How And Where Blockchain Fits in Traditional Banking


blockchain-12-26-18.pngMany banks haven’t found an efficient way to deal with issues like payment clearing inefficiencies, consumer fraud, and the general limitations of fiat currencies.

Blockchain, however, may be the go-to solution for many of these challenges.

Issues Traditional Banks Face Today
Traditional banks and financial institutions have faced some challenges for decades, but we have yet to see the technical innovations to mitigate or eliminate them, including inefficient payment clearing processes, fraud and currency options.

Inefficient Payment Clearing Processes
One of the biggest roadblocks that banks face today is how to quickly clear payments while complying with regulatory procedures. The number of payment clearing options available in 2018, is not different from the options available in 2008 – a decade ago.

In the U.S., for example, same-day ACH is likely considered to be the biggest improvement during this decade. Only in recent years have cross-border fintech applications emerged that reduce payment clearing costs and wait times. For the most part, we are still stuck with old architectures that lack innovation, efficiency and the data to make a meaningful impact on money laundering and fraud reduction.

Inability to Stop Fraud
Fraud has always been notoriously difficult to stop. Unfortunately, this remains the case even today. Fraud costs are so high in the US, that interchange fees paid by merchants are some of the highest in the world. Despite an increase of available identity fraud detection systems, banks are still unable to make a material improvement in fraud reduction.

For banks, this leads to financial losses in cases where funds are paid to the fraud victim. For customers, this can reduce trust in the bank. For merchants, it means higher fees for facilities, which creates higher costs for customers. Additionally, customers often wait to receive a new bank card. In 2017 alone, the cost the data lost to identity theft totaled $16.8 billion.

Limited Number of Currency Options
Fiat currencies are limited by geography and slim competition.

When we think about fiat currency around the globe, we have seen a steady move towards standardization. This presents risks for banks and consumers. For example, a heavy reliance upon a single national currency relies upon factors like economic growth and monetary policy.

Twenty-eight nations have experienced hyperinflation during the past 25 years. Not only did banks fail in some cases, but entire economies collapsed. Because there were no currency choices, the problem could not be easily avoided.

This process continues to happen in many locations globally.

Benefits of Blockchain Over Traditional Systems
There are ways blockchain can reduce or eliminate these issues for financial institutions.

More Efficient Approval Systems
When compared to traditional payment approval processes, many blockchains are already more efficient. Instead of waiting days for payments to go through clearinghouses, a well-designed blockchain can complete the verification process in minutes or seconds. More importantly, blockchain also offers a more transparent and immutable option.

With innovations like KYC (Know Your Customer) and KYT (Know Your Transaction) transactions conducted via blockchain, banks can be more capable of preventing finance-related crimes. This means traditional finance can more effectively comply with laws for AML (Anti-Money Laundering), ATF and more.

In addition, legitimate transactions can be approved at a lower cost.

No More Fraud
While fraud seems like a pervasive issue in society, this can be reduced using technology. Blockchain can change how people prove identity and access services.

Instead of having to wait to stop a case of fraud, blockchain can stop transactions before they ever occur. The Ivy Network will have smart contracts which will allow banks and financial institutions to review a transaction and supporting KYC and KYT before accepting the deposit. Because blockchain transactions are immutable, we could see a reduction in counterfeiting of paper currency and consumer products.

Increased Digital Payment Options
While blockchain has many use cases, this is one example of how technology can change finance and the global economy. In the early days of cryptocurrency, there was really only bitcoin. Now, there is a range of coins and tokens like Ivy that serve important purposes within existing regulatory and legislative frameworks.

One of the biggest misconceptions is crypto and fiat payment systems have to be direct competitors. By creating a blockchain protocol that links fiat and cryptocurrency, businesses and consumers can have more, better market choices and use cases for cryptocurrency.

At the same time, financial institutions can serve an important role in the future of digital payments and fiat-crypto currency conversions.

As financial institutions look to solve many challenges they face around payment clearing inefficiencies, consumer fraud, and the limitations of fiat currencies, blockchain is a viable solution. Financial institutions that fail to embrace blockchain’s potential will face heightened monetary and reputational risks, and miss opportunities for growth and innovation.

Regulatory Issues to Watch In 2018


regulation-5-22-18.pngAs 2018 unfolds, all eyes in the financial services industry continue to look to Washington,D.C. In addition to monitoring legislative moves toward regulatory reform and leadership changes at federal regulatory agencies, bank executives also are looking for indications of expected areas of regulatory focus in the near term.

Regulatory Relief and Leadership Changes
Both the U.S. House of Representatives and the Senate began 2018 with a renewed focus on regulatory reform, which includes rollbacks of some of the more controversial provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act, the sweeping reform passed after the 2008 financial crisis. These legislative actions are ongoing, and the final outcomes remain uncertain. Moreover, even after a final bill is signed, regulatory agencies will need time to incorporate the results into their supervisory efforts and exam processes.

Meanwhile, the federal financial institution regulatory agencies are adjusting to recent leadership changes. The Federal Reserve (Fed), Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), and Consumer Financial Protection Bureau (CFPB) have new leaders in place or forthcoming, some of whom have been vocal supporters of a more “common sense” approach to financial regulation and who generally are supportive of regulatory relief. In the case of the CFPB, the ultimate direction of the agency could remain uncertain until a permanent director is appointed later in 2018.

