharing and consortia would make this more cost-effective, but also would create single points of failure that fraudsters will focus on. Collaboration with government entities and other industries can also help make sure bad actors are shut down faster. However, institutions will remain the first line of defence and, thus, they must have risk frameworks to evaluate and corroborate identity data across a broad range of external sources. They must secure interactions through an ‘immune system’ of strong multifactor authentication measures, such as combinations of customer biometrics and device fingerprints, proactive risk identification, and real-time customer interaction. Incentives are very important here. In today’s environment, the incentives for individual consumers to fight to mitigate fraud are very limited. They typically don’t end up with any financial loss and only suffer minor inconveniences in dealing with reporting fraud. If that trend continues, it will continue to be difficult to truly combat the fraud problem. Since banks have very limited control over the behaviours of each individual customer, they aren’t able to control their security hygiene and, thus, the individuals tend to be the weakest link in the chain. The industry needs to look for more opportunities to incentivise customers to be better stewards of their own security.
About Ron V. Giammarco
Ron is EY Americas Financial Services Information Technology Consulting Partner and EY Americas Financial Crime Operations, Technology and Managed Services Leader. He brings innovative approaches to help EY clients manage their financial crime risks and regulatory requirements. He holds an MBA from Columbia Business School and a BBA in Accounting from Baruch College.
About EY
EY is a global leader in assurance, tax, strategy, transaction, and consulting services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now