In just two months, the Final Rule for Customer Due Diligence (CDD) under the Bank Secrecy Act (BSA) will be live for covered financial institutions (those subject to Customer Identification (CIP) requirements, including banks, broker-dealers in securities, mutual funds, futures commission merchants and introducing brokers in commodities.
Designed to formalize new and existing customer due diligence (CDD) requirements, the Final Rule codified four anti-money laundering (AML) provisions or “pillars” found in Section 352 of the USA Patriot Act. In May 2016, FinCEN added a fifth pillar which requires covered institutions to establish risk-based procedures for ongoing CDD.
While covered financial institutions are required to know the identity of the individuals who own or control their legal entity customers (also known as beneficial owners), the standard is increasing significantly. The beneficial ownership requirement provides information that will assist law enforcement agencies in financial investigations, help prevent evasion of targeted financial sanctions, improve the ability of financial institutions to assess risk, facilitate tax compliance, and advance U.S. compliance with international standards and commitments.
Much has been written about the beneficial ownership and controller aspects of the fifth pillar, but there’s been much less discussion around the account activity review requirement. Most financial institutions take a client-centric view to understand the nature and purpose of their relationships, but rarely review account activity from both a client and individual account perspective. With the Fifth Pillar final ruling, financial institutions are now required to ascertain the purpose of the account, account operating behavior, and which products and/or services are in use, as well as the volumes and values of transactions. Account-level analysis enables financial institutions to improve their risk management while better understanding client needs.
Many institutions are now setting activity thresholds which are tested against bank accounts. These thresholds are typically static in nature and estimated by clients or relationship managers to approximate the expected activity of accounts in terms of both volume or transactions and their value. Deviation of activity from what is expected can be considered a red flag in terms of identifying possible money laundering. Setting static thresholds is a good start and better than not setting any activity thresholds.
However, being able to get a view on expected account activity in a fashion that is specific to individual accounts, while controlling for expected deviations driven by seasonality, foreign exchange deviations or any other legitimate driver of change is paramount to understand the risks inherent with a particular account.
This is where artificial intelligence (AI), machine learning and advanced data analytics can help. The ability to mathematically understand the context of an account, and then calculate a dynamic expectation of activity will eliminate many false positives that are often triggered using traditional static methods. Equally important is the ability to identify the true risks when an account displays an anomaly that may be within a static threshold.
Fortunately, implementation of the technology and setup is easy for banks and covered financial institutions in that there is no need to manually evaluate accounts or set a threshold – this is all done automatically. Analyzing at least six months of account activity can create fine-grained expectations of future behavior.