Regulators’ Priorities in 2018
Notwithstanding the regulatory reform efforts, following are some areas likely to draw the most intense scrutiny from regulatory agencies during 2018 examination cycles:

Credit-related issues. While asset quality continues to be generally sound industrywide, concerns over deteriorating underwriting standards and credit concentrations continue to attract significant regulatory attention, accounting for the largest share of matters requiring attention (MRAs) and matters requiring board attention (MRBAs).

The federal banking regulators have encouraged banks in recent months to maintain sound credit standards within risk tolerances, understand the potential credit risks that might be exposed if the economy weakens, and generally strengthen their credit risk management systems by incorporating forward-looking risk indicators and establishing a sound governance framework. At the portfolio level, regulators are particularly alert to high concentrations in commercial real estate, commercial and industrial, agriculture, and auto loans, according to the FDIC.

Information technology and cybersecurity risk. The Federal Financial Institutions Examination Council (FFIEC) updated its Cybersecurity Assessment Tool in May 2017. Although its use is voluntary, federal and state banking regulators typically consider a bank’s use of the FFIEC tool or some other recognized assessment or framework as part of their assessment of an organization’s cybersecurity risk management, controls, and resilience.

On a broader scale, in February 2018, the Department of Justice announced a new cybersecurity task force. Although the task force is not directed specifically at the financial services industry, its first report, expected to be released this summer, could provide useful insight into the scope of the task force’s activities and potential guidance into what types of regulatory actions and controls to expect in the coming years.

Bank Secrecy Act and anti-money laundering (BSA/AML) compliance. The industry has seen a steady increase in enforcement actions—some of which have included severe sanctions— when regulators perceived banks had pared back resources in this area too severely. Compliance with Office of Foreign Assets Controls (OFAC) requirements and efforts to prevent terrorist financing are also continuing to draw regulatory scrutiny.

Consumer lending practices. Regulatory priorities in this area are likely to remain somewhat fluid given the leadership changes occurring at the CFPB, where a permanent director is to be appointed by September. Additionally, legislative efforts that could affect the structure and authority of the bureau also are underway.

Third-party and vendor risk management. It has been nearly five years since the OCC released OCC Bulletin 2013-29, which expanded the scope of banks’ third-party risk management responsibilities and established the expectation for a formal, enterprise-wide third-party risk management effort. Since then, regulatory agencies have issued several follow-up publications, such as OCC Bulletin 2017-7, which spells out supplemental exam procedures. Also in 2017, the FDIC’s Office of Inspector General issued a report with guidance regarding third-party contract terms, business continuity planning, and incident response provisions, and the Fed published an article, “The Importance of Third-Party Vendor Risk Management Programs,” which includes a useful overview of third-party risk issues.

Despite the industry’s hopes for regulatory relief in some areas, all financial services organizations should continue to focus on maintaining sound risk management policies and practices that reflect today’s environment of continuing change and growing competitive pressures.

RegTech: A New Name for an Old Friend


regtech-3-20-18.pngWith all of the buzz around regtech, it’s easy to forget that banks have leveraged technology for compliance and reporting for decades. But thanks to recent developments in data architecture, artificial intelligence and more, regtech is on the rise, and it’s evolving into something a lot more sophisticated.

The definition of regtech is simple. According to New-York-based analytics firm CB Insights, regtech is “technology that addresses regulatory challenges and facilitates the delivery of compliance requirements.” Regtech can be as simple as using an Excel spreadsheet for financial reporting or as complex as using adaptive algorithms to monitor markets. By studying the evolution of regtech, banks can begin to decipher which technologies are aspirational and which ones are crucial to navigating today’s demanding regulatory regime.

Regtech has and is evolving in three key phases, according to the CFA Institute Research Foundation, a nonprofit research group in Charlottesville, Virginia. The first phase was focused on quantifying and monitoring credit and market risks. A powerful illustration of the forces driving this initial phase can be seen in the Basel II accord, which was published in 2004. Basel II focused on three pillars: minimum capital requirements, supervisory review by regulators and disclosure requirements meant to enhance market discipline.

Despite the enhanced regulatory requirements of Basel II, the global financial crisis of 2008 exposed serious deficiencies in capital requirements that spurred the second and current phase of regtech’s evolution. New anti-money laundering (AML) and Know Your Customer (KYC) laws have drastically increased compliance costs. According to Medici, a financial media company, financial institutions spend more than $70 billion annually on compliance. In addition, increased fines for banks, new capital requirements and stress testing have resulted in a heavily burdened banking system. With increased regulatory requirements, we have seen a corresponding increase in technology solutions poised to meet them. The following are a few key areas banks should explore:

  • Modeling and Forecasting: Even if your bank is not subject to the Dodd-Frank Act Stress Test (DFAST) or Comprehensive Capital Analysis and Review (CCAR), it should still be able to leverage modeling and forecasting tools to manage liquidity, meet CECL (current expected credit loss) accounting standards and monitor important trends.
  • KYC/AML: Regulatory requirements that require your financial institution to “know your customer” when you onboard them often rely heavily on paper-based processes and duplicative tasks. In addition, the Bank Secrecy Act requires banks to perform intense transaction monitoring to help prevent fraud. Both of these obligations can be curtailed through the use of technology, and solutions are available to digitize client onboