Anti-Money Laundering (AML) and Bank Secrecy Act (BSA) compliance bring out the need for Know-Your-Customer regulations. Financial institutions such as banks and non-bank financial institution (NBFIs) strain under the weight of risk mitigation strategies required and often enlist third-party vendors to help them comply with regulatory obligations. Banks have increasingly used third parties to focus on mitigating risks and oversee cybersecurity activities.
Financial Risk Management
Financial risk management is the appraising of risks to a bank’s portfolio. As FIs and NBFI handle sensitive data, they need to determine cyber risks and the risk to their vendors in order to answer Board of Directors questions.
Compliance risk influences FI and NBFI financial risk. Determining liabilities means comprehending potential market risks as well as data security risks. Security risks have become more crucial than credit risks and FIs and NBFIs need to discuss information security as part of their all-inclusive asset-liability management program.
What are the potential risks to financial institutions?
Fraud threats have been the leading risks to FIs and NFBIs. Therefore, AML, BSA and KYC policies and methodology combined with vendor management monitoring protect banks more now than in the past.
Know Your Customer
KYC policies and programs oblige the collection of the name, address, date of birth and social security numbers for customers. Under AML and BSA, institutions must document this data to justify they have scrutinized their customers.
When it comes to commercial accounts, personal information about the customers on the accounts must be collected as well as protected business information such as articles of incorporation and Tax Identification Number (TIN).
Regulatory requirements stipulate the retaining of documents for five to seven years. Digital information collection such as scanning or using online account opening methodology means digital customer information remains on networks and in the hands of third-party vendors.
Banks Secrecy Act and Office of Foreign Asset Controls (OFAC)
The office of foreign asset controls expects financial institutions to constantly oversee their customer records to safeguard themselves from criminal activities. BSA documentation includes Suspicious Activity Reports (SARs) and Cash Transaction Reports (CTRs). These documents contain personal information and details that the Board of Directors cannot access.
OFAC also requires FIs and NBFIs to document their Specially Designated Nationals and Blocked Persons List (SDN List) reviews monthly. This information should be anonymous including removing names and data that could distinguish someone listed.
Where Enterprise Risk Management Overlaps with FI Compliance
FIs and NBFIs require more compliance when reviewing risks than other industries.
With the increase of online account opening, these processes need endpoint security and encryption to ensure continuous data security. For institutions that outsource the collection, due diligence on third-party vendors is necessary.
Managing the mandatory compliance requirements for data in association with data security compliance becomes difficult when handled only on spreadsheets.
Monitoring of vendors
Managing third party vendors has become a compliance necessity. FIs and NBFIs need to ensure their vendors are not only solvent but also ensure information security. These institutions, therefore, incorporate SOC1, SOC2 and SOC 3 report reviews as part of vendor management methods. However, these reviews are not enough.
FIs and NBFIs must be diligent when reviewing their business partners. Previously, spreadsheets were efficient in cross-department communication. However, more departments need more information to maintain proper compliance and therefore, FIs and NBFIs need a management response that streamlines communications.
How blockchain technology can benefit FIs and NBFIs
With the developments in technology, FIs and NBFIs are attempting to incorporate machine learning and artificial intelligence to replace manual reporting process.
Blockchain is an emerging technology assisting FIs and NBFIs secure transaction data while retaining it at the same time. It works by creating data called a ‘block’ for each party to the transaction that is secured using a cryptographic key. The block then maintains only its data while allowing the parties to build upon it, creating a chain.
With the blockchain technology, financial institutions can preserve sensitive and precise transaction histories in order to ascertain proper background checks have been done on customer data. However, with creating FinTech blockchain networks, additional oversight over vendors is required.
How automation enables agility for FinTech Industry
As FinTech increases financial services, FIs and NBFIs need to re-assess their oversight activities. FIs and NBFIs must regularly monitor their controls to secure data. In addition, BSA requires a division of duties. These requirements place concern on information technology teams who must ascertain proper system access. Monitoring controls have become even more crucial.
Learn more at about risk management software at ReciprocityLabs.com.
Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT.