Will KYT drive technology innovation in banking compliance?
From KYC to KYT: the need to “know your transaction”
Know your customer (KYC) forms the bedrock of financial crimes compliance, from customer identification and acceptance, to monitoring customers’ transactions against their recorded profile, expected behavior and peer group behaviour.
So understandably, customer profile creation and risk classification becomes the starting point of banking compliance. KYC is now an integral function of compliance in all financial institutions, with mature processes and products in place. Customer data and profile are extremely important components in this function, and banks have been working aggressively over the last decade to strengthen their means of eliciting, storing, maintaining and enriching customer data for effective compliance.
Transactions are the set of input data used to monitor customer activity and behavior for money laundering, fraud and other financial crimes that have been growing phenomenally in recent years. While quality of customer data has improved over the years, transaction data ingested for compliance processing still remains plagued with inadequacies!
KYT endeavours to bring greater rigour and granularity to the transactions data transmitted for compliance processing. The enriched transaction details coming from the source systems, rather than through manual updates, can then help in comprehensive and contextual analysis as against stand-alone rule based checks to ascertain suspicious activity.
KYT enablers: holistic transaction data for compliance processing
Transactions can be initiated through multiple channels, e.g. online, mobile, branch and through various modes, viz. cash, cheque, wire, direct debits/credits and so on. And then of course there are geographic specifications of domestic, regional (e.g. SEPA, the upcoming P27) and cross-border transactions. Each of these transaction types has its own set of data attributes required for initiation and execution. Transaction details capture in a bank can be a manual or automatic process, depending on its origination. However not all of this information captured is transmitted during its lifecycle across the various systems and financial institutions through which the transaction travels.
With financial crimes getting more sophisticated, monitoring transactions for suspicious activity is becoming increasingly complex. Verifying the amounts and counterparty details are not sufficient anymore. Financial messages associated with transactions need to be subjected to a greater scrutiny so that banks know not only their customers, but also their transactions thoroughly. The international financial services community recognized this need, and consequently, change arrived in the shape of a new financial messaging standard – ISO 20022 – whose implementation promises to enable payment messages to carry richer transaction data. This is certainly a big leap towards KYT!
Swift revolutionised interbank payment messaging around four decades ago, and as of date, over 15 million interbank transactions are executed based on Swift messages daily! However, the non-XML Swift message format MT, used for such messaging, has not been transformed remarkably ever since it was created, to meet the data and compliance requirements of present times. With ISO 20022, Swift’s legacy MT will be replaced with XML-based MX messages that can carry enriched transaction information.
SEPA, the other large payment-messaging network dedicated to seamless payment execution across member countries in Europe, has also embraced this standard. With wider adoption of this standard, quality of transaction data will be enhanced.
Compliance processes like sanctions screening and monitoring of transactions for anti-money laundering (AML) will become more streamlined and effective. Suspicious alerts can be generated after considering the holistic transaction information, and investigation of alerts will become that much simpler with more data in hand.
The KYT journey: inspiring new technology innovations
Banks across the world are gearing up to transition to ISO 20022 standards of payment messaging, which includes making changes to their own payment systems to enable them to send and receive financial messages as per the new standards. They are assessing their data models, and revising if required, to accommodate additional data that will now be transmitted with each transaction.
Measures need to be taken to ensure that all this enriched information flows through the various systems the transaction travels. However, this is just one of the steps in the direction of KYT – a lot more needs to be done than just gathering detailed transaction data!
KYT is set to inspire technology innovations in compliance space, as financial institutions embark on adopting this initiative which can be a turning point for AML compliance – due diligence of transactions. A few such new technology imperatives can be:
- Capabilities for enabling payment messages to carry compliance specific information, e.g. supporting documents, invoices, contracts etc. for due diligence and evidence for regulatory audits.
- Automated update of holistic transaction data with granular details when ingested into AML systems, from the various source systems and payment messages. This will aid tracking the real beneficiaries of the transaction, enhanced AML monitoring and historical analysis in future.
- Machine learning based contextual analysis of transactions, by matching their detailed information with customer profile and historical transaction behavior for AML monitoring.
- Risk based workflow engine for enhanced due diligence of transactions involving customers and financial institutions associated with high-risk countries. Various Regulators provide list of such countries, e.g. the non-cooperative countries and territories (NCCT) by FATF, and the latest listing by the European Commission in 2019 of third countries with significant AML deficiencies. Banks may also maintain a list of high-risk countries internally.
- Payment information management systems can be developed for storing, retrieving, analysis and reporting of transaction data, and be leveraged for financial crimes analytics and intelligence.
KYT is in its infancy right now, but it is only a matter of time when it will get integrated into the Compliance process as another integral component, just like KYC. Regulators and financial institutions will lay down guidelines and controls respectively, for KYT to be adopted as a global standard practice for AML monitoring of transactions.
The journey towards KYT has just begun, and the road ahead looks promising.
By Sujata Dasgupta, head – financial crimes compliance, BFS risk & compliance practice, Tata Consultancy Services Ltd