In our previous article, we discussed the importance of data quality to Anti-Money Laundering (AML) and Know Your Customer (KYC) risk screening. With regulators increasingly focusing on the internal processes financial institutions (FIs) implement to verify the integrity of data and the sources from which it originates, organizations must ensure they are asking their vendors the right questions. Led by the New York Department of Financial Services (NYDFS) and its Final Rule on transaction monitoring and filtering, which went into effect in 2018, the banking industry is in the midst of a systemic paradigm shift, forcing AML officers to comply with the age of big data. The problem is that the financial services industry remains steeped in legacy operating models, and is behind the curve when it comes to adopting big data best practices.
Regardless, in today’s more cyber-focused and detailed AML enforcement regime, regulators are unlikely to accept technological naiveté as an excuse for botching data due diligence. On the contrary, both the NYDFS and the Financial Crimes Enforcement Network (FINCEN) expect FIs to start approaching data as it were a mission-critical risk priority. Additionally, with poor KYC data quality driving a 98-percent Suspicious Activity Report (SAR) false-positive rate, better vendor due diligence can help the finance industry save billions in needless reconciliation and manual reviews costs. The operative phrase is sustainable compliance, a new data-driven framework that can turn the rigid constraints of risk management into dynamic enablers for profit growth.
With this in mind, banks and other regulated FIs need to focus on the following five issues when assessing the fitness of their AML data vendors: The timeliness of data; data structure; completion ratios for each field in the output file; data lineage; and the vendor’s overall data strategy. While there is no one-size-fits-all solution to verifying data accuracy, this five-step framework can help FIs make better AML data vendor onboarding decisions, enabling first-line compliance operations to unlock enterprise value in the long run.
How timely is vendor data?
Data vendors are notorious for over-stating the value of their data, hyping dataset size, while relegating the currency and efficacy of those records to an afterthought. But how good is a massive dataset if those analytics are not regularly analyzed and audited to ensure that the information listed is correct? Additionally, what processes are being used to verify the integrity of that data? And just like the NYDFS requires regulated institutions to document and report, what are the thresholds and assumptions driving the algorithms that determine that the data is correct?
Drilling deeper into the issue, here are some more detailed questions that AML data vendors should be able to answer on the spot and without hesitation:
- Is the vendor simply “pinging” servers to see if email domains and other account identifiers exist? If yes, this is a red flag. Most Internet service providers will silently drop these requests, rendering this method obsolete.
- Do they have any statistically reliable systems to verify timeliness? The best vendors’ solutions will deploy machine learning technology to regularly organize, clean, structure, and timestamp records.
How is the data organized?
When evaluating AML data vendors, compliance decision makers need to understand the underlying structure of information and the logic underlying the organization of fields. Here are some other key questions to ask:
- What is the point (context) of data collection?
- What are the column headers of the dataset?
- How robust is the dataset? Determine breadth, database size, and depth, the fields that accompany user records. As stated in the previous section, data depth is generally a better indicator of information quality than breadth.
- What are the table-driven values of fields, or analytics derived from the calculation or analysis of the data set as a collective?
Data structure can be best determined by evaluating the vendor’s “output file” — their proprietary dataset format. If the vendor is hesitant to supply this document, it’s probably a red flag.
What is the completion ratio?
A thorough database structure guided by sound business logic does not ensure field-fill consistency throughout the database. FIs should request a full and transparent accounting for fill rates throughout the database and the mechanisms used to filter out fake entries. After all, the biggest problem with aggregate data sets is that computers logging user field entries inherently assume that the user is providing honest information.
What is the lineage of the data?
FIs need to determine whether their AML vendor is a data originator or aggregator. For AML purposes, most third-party data providers will be the latter. But FIs should still request comprehensive source transparency about the lineage of that data to make sure the vendor is receiving information from trusted sources.
The final checklist item to ascertain third-party AML data suitability is the more philosophical issue of the vendor’s data strategy. Just like prospective investors checking under the proverbial hood of a funding target, FIs need to get an honest assessment of the AML vendor’s database growth projections. There are a multitude of ways a business-to-business (B2B) database can grow. From geographies covered to the inclusion of alternative identifiers linked to social media and digital accounts, these are just a few examples of how vendor databases can evolve.
But with a clear picture of the AML risks that are most relevant to their organization, compliance decision makers can assess a prospective vendor’s data strategy to see if it aligns with their risk profiles and other operating models. Ultimately, the best AML intelligence vendor for an institution will be one with a data strategy that compliments the information governance framework of the buyer. With that being said, compliance managers evaluating data strategy also need to get clarification on the information security protocols applied to ensure the integrity of records. This includes an understanding of the following:
- How is the data stored? What cloud storage service is securing this information? Are you encrypting records?
- How do you respond to suspicious incidents? How soon do you notify customers?
Know your data with CLEAR
Ensuring that data is accurate is merely the first step in a broader paradigm shift that is transforming the landscape of financial services compliance: The rise of data governance. This new conceptual framework has introduced new standardized rules to ensure that data is being properly collected, curated, organized and stored, so that these records can be efficiently deployed, shared and reconciled throughout enterprises. But to achieve effective data governance in AML compliance, the quality of data fed into transaction monitoring systems is foundational to the cause.
Thomson Reuters CLEAR is an investigative public records tools designed for an AML regime that is increasingly making old KYC processes dependent on evolving data compliance requirements. Not only does CLEAR provide full transparency about its data lineage and source feeds, but it also offers real-time coverage for reverse-phone checks, including current name and address records to identify individual and business subscribers by phone number.
CLEAR extends this real-time gateway utility to arrest and incarceration records, motor vehicle registrations and credit header data. This coverage also includes Voice-Over Internet Protocol phones and burner phones, which are at higher risk for criminal abuse. This tool updates it datasets daily and verifies the currency of records with statistically proven machine learning applications. Additionally, CLEAR offers full integration with Refinitiv World-Check, a market-leading risk database that allows FIs to screen customers against Office of Foreign Asset Control (OFAC) and Politically Exposed Persons (PEPs) lists.
In a compliance ecosystem, where bad AML data is draining billions from organizations, FIs need a reliable analytics vendor now more than ever. With CLEAR, FIs can mitigate the risks of bad data at the front-end and prosper through more sustainable compliance.
Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a ‘consumer report’ as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning, establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.