White Paper September 2014

Freddie McMahon - Director, Strategy and Innovation

Banks Race to Defend from further Reputational Damage

Anomaly42.com2

Overview

Banks Race to Defend from further Reputational Damage page 3

Reputational and Balance Sheet Damagepage 4

Systemic Failings in the First Line of Defence page 6

Unknown Risks Worry Non-Executives page 7

AML CFT: The Next Wave of Billion Dollar Fines page 8

Siloed Organisations, Siloed Data Threatens Everything page 10

Rethink Data, Rethink Client page 11

Holistic Data, Smart Decisions page 12

Living KYC EDDpage 14

The Economics of Enhanced Due Diligencepage 13

Conclusionpage 16

Benefits of Living KYC EDDpage 15

Anomaly42.com3

Banks Race to Defend from further Reputational Damage

The next wave of billion dollar fines is underway as authorities are coming to the banks, already armed with evidence of KYCi, AMLii and CFTiii systemic failings due to the way international money transfers flow through correspondent banks. This growing evidence shows how money launderers’ businesses are successfully laundering over a trillion dollars a year by circumventing the controls of banks across the world.

Anomaly42.com4

Eric H. Holder, Jr., [the Attorney General of the United Statesiv ] , is leading the fight against deep rooted corruption within the banks. We are now at a watershed as $43bn of fines were given to just 3 banks in an 18 month period:

Reputational and Balance Sheet Damage

Eric H. Holder, Jr. Benjamin M. Lawsky

This means the best of class practices deployed by leading banks is no longer good enough.

Holder is joined by Benjamin M. Lawsky [who is the first Superintendent of the New York State Department of Financial Services (NYSDFS),] which as the regulator works closely with the US Department of Justice (DoJ).

These two crusaders continue to send shock waves through the world of financial services. They are actively focused on using billion dollar fines and criminal charges to remove ‘bad’ individual bankers from playing any further roles within large financial institutions.

On the 19th May 2014, a guilty plea by Swiss Bank Credit Suisse to a criminal chargev for its role in helping Americans evade taxes was coupled with a $2.5 billion fine as part of an agreement with U.S. Authorities. Separately, the NYSDFS said it was determined not to revoke the bank’s license in the state, but by making this statement raises a further veiled threat. This threat became reality a short time afterwards.

$13bn JP Morgan Chase (Nov 2013);

$11.6bn Bank of America (Jan 2013);

$9.5bn Bank of America (Mar 2014);

$8.9bn BNP Paribas (Jun 2014).

Anomaly42.com5

$8.97 billion fine

Suspension of dollar-clearing operations through its New York branch and other U.S. affiliates during all of 2015

Suspension of dollar-clearing as a correspondent bank for unaffiliated third-party banks in New York and London for two years

The resignation/exit of 13 individuals, including Group Chief Operating Officer George Chodron de Courcel, from the bank

The suspension of dollar-clearing operations means the DoJ and NYSDFS are to continue monitoring the bank’s AML / CFTvii and KYC EDDviii controls that need to be considerably strengthened to avoid further costly delays or damaging penalties.

This case covered the corporation and did not include the subsequent investigation into potential individual culpability. The BNP Paribas suspension of dollar clearing may prove far more damaging to the bank’s reputation and balance sheet as it may struggle to retain business in the area of international trade and wholesale banking.

It would not be a surprise that, once systemic control failings become more apparent in the international banking sector, the collective damage could reach £250bn by 2020ix. Such exposures could lead to material changes in the marketplace including a change in the reliance upon the dollar as a primary currency; the framework for correspondent banking and a fundamental rethink about KYC.

On the 30th June 2013, BNP Paribas pleaded guilty to the concealment of more than $190 billion in transactions between 2002 and 2012 that included the dollar clearing on behalf of the oil and gas finance business for santioned countries from Geneva, Paris and Singapore, the trade finance business from Milan, and for oil and gas-related clients from Romevi. This resulted in:

Anomaly42.com6

Systemic Failings in the First Line of Defence

Major banks involved with international wire payments are highly dependent upon automation to identify AML CFT anomalies. This First Line of Defence (FLOD) is based on automation, due to the volumes of money transfer transactions and the time sensitive nature of international payments.

