Financial Sector - AML with Integrated KYC EyA Case Study
Uniting the financial sector into a distributed network of organisations and government agencies building a complex matrix to halt the issues surrounding the entire topic of AML and money laundering
Overview of AML / KYC in the financial sector
Globally the financial sector is regulated heavily (in most countries) by government appointed organisations to conduct financial activities in a fit and proper manner. During the onboarding of a client and throughout the entire relationship lifecycle, the firm must operate an approved ongoing AML and KYC process. The initial part of the programme is the Know Your Client (KYC), which is often thought of as a separate programme, but is indeed part of the overall programme. When a new entity is onboarded, the entity needs to then be reviewed on a regular basis to ensure nothing has changed to warrant the original onboarding decision.
AML Programme
What is the AML compliance program?
An AML program is a set of regulations, questions and procedures that financial institutions follow to prevent and detect money laundering or terrorist financing activities.
What should an AML program do?
In practice, an anti-money laundering compliance program should ensure that an institution is able to detect suspicious activities associated with money laundering, including tax evasion, fraud, and terrorist financing, and report them to the appropriate authorities. An AML compliance program should focus not only on the effectiveness of internal systems and controls developed to detect money laundering, but on the risks posed by the activities of customers and clients with which an institution does or might do business.
An AML program should be built on a strong foundation of regulatory understanding and overseen by personnel who are experienced and knowledgeable enough to create a climate of compliance at every level of their organisation., through the entire relationship of the relevant entity.
Issues currently facing the financial sector with AML
Concentrated dependency on multiple KYC organisations, often requiring multiple checks for things such as adverse news on a 24/7 basis
Large manual processes required when onboarding a new client
The storage of personally sensitive information including passport copies and proof of income statements
No real cross border reporting resulting in silo data lakes between firms, regulatory and governmental bodies and criminal agencies
Money laundering tactics becoming ever more complex and difficult to decipher
Multiple copies of KYC data stored within firms and KYC/AML providers, increasing attack vectors (e.g. software, employee error, weak passwords) and the risk of data leak
References from other EyA technologies utilised within this case study are as follows
https://eya.global/case-studies/eta-the-interchange-of-everything
https://eya.global/case-studies/template-schema-and-semantics-overview
As a prerequisite to this paper, it is suggested to read the above references in order to understand the fundamentals of this discussion.
The EyA framework and solution
This chapter discusses the framework and solution required to resolve the complex and highly disparate global financial AML/KYC programmes, uniting a distributed network of organisations and governmental agencies building a complex matrix to halt the issues surrounding the entire topic of AML/KYC and terrorist funding.
As with the paper Dynamic Template Binding and Global Privacy / Boundaries - Person Case Study , EyA leverages the infinite possibilities of template bonding and permissions between governments, organisations and regulatory bodies on a global basis, whilst preserving privacy, personally identifiable information and cross border sensitive data.
Simple network
The diagram below depicts a very simple example of the nodes involved in a KYC / AML framework. The individual agencies agree permissions and exactly which data can be used within any form of transaction. The efficiency of this approach can be seen immediately with regards to the onboarding process of a client, whereby instantaneous verification of a person’s identity can be made using fingerprint / facial recognition within a bank, or online.
The financial organisation can also rapidly report potential AML issues and also report regulatory information to their country / zone regulatory body without breaching any personally identifiable information / GDPR regulations.
Complex / global network
As with electronic medical records, the EyA platform provides granular permission-based access and template bonding, allowing complete international interaction between all agencies, governments and organisations. This framework allows the various organisations within the agreed boundaries to confirm identity for KYC, report potential crime / money laundering directly and operate as a global network without sharing any personal information, due to encryption. The simple verification reduces the complex requirements of organisations storing personal information such as copies of passports etc., instead relying on each country’s identification verification through the scan of a fingerprint and / or facial recognition. However, for more complex scenarios based around analysis of stored data, EyA utilises trusted execution environments within the Intel SGX platform, enabling federated machine learning and analytics without sharing any private information.
Conclave - secure analysis of private data using trusted execution environments
Using Conclave within the process of AML also builds upon the international data privacy standards, whilst still allowing for those cross-border agencies to analyse, identify and report potential AML issues, along with global KYC services.
EyA federated machine learning and analytics service provides an ultra-secure “container” where all party trusted software applications execute within a sealed environment on data which cannot leave the container and cannot be viewed by any party participating in the analysis. For example, multiple organisations can share data into an enclave, where there is a need to ascertain a potential risk of money laundering or terrorist backing. Cross border privacy policies can be adhered to without the risk of sensitive information leaving a border, thus providing a more cooperative approach to the whole process of risk evaluation and reporting.
With the collaborative, but completely secure framework above, the entire process of AML becomes exponentially faster, more defined and highly scalable to a global infrastructure of cooperation between all entities. Data analysis can be triggered through certain events, for instance unusual account behaviour, or on a timed basis. Other organisations including online intelligence may be permitted to provide data based on online activity and sentiment. Border control can also partake in the network, alerting to unusual cross border travelling etc.
Financial firm’s burden of data retention, security of private data and reporting will be reduced dramatically and no longer need to rely on the third-party KYC vendors, thus reducing costs and being able to leverage true global KYC within the collaborative network.