What unique challenges are credit unions facing in their AML compliance heading into 2021? This is the second article of our three-part series on AML compliance among today’s credit unions.
Anti-money laundering (AML) compliance has always been a significant burden to credit unions. But as the new year gets underway, fulfilling the regulatory requirements against financial crime may be all the more daunting.
Over the past few years, consumers and a growing range of business clients have been seeking faster banking, more convenient access to their accounts and quicker funding decisions. But credit unions have been stuck treading water in the rising wave of new and existing financial regulations, while risks of default, fraud and other types of cybercrime continue to mount.
Historically, AML compliance and regulation did not apply to credit unions in the same way it has to larger banks and traditional financial institutions. However, as digital commerce goes mainstream among credit unions and they open the door to under-served, yet higher-risk businesses, recent changes to BSA/AML compliance have been shifting this dynamic.
Understanding the Challenges in Credit Union AML Compliance
In the first article of this series, we looked at the four critical pillars of AML/CFT compliance among credit unions. In this second article, we’ll now examine the five biggest obstacles that are standing in the way of an accurate and effective compliance program.
Balancing Accuracy and Speed
Regulatory authorities have been charging hefty fines to financial institutions that fail to meet all the compliance requirements of AML, KYC, and BSA. In fact in 2020 alone, financial institutions across the world have been penalized with a staggering $10.4 billion in fines and penalties.
The continual screening, monitoring, recording and reporting requirements is a resource-intensive business process for even the biggest financial institutions. Big banks, however, can afford to throw people and money at the process, and they can more easily absorb the financial “hiccups” along the way.
With smaller financial institutions there is a struggle to balance accuracy and speed while fulfilling ALM/CFT compliance regulations. Many credit unions still employ legacy systems that rely on a significant amount of manual activity and action.
Not only are these systems expensive to run, maintain and upgrade, but they are incredibly inefficient, too. The reliance on manual, repetitive procedures increases the chance of mistakes and omissions, and onerous reporting and auditing requirements frequently tie up employee time and attention. Moreover, senior leaders continue to invest significant time and money into cybersecurity and compliance rather than strategic initiatives and goals.
Making Informed, Smart Data-Driven Decisions
This leads us to a rather strange paradox: Many financial institutions already understand that in order to comply with anti-money laundering, fraud and data security regulations, they need the assistance of automated software. A number of credit unions have already done the research and plugged the best tools into their system. But instead of improving performance, their compliance efforts are impeded.
There are two main reasons for such an outcome. The first issue involves the synergy between automation, AI, and machine learning on one side with human decision-making, input and due diligence on the other side. Relying too heavily on manual operations opens the door to inefficiencies and inaccuracies. But, an over-reliance on the results of AML detection and risk assessment solutions, can lead to a disproportionate amount of false positives and negatives– the effects of which can be catastrophic for both the credit union and its members.
The second issue can be traced back to bad data. Global watchlist data, especially PEP, RCA, HIO, is unstructured, impractical and “ugly.” Though it’s a real challenge to aggregate and standardize, it is mis-information to think that it’s a “big data” problem. The race to bigger databases leads to lack of quality in the data itself. Credit unions would be wise to start with quality data such as VisionIQ Global Watchlist Database where the data philosophy is compliant, comprehensive, and smart versus big, getting bigger, and becoming dirtier.
For these reasons, it’s not uncommon for an AML system to generate a high proportion of false positives. We’re talking about 80 to 90 percent of alerts. If a credit union blindly acts on a suspicious activity alert and files a SAR on a client, yet the client’s transaction activity was actually legitimate, it can lead the financial institution down a rather destructive path.
The member client will now become subject to frequent review. Each review will scrutinize the customer’s financial activity. If the suspected suspicious activity happens again, the credit union could decide to close all associated accounts. Multiple SARs could also attract the interest of law enforcement and eventually lead to an investigation. An initial query by internal AML investigators can easily de-risk a client who is making legitimate transactions and save a tremendous amount of time, money and headache.
On the other hand, if credit unions are not diligent enough in monitoring transactional activity and paying attention to other red flags, they become complicit with the illegal activities of the clients in their watch. Many compliance and risk assessment monitoring systems are equipped to mitigate risk on behalf of the financial institution. Credit union leaders would do well to keep in mind that although these solutions are getting better with time, the techniques and strategies criminals are using to cover up fraudulent behavior are, too.
Working with MSBs and “High-Risk” Entities
With increasing regulatory scrutiny on large financial institutions, many high-risk clients, such as money services businesses (MSBs) and marijuana-related companies, are turning to credit unions for their banking needs.
Some of these high-risk organizations may indeed be involved in money laundering and other financial crimes. Small institutions are preferred targets for such operations since they tend to have less regulatory oversight and compliance processes in place.
Consider, for example, a large MSB. A money services client can generate significant transaction volumes that could overwhelm a small credit union. Yet to ensure compliance with the KYC and BSA regulations, a credit union must continue to assess the risks posed by this client, closely monitor activity, report any unusual behavior, and implement a range of added controls to manage any exposure to risk. This includes continuously monitoring media for relevant negative news on their customers and members.
Such AML compliance measures may often be at odds with providing a good customer experience to high-risk credit union members, but are necessary. Fast, sophisticated, affordable, and low-friction regulation technology solutions can be a boon to help balance both goals. For example, as it relates to negative news screening, our Adverse Media Check ®, relies on AI, Machine Learning, and Natural Language Processing to continuously monitor thousands of relevant global news sources to create a persona database of individuals, companies, and politically exposed persons (PEPs) for relevant negative news. But we don’t stop there, the results are then fed into a AI-based decisioning system to clear false positives and identify risk. More about this and other market solutions in our final article in this series.
Mitigating Data Security Threats
As incidents of cyberattacks continue to evolve and grow, small and mid-sized credit unions face a greater threat in a sense than the largest enterprises due to their tighter budgets and access to fewer resources. Compromised customer data typically leads to fraud, stolen identities, and more. Solving for AML compliance should not be at a cost of compromising customer data.
Only sustainable data security best practices will help credit unions stay BSA/AML compliant while keeping their data and networks safe. Specifically, credit unions must now have controls in place to protect the security and confidentiality of member records, respond to and report security breaches in a timely manner, and maintain vital data helpful in identifying the source of cyber criminal behavior.
Maintaining a Positive Customer Experience
Customer expectations for fast, seamless banking create two competing priorities for financial institutions: staying AML compliant and keeping customers happy. Slow on-boarding, false positives, and cyberattacks will certainly compromise that experience.
Credit unions are known for their customer service towards members and it is a big reason why clients would choose to bank there. According to a recent PwC report, speed, convenience, helpful employees and friendly service is important for more than 70% of banking consumers, and positive customer experiences influence 75% of customer decisions in banking. Satisfied credit union members are loyal customers who will increase the scope of their relationship and recommend their credit union to others.
In short, AML/CFT compliance has always been a complicated, resource-intensive process for credit unions, and all signs indicate that it will only get more challenging in the years ahead. But, credit unions don’t have to go through this process alone. A number of regulation technology innovators can help credit unions stay compliant, even with evolving threats, while maintaining the level of quality service they are known for. At KYC2020, we have a history of working within the credit union space. We understand the unique challenges credit unions face on a daily basis and offer local solutions.
In the last article of our AML for credit unions series, we’ll examine some of the many solutions that are giving credit unions the technological edge they need to both stay compliant and expand their operations.