FLOD automation generates anomalies that need to be processed by bank administrators as the Second Line of Defence (SLOD). Based on our experience, 99.2% of these anomalies are passed as acceptable by SLOD. These acceptable transactions are regarded as ‘false positives’ and have become ‘accepted’ as the cost of compliance for doing business. But this needs to be challenged for two reasons:

Unless algorithms are ‘continually’ calibrated to align with the changing profile of major money laundering players then the bank is likely to:

The high percentage of anomalies generated as ‘false positives’ means significantly higher compliance and operational costs are incurred that do little to materially protect the bank’s reputation. In reality, a high percentage of ‘false positives’ is a reflection of ‘weak’ decisioning algorithms within the FLOD automation software.

As over a trillion dollars is being successfully laundered every year, it is a reasonable assertion that FLOD automation is allowing money laudering transactions through the process that ought to be have been treated as suspicious activities. These ‘false negatives’ are potentially the most precarious types to be missed by the bank’s controls. They are the transactions that are most likely to inflict reputational damage if they remain undetected until found by investigators representing the regulators and other external authorities. ‘False negatives’ means the bank is exposed to ‘unknown’ risks, which can become ‘known’ risks at any point over the next ten years.

1

2

Miss identifying major money launderers thus exposing the bank to future reputational damage;

Incur the rising costs of compliance and supervision to process exceptions that really should have been treated as acceptable STP business;

Face punitive action from the regulators in fines etc.

Anomaly42.com7

Unknown Risks Worry Non-Executives

From evidence we have examined, it is clear that most international banks involved with business-to-business international payments in excess of one million transactions a year, are highly likely to have missed identifying major money launderers.

The reputational and balance sheet damage to some of the largest banks in the world caused by systemic AML CFT failings is a current and serious Board-level issue.

Interestingly, we are finding non-executive directors are demanding from their executives to find better controls over ‘unknown’ risks as a strategic imperative. Justifiably, pressure is also coming from institutional and other types of shareholders to create a more stable state for growth.

The response of executives to these pressures is to:

In our opinion, the answer is clearly no as they are not designed to handle the sophistication of the ‘top performing’ money launderers. The reason is that major money launderers have adopted complex ecosystems designed to bypass the banks’ ‘best of class’ solutions. These money laundering ecosystems are far more sophisticated than the traditional money laundering rings of yesteryear.

Non-executives and other Board-Level members are now treating this situation with a greater urgency as regulatory and judicial authorities become far more challenging about money being laundered and the financing of terrorism because of the level of threat to socioeconomic stability.

But are these materially large investments enough?

Tighten up policies and procedures; Materially increase the number of people involved with governance, risk and compliance;

Stop doing certain types of business;

Invest in better technology using ‘best of class’ solutions.

Anomaly42.com8

AML CFT: The Next Wave of Billion Dollar Fines

Our earlier White Paper AML CFT: “Money Launderers Playing the Long Game” explains how banks’ controls are systematically bypassed.

There is growing realisation amongst leading bankers upon how much of their business intelligence can be extrapolated from wire payment transactions that pass from bank to bank. This level of transparency means the DoJ and NYSDFS have access to wire payment transaction data from over 50 banks that are explicitly or implicitly involved in money laundering.

This data is the start point for gathering KYC EDD evidence involving suspicious activities related to money laundering (including tax crime) and the financing of terrorism. For every money transfer where suspicious activity has been identified, the authorities know the:

Why and how is this happening now?

The advances in Big Data are progressing very rapidly, which can be illustrated in the following table:

Wire payment currency and amount of money.

Dates and times of the wire payment instructions.

Name, address and country of the originator firm.

Name, address and country of the bank that has the originating firm as a client.

