Data: most important element in anti-money-laundering systems
Businesses should be aware of SA's AML policies, as all companies operating in SA are being closely monitored, says Pavan Atluri, management consultant at Bizmod.
South Africa's big four banks have all felt the wrath of the South African Reserve Bank for not complying to anti-money-laundering (AML) policies. Pavan Atluri, Bizmod management consultant, says all businesses should be aware of South Africa's AML policies, as all companies operating in South Africa are being closely monitored.
"Data" is the most crucial element in implementing AML within business processes and systems, says Atluri. "There are four basic modules to AML and all four of these require data. The process, systems, rules and logic are irrelevant if data is non-existent, inaccurate, unstructured or not provided timeously."
Alturi says gathering the data in the correct way is the first step in data management for AML. He recommends the following approach:
* Firstly, identify what data is required for AML regulation. It is advisable to identify what possible data is required for all other regulations, as well as including certain anticipated data for future needs which helps in "Data Remediation" across all regulatory requirements and not just AML. This saves enterprise organizations time and money and improve efficiency by consolidating their energies.
* A significant task at this stage is to identify how much of the data required is available and what the data quality is. Having a consolidated view of customer data across the business is crucial.
* The task that looms for many organisations is the means to source the missing information.
Atluri has the following tips:
* Going back to paper. Often, organisations capture data physically, via forms and supporting documentation, and only a selection is captured on the organisation's systems. It needs to be mandatory that the data captured is expanded on the systems to bridge this gap.
* Single View of Customer Data: On an enterprise level, organisations sometimes capture information for a specific intended purpose. Having a consolidated view of this customer data from across various business processes is integral.
* Updating customer information and categorising them based on risk categories (high, medium, low).
* Accurate information with the customer's latest data: the organisation should have one view of the customer. This can be problematic when an organisation has a number of businesses and the customer is onboarded multiple times.
Channelling the data to derive the right information for right purpose at the right time is another major step in the AML data process. Atluri says this is an easier task if we have the data on hand. But, what if you don't have the right data? The fundamental regulatory requirement will fail as it requires organisations to have all relevant customer data. This would lead to variety of issues, some of which are:
* A risk of having high volumes of false positives resulting from screening of customers and, if the right data is not present, the organisation will not be able to change the result from positive to false positive. This could have a direct impact on the business-customer relationship and subsequently on revenue, as customers who are not transgressing may be erroneously targeted.
* The reporting of a customer based on their financial transactions will not be successful in the regulatory authority system if there is missing mandatory information.
* Categorising a customer inaccurately results in the unnecessary burden of excessive administration work, particularly when a customer is placed in a higher risk category than s/he should be.
"AML has many components, but I feel strongly that data is the first step in a successful strategy for any organisation," concludes Alturi.