“Data” is the most crucial element in implementing AML within business processes and systems, says Atluri.
“There are four basic modules (Know Your Customer/Data remediation, Screening, Reporting, Risk rating) to AML and all four of these require data. The process, systems, rules and logic are irrelevant if data is non-existent, inaccurate, unstructured and/or not provided timeously.”
Atluri says that gathering the data in the correct way is the first step in data management for AML. He recommends the following approach:
- Firstly identify what data is required for AML regulation. It is advisable to identify what possible data is required for all other regulations as well and including certain anticipated data for future needs which helps in “Data Remediation” across all regulatory requirements and not just AML. This saves enterprise organizations time and money and improve efficiency by consolidating their energies
- A significant task at this stage is to identify how much of the data required is available and what is the quality of such existing data is.Having a consolidated view of customer data across the business is crucial.
- The task that looms for many organisations is the means to source the missing information. Atluri has the following tips:
- Going back to paper. Often organisations capture data physically, via forms and supporting documentation and only a selection is captured on the organisation’s systems. It needs to be mandatory that the data captured is expanded on the systems to bridge this gap.
- Single View of Customer Data: On an enterprise level, organisations sometimes capture information for a specific intended purpose. Having a consolidated view of this customer data from across various business processes is integral.
- Updating customer information and categorising customer based on the data provided by them (high, medium, low).
- Accurate information with the customer’s latest data – the organisation should have one view of the customer. This can be problematic when an organisation has a number of businesses and the customer is onboarded multiple times.
Channelling the data to derive the right information for right purpose at the right time is another major step in the AML data process. Atluri says that this is an easier task if we have the data on hand. But what if you don’t have the right data?
The fundamental regulatory requirement will fail as it requires organisations to have all relevant customer data. This would lead to variety of issues, some of which are:
- A risk of having high volumes of false positives resulting from screening of customers (against watch list). If the right data is not present, the organisation will not be able to change the result from positive to false positive. This could have a direct impact on the business-customer relationship and subsequently on revenue, as customers who are not transgressing may be erroneously targeted.
- The reporting of a customer based on their financial transactions will not be successful in the regulatory authority system if there is missing mandatory information.
- Categorising a customer inaccurately results in the unnecessary burden of excessive administration work, particularly when a customer is placed in a higher risk category than they should be.
“AML has many components, but I strongly feel that data is the first step in a successful strategy for any organisation,” concludes Atluri.