Name, address and country of the originator bank’s correspondent bank.

Name and country of the beneficiary firm – sometimes includes the address.

Name, address and country of the bank that has the beneficiary firm as a client.

Name, address and country of the beneficiary bank’s correspondence bank and if appropriate their correspondent bank.

Reason for the wire payment.

Any associated messaging.

BIG DATA 1.0

Collecting, connecting and correlationg structured and unstructured data

BIG DATA 2.0Artificial Intelligence processing big data that complements humans

BIG DATA 3.0Artificial Intelligence processing big data that surpasses humans

BIG DATA 4.0

Artificial Intelligence using IoTx for sensing early and responding quickly

Past

Present

Future

Anomaly42.com9

By using Big Data 3.0xi solution, advanced automation can analyse data from SWIFTxii and CHIPSxiii to apply risk weightings, linked with publically sourced data, to accurately find high risk transactions. By taking these high risk transactions and performing a “Know Your Customer (KYC) Enhanced Due Diligence (EDD)” examination using primarily publicly sourced data, authorities are able to unveil suspicious complex corporate structures across multiple accounts involving multiple jurisdictions, without any further consultation with the banks involved.

This new generation of automation is able to very rapidly find high risk transactions that were previously missed by FLOD and SLOD. To try to find such high risk transactions using AML CFT analysts using contempory technology and processes it could take 12 months or more, or it could completely fail to find serious money laundering ecosystems that are bypassing the bank’s controls.

The DoJ and NYSDFS are able to identify every bank that has been explicitly or implicitly involved with suspicious AML CFT transactions from studying the life cycle data of each wire payment from the originator firm to the beneficiary firm. In other words, when the DoJ and NYSDFS investigate one bank, the evidence gathered includes the other banks involved. The DoJ and NYSDFS stopping BNP Paribas undertaking dollar-clearing as a correspondent bank for unaffiliated third-party banks in New York and London for two years is a strong signal to other banks involved with international wire payments.

The type of evidence that can now be obtained starting from a wire payment transaction and applying Living KYC EDD using public sourced data is shocking bankers to the core. This goes way beyond the type of data banks use from the traditional providers of information. The implications are profound as KYC EDD + AML CFT coupled with international wire payments signals the next wave of billion dollar fines.

Anomaly42.com10

Such siloism is failing to handle increasing rates of complexity and arguably is the single biggest cause to the spiralling costs of regulation, compliance and supervision, whilst constraining competitive and innovative growth for the benefits of clients and shareholders alike.

As the rate of complexity, velocity and volatility increases, siloism cultivates more and more fragmentation of data and fragmented ways of working. This is a fertile ground for cultivating unknown risks that eventually surface to drive problems and in some cases creates a serious crisis.

Money Laundering is now a clear and present danger to banks, especially those involved with international wire payments.

Siloed Organisations, Siloed Data Threatens Everything

KYC is core to the values of global banking business. However, banks are increasingly hindered from really knowing their customer by the way they are organised around silos covering processes, people and data. In reality, customer data is highly fragmented with at least 80% of this data being in an unstructured format (i.e. paper, fact finds, contracts, service level agreements, correspondence, emails, instant messaging, phone calls, identity documents, checklists, spreadsheets, invoices, complaints, enquiries etc.).

In the case of SDD (simplified due diligence), CDD (customer due diligence) or when deemed necessary EDD (enhanced due diligence) there is a need to collect external sources of data, which is mostly in an unstructured format. Siloism by its very nature is a collection of walled gardens within the same organisation that engenders protectionism and self-interest type behaviours, particularly in times of stress.

Anomaly42.com11

Rethink Data, Rethink Client

Most wealthy individuals often own firms, are directors of firms, and are shareholders of firms. As advocated by the FATFxiv and the EC 4MLDxv it is important to understand the firms involved with wire payment transactions, including the true ownership by individuals even though this may involve complex structural layering. The natural synergy between wealthy individuals and corporate banking, combined with the complexities of governance, risk and compliance has led to the trend to converge these two banking businesses.

