U.S. gets tough on terror with Patriot Act: database tool will be a boon to integrators.The U.S. government uses financial monitoring as a J heavy weapon in its war against drug money and organized crime. Regulated under the Bank Secrecy Act (BSA), the government requires domestic banks to track certain customer activities and to report large cash transactions to the Department of the Treasury. But in response to September 11, the government has expanded federal requirements to include many more financial institutions and to identify a much broader range of suspicious transactions related to terrorist funding. The new act is called "Providing Appropriate Tools Required to Intercept and Obstruct Terrorism"--aka the Patriot Act Patriot Act: see USA PATRIOT Act.. The Patriot act, which expands the still-in-effect BSA, shifts financial institutions from a transactional focus to a view focused on suspicious customer activities. The government refuses to define "suspicious," but does list a broad range of reportable data. This data is not only based on transactions, but also on customer monitoring-- relationships, activities, transactions targets, and where they do business. This is one tall order. Patriot Act Background President Bush signed the Patriot Act into law on October 26, 2001. The act alms to frustrate and punish terrorist acts in the U.S. and around the world by enhancing law enforcement investigatory tools. The investigations center around tracking money flows and patterns to suspect companies and between suspicious individuals. It requires financial institutions and related companies to track such items as the identity and address of customers and participants in a suspect transaction, the legal capacity in which participants are acting, the identity of the fund's owner, and clues as to why the money is being moved. (The act also forbids banks from doing business with shell banks, which are institutions located in areas with no regulation or weak regulation, or that have dubious banking status.) The act covers a broad range of financial institutions, with more to come. Bob Breton, senior director of product strategy for Sybase eBusiness Division commented, "The major change is that the definition now applies not just to banks, but has grown dramatically. Essentially any business involved in a financial transaction has been labeled as a financial services company." The act broadly defines financial institutions (FIs) as domestic banks and U.S.-based branches of foreign banks, mutual funds, credit-card companies such as Visa and Mastercard, wire-transfer businesses such as Western Union, check cashiers, securities brokers and dealers, and futures/commodities traders. Within a year that list may expand to include such businesses as dealers in precious metals, stones, or jewels, pawnbrokers pawnbroker, one who makes loans on personal effects that are left as security. The practice of pawnbroking is ancient, as is recognition of the danger it involves of oppressing the poor. In fact, the Bible provides the poor with a number of safeguards against oppression from their creditors. According to Ex. 22.25–27 and Deut., loan or finance companies, private bankers, insurance companies, travel agencies, telegraph companies, dealers in automobiles, airplanes, and boats, real-estate dealers, hedge funds, commodity-trading advisers and ve nture capital firms. The act's primary requirements are: * File Suspicious Activity Reports (SARs): Building on BSA requirements, FIs must report transactions greater than $10,000. This includes aggregate transactions totaling more than $10,000 over a short period of time, or among a related group of customers. The institutions file SARs with the Treasury Department's FinCEN (Financial Central), which liaisons between law enforcement and financial services. * Designate a special compliance officer and train employees to detect money laundering: Many domestic banks will already have BSA compliance officer and trained staff. But the Patriot Act brings many new financial businesses into the fold, and also expands the original BSA requirements. Even experienced BSA compliance officers must retrain, and staff must be more sensitive than ever to even mildly suspicious activity. * Conduct independent audits of compliance readiness: Affected FIs must show independent evidence of their compliance within the act's tight timeframes--the initial deadline is October 2002. This affects more than 6,000 of them, with secondary institutions looking to 2003. The government is not kidding: failure to comply can lead to heavy civil and criminal penalties, including fines up to $1,000,000 per unreported transaction. * Establish policies and procedures to identify risks and minimize abuse: This is a systematic attempt to not keep from harassing innocent customers or abusing investigative requirements. Although FIs are required to report many transactions, no one wants to sic the FBI on their best (innocent) customers. Technical Issues Financial institutions handle millions of transactions a day throughout the world. A straightforward pattern-matching algorithm might be enough to catalog transaction following strict parameters, but the Patriot act goes much further. It requires FIs to monitor trends within the enterprise, and to know their customers and their habitual activity across all departments and locations. The only way large financial companies can comply with this requirement is by using sophisticated knowledge management tools working across a variety of databases, applications, and platforms. The tools must yield both real-time customer views and sensitive alerts and historical tracking for unusual activity. According to Breton, Sybase identified several major challenges for financial institutions to comply with the act: * Reduce the cost of managing compliance: Companies need to be able to monitor government suspect lists and review business transactions, and need automated tools to help determine anomalous activities. The most important list to monitor is the U.S. Treasury's Specially Designated Nationals (SDN) list. The Office of Foreign Asset Control (OFAC) maintains and frequently updates the list. For example, a foreign bank was on the SDN because the government suspected it channeled funds to Libya. After an investigation that proved the bank was innocent, OFAC removed the entry. It is the financial institution's responsibility to proactively monitor the ever-changing SDN. * Filter reportable data: The act covers a wide variety of reportable data. One of the major requirements includes every transaction over $10,000, including aggregates and related transactions. For example, the same customer may make several smaller transactions over five days that together total over $10,000. Or several related customers (for example, socially or business related) may make several transactions on the same day totaling more than $10,000. This kind of investigatory level needs trending tools with filtering and data mining features. * Provide a platform to reach a conclusion: Different departments may know a customer in different ways: wire transfer Wire Transfer An electronic transfer of funds across a network administered by hundreds of banks around the world.Notes: Wire transfers allow people in different geographic locations to easily transfer money. Outside of North America, wire transfers are sometimes referred to as a 'telegraphic transfer' or t/t. See also: Bank, Checking Account may have one view,
deposit another, and brokerage another. All departments need a common
compliance management system that allows different departments to track
activities throughout this process and maintain complete audits of
resulting actions. The system must also be extremely secure to protect
customer identities.According to Walter Lee, vice president of HNC Software, there are three primary technical responses to automated money laundering detection: rules-based systems, artificial intelligence systems, and artificial/adaptive learning systems. Rules-based systems use sets of rules to identify suspect activity. Based on filtering technology that matches customer data, the systems identify transactions that benefit banned or restricted individuals, businesses or countries. The filtering further allows the FI to freeze the prohibited assets at the point of transaction. Artificial intelligence (AI) systems use statistical modeling techniques to evaluate the possibility that a transaction represents money laundering. These systems usually compare current transactions against customer and account history profiles. If there are resulting anomalies, the systems assign degrees of difference. The greater the anomaly, the likelier the evidence of money laundering or other suspicious activity. Artificial intelligence/adaptive learning systems combine Al and ongoing learning to evaluate potential money laundering. Sybase, for example, used its existing technology to develop an enterprise integration application directly to Patriot Act requirements. It already had a major presence in the finance industry, and had recently acquired New Era of Networks. New Era of Networks specialized in enterprise application integration products and services in the application-to-application (A2A) space. (A2A products connect disparate software within the same enterprise.) Sybase integrated the A2A infrastructure and their own enterprise database applications, producing the Patriot Compliance product. Patriot Compliance uses datamining and rules-based procedures to uncover activity patterns related to the Patriot Act. Patriot Compliance tools are not a huge profit center for domestic bank customers, since most already spent the 1990s installing massive CRM systems from vendors such as Siebel, PeopleSoft, Oracle, and Sybase. These huge integration projects allow domestic banks to implement Patriot Act regulations without large additional expenditures. Wells Fargo Bank, for example, has had a comprehensive money-laundering tracking system in place for years. For non-banks, however, the challenge is greater. Mutual funds and securities brokers, credit-card companies, wire transfer businesses and futures traders may not have the same reliance on CRM and integrated systems that banks already do. Only 20% of securities firms already had money-laundering protections in place before September 11, most large companies like Prudential, Merrill Lynch and Morgan Stanley. These firms primarily need intelligent access to suspicious customer databases such as Treasury's SDN list. For example, a dozen Wall Street firms are reportedly crea ting a company that will offer a customer database to the financial services industry. Goldman Sachs was primarily responsible for creating The Regulatory DataCorp Int'l LLC. Other Wall Streeters like Merrill Lynch, Citigroup, and UBS PaineWebber provide financial support. Regulatory DataCorp will compile information from public resources such as law enforcement records, and then sells database access to other FIs for customer screening. However, fully 80% of securities firms--most of them small houses--must scramble to observe Patriot Act regulations. Putting in anti-money laundering (AML) infrastructures will be costly and time consuming, since firms must integrate their separate CRM applications, data warehouses and transactional systems into central databases. This is not all bad news: unified infrastructures have advantages beyond AML, and an automated, straight-through processing model can ultimately benefit securities firms. But the $1 million plus project cost is extremely challenging, with a good deal of the profit going to consulting firms and system integrators.
Patriot Compliance System Architecture:
User Interface Fed and FinCEN reporting, internal email
searches, phone record searches, SAR
management, reporting, web search
Common Services Single sign-on, security, messaging
services, search services, web services
Compliance Wire transfer, ACH, check, intra-bank,
switches, FIX (Transactional) CIF,
employee (File scan)
Administration Source automation, screening automation,
OFAC messaging, FinCEN messaging,
history management, exception,
generation, alert generation, report
generation
www.sybase.com www.hnc.com |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion