In recent years, financial services firms have faced increased scrutiny as they worked to protect their data and comply with new regulations. And while some firms are successfully navigating the complexities of these regulations, others are struggling to keep up. Why? Because there are flaws in their systems and the way that they manage critical financial data.
Fitch Rating uncovered that of 1,500+ media reports on financial crime, governance, regulatory issues, or institutional scandals related to banks, regulatory fines accounted for more than half of the 600 filings on governance failures. Take, for example, Citi. According to BankingDive, the U.K.’s Financial Conduct Authority (FCA) “fined Citi more than £12.5 million ($14.8 million) for failing to effectively monitor trading activity for potential insider deals and market manipulation between 2016 and 2018.”
When the FCA introduced its expanded requirements for detecting and reporting market abuse, it took Citi nearly 18 months to determine the effectiveness of its automatic surveillance systems. And their assessment revealed that, at the time, the bank had almost no oversight over nearly half of trades in the second-most serious category of risks.
At the core of regulatory compliance and risk management is data. And when companies fail to fully implement new provisions when required, their systems fail, resulting in persistent issues with mitigating risk, data governance and managing internal controls.
Unfortunately, when it comes to regulations and compliance, Citi was not the first – nor will they be the last – to uncover flaws in their systems.
A number of years ago, when the Panama Papers and other offshore leaks were the subject of news stories, an article emerged about a woman, a resident of a small island in the Caribbean, who was listed as a director of over 1200 companies. Many of those companies listed her addresses as post office boxes or other non-residential addresses, while a few listed unknown residences in the Channel Islands or the Caribbean. She also had a partner who was listed as a director of another 1000 or so legal entities, many of which were incorporated in jurisdictions known for their favorable tax rules.
This story immediately sparked a thousand questions, mostly from a risk perspective.
How was she able to open a bank account in most jurisdictions?
Did she have to disclose herself as a beneficial owner/director of all 1200 companies?
How much time did it take her to open an account, as all of those 1200 companies would have to be validated by the financial institution opening the account?
At the time, most financial institutions relied solely on information provided by the customer to create their records and estimate the risk profile of the customer. So in this case, not disclosing directorship in any of these entities was not easy to discover, and thus the financial institution would likely record her as a low-risk resident of a quiet island in the Caribbean.
Years before this story developed, regulations were put in place that required financial institutions to accurately identify their customers and use a risk-based method to profile them (USA PATRIOT Act, EU AML directives, etc.). Identification of beneficial ownership has long been one of the requirements of customer identification and due diligence programs in order to prevent sanctioned entities and criminals from using shell companies to benefit from global financial markets.
But more recently, many regulators across the world released clarifications and improvements to existing identification and beneficial ownership requirements to keep up with the times. Some amended older regulations to clarify what is expected from due diligence, some merely encouraged financial institutions to use machine learning and AI in their AML programs. A common trend across new regulations is to use a more comprehensive approach to KYC and AML, either via the use of technology or the use of external data sources.
Fast-forward to today where financial institutions are beginning to use external data sources during their customer onboarding processes. The low-hanging fruit here includes using lists like OFAC SDN, which help organizations quickly compare a potential customer against sanctioned entities and individuals. Once sanctions screening is complete, the next most common step includes running a customer’s name against a politically exposed persons list to identify any linkages to senior political figures, and checking for any negative mentions in the media.
While use of external data to enrich customer data is on the rise, even today, not all institutions use third-party systems and additional data sources to enrich customer data to get a more comprehensive view. And this impedes their ability to deliver clean, accurate, mastered data linked to business outcomes.
But let’s imagine what a comprehensive customer 360 view could look like with further enrichment from external sources.
Organizations can enrich individual data using internal sources such as employee and supplier master data, while employing external sources like credit history and affiliate marketing data to further enrich customer profiles for both compliance and sales purposes. Other third party enrichment options include:
Comparing individual records to public data to gather a complete profile of the customer and ensure that your customer is a real person with a real address.
Enriching legal entity data using GLEIF or Dun & Bradstreet to clean and normalize legal entity names.
Looking into public corporate records and address information to ensure that a legal entity is an actual business with an actual address. Obtaining legal entity parent information can speed up the quest to identify Ultimate Beneficial Ownership.
And lastly, running a quick search engine check to enrich your customer data with publicly searchable data to ensure no data point is left out.
Once you’ve fully enriched all records with these datasets, you can then produce more accurate golden records that deliver a holistic view of key business entities in order to enable data-driven decision making across the organization.
If we think back to our story above, if any of the 1200 entities or the director herself decided to open an account at an institution powered by external reference data, it would have taken only moments to find those names in any of the offshore leaks database and identify all associated parties.
Most legacy master data management systems are not designed to integrate seamlessly with external sources, and traditional MDM systems are not scalable for the variety and volume of modern data. Tamr takes a different approach by leading the way for machine learning-driven data mastering at scale. Tamr Mastering uses machine learning with humans in the loop to improve your data quality and seamlessly connect with various internal and external sources, including search engines, to help you enrich and master your customer data. Tamr’s turnkey data products accelerate your time to value through a low-code/no-code environment that provides industry-specific data schemas, a fully-trained matching model, data cleaning and enrichment, and rules for record consolidation.
To learn more about how machine learning-driven data mastering with humans in the loop can help you know your customer, please schedule a demo.