Banks have always focused on winning, retaining and deepening customer relationships, but nowadays this is far more complex to undertake for many reasons, including the ease of creating companies, establishing bank accounts in different countries and doing business across many jurisdictions. Increasingly, executives are finding that the winning differentiator is no longer the product or the price, but the level of engagement in creating an intimate long-term relationship with the customer. The competitive differentiation is the way engagement is a more strategic way of looking at customer relationships and personalised services.

Taking a holistic view of all customer data, both structured and unstructured data, from inside and outside the bank, provides the means for a strategic engagement to be undertaken.

AML CFT creates further challenges as it also needs to take into consideration wire payment transactions, other banks clients and all correspondent banks involved.

Anomaly42.com12

Holistic Data, Smart Decisions

Using this approach, holistic data refers to the creation of a deeper, more meaningful collection and connection of data about firms and the individuals involved. This requires joined-up data across the different functional silos of the bank.

The following diagram is a simplistic representation to a strategic reposition to Living KYC involving internal and external data, including publically sourced and wire payments that involve inter-bank transactions especially those covering business from a firm / individual to a firm / individual.

This diagram shifts EDD from a fringe activity to the modus operandi. This requires treating Enhanced Due Diligence not as a regulatory overhead, but a way to develop new ways to ensure that customers are engaged in all of their interactions with the bank and that such richness of data enables the bank to be more proactive in anticipating customer needs and expectations, and fulfilling them more effectively and efficiently. This shift is fundamental for smarter decisions that results in treating customers fairly and driving new levels of automation for AML CFT and other relevant regulator demands.

EDD

Inte

rnal

Dat

a

KYC: Know Your CustomerEDD: Enhanced Due DiligenceTCF: Treat Customers FairlyAML: Anti Money LaunderingCFT: Combating the Financing of Terrorism

Data

Data Data

Wire Payment Data

External DataLivingKYC

TCFAMLCFT

Anomaly42.com13

The Economics of Enhanced Due Diligence

Traditionally, banks perform SDD or CDD. The latter is time consuming and for some banks it can take many weeks or even months to perform client on-boarding. EDD (Enhanced Due Diligence) is regarded as an exception as it involves higher costs and longer time periods to perform.

EDD automation changes the economics of KYC as it collects external data from a diverse set of sources than can be used to prefill structured data formats. The ability to use automation to extrapolate data from unstructured formats at costs lower than SDD or CDD, is a game changer. There is still the manual process of identity verification by providing documents such as a passport, but even in this situation there are new forms of self-service using smart phones.

Advanced EDD automation that fundamentally lowers the costs by doing more for less means EDD becomes the modus operandi and replaces the need for SDD and CDD. Inevitably, this will become the golden standard for KYC with AML CFT being a beneficiary of this change.

This new approach we call Living KYC EDD that drives market and revenue growth, whilst lowering costs and risks.

Anomaly42.com14

Living KYC EDD

Living KYC EDD is about having up-to-date data about the customer. As ownership of firms are continually changing there is a need to move beyond the constraints of customer on-boarding and periodic reviews. The provisioning of daily updates from external data sources provides the means for the bank to be aligned with change being treated as the norm.

The following diagram shows a simplistic graphical data visualisation in context to a single wire payment. Naturally, reality is more complex than this illustration but it is enough to show that all the structured and unstructured client data nodes (circles) have relationships (lines) and both have properties (text).

Anomaly42.com15

Today, advanced technology enables Living KYC EDD to become a reality and the ability to reconstruct structured and unstructured data into dynamic visualisation formats and develop new forms of automation to detect positive and negative anomalies.

Benefits of Living KYC EDD

By taking a holistic and dynamic view of Living KYC, there is a fundamental shift that takes the capabilities of the bank to a new level. The benefits of Living KYC are profound:

Protects the brand and balance sheet from reputational damage and reduces the provisions needed for ‘conduct risk’.

Protects senior bankers from criminal litigation and losing their licence re: Senior Persons Regime

Provides better assurance to board members and shareholders alike of putting controls in place designed to tackle better ‘unknown risks’.

Uses automation in a step change to reverse the continual costs of governance, compliance and risk control.

1

2

3

4

5

6

7

Provides a new capability of getting to know customers better, meeting emerging customer demands and anticipating future customer needs.

Enables better customer engagement and more personalised products and services.

Develops the next generation of middle office automation by bringing unstructured and structured data together in redefined formats to carry out work that before needed subject matter experts to process the work.

Anomaly42.com16

Conclusion

The worrying exposures banks now have, in terms of the authorities using advanced technologies to find negative anomalies in wire payments data, means proactive and pre-emptive action is needed. This emergent threat again raises serious questions about the role of the ‘Big Four’ auditors and their ability to detect systemic control weaknesses. Both the banks and auditors are also exposed to Sarbanes Oxley legislation for ensuring proper policy and procedures are in place.

A different type of strategic solution is needed rather than throwing armies of people at the problem. By wisely taking a different perspective it means there is now the capability to repurpose defensive costs to become a strategic investment that reduces the exposure of brand contamination, whist laying the foundation for market and revenue growth. Such new capability enables banks to sense early for informed timely decisions in quick response to ever changing circumstances for refining and expanding the value proposition to its customers.

NYSDFS announces PricewaterhouseCoopers regulatory advisory services will face a 24-month consulting suspension, pay a $25 million fine; and will have to implement reforms after misconduct during work at bank of Tokyo Mitsubishi.xvi

Anomaly42.com17

References

i KYC = Know Your Customer

ii AML = Anti-Money Laundering

iii CFT = Combating the financing of terrorism

iv Eric H. Holder, Jr. was sworn in as the 82nd Attorney General

of the United States on February 3, 2009 by Vice President Joe

Biden. http://www.justice.gov/ag/

v Credit Suisse pleads guilty to U.S. criminal charge in tax probe

http://www.reuters.com/article/2014/05/19/us-creditsuisse-

investigation-idUSBREA4I0E620140519

vi France’s BNP to pay $9 billion in U.S. sanctions case, face

dollar-clearing ban http://www.reuters.com/article/2014/06/30/

us-bnp-paribas-settlement-idUSKBN0F52HA20140630

vii AML anti money laundering; CFT combating the financing of

terrorism

viii KYC know your customer; EDD enhanced due diligence

ix The $250bn estimate for damages is based on taking the

market cap for the top 21 banks as at 31st March 2014 (source:

http://www.relbanks.com/worlds-top-banks/market-cap). At this

time the total market cap for the 21 banks was valued at US$

2,712 bn. By using a formula of using the BNP Paribas $8.9bn

fine as a percentage of their market cap, we have calculated the

equivalent across the 21 banks. This puts a value of the potential

damage to be around US$ 251.40bn. A further consideration is

the damage to the banks’ balance sheets, including provisioning

for conduct risk; the impact upon the brand contamination

to shareholders; the loss of trust by clients and other banks

to revenue generation; and the possible suspension of dollar

clearing including as a correspondent bank.

x IOT Internet of Things

xi Big Data 1.0 Searching Connected Data; Big Data 2.0 Artificial

Intelligence Complementing Humans; Big Data 3.0 Artificial

Intelligence Surpassing Humans

xii SWIFT Society for Worldwide Interbank Financial

Telecommunication http://www.swift.com/

xiii CHIPS is the largest private-sector U.S.-dollar funds-transfer

system in the world. https://www.chips.org

xiv FATF Financial ActionTak Force http://www.fatf-gafi.org/ is

the leading authority for combating money laundering and the

financing of terrorism, which is backed by the department of

treasury from leading countries.

xv EC 4MLD The European Commission (the “Commission”)

Fourth Money Laundering Directive (“4MLD”)

xvi http://www.dfs.ny.gov/about/press2014/pr1408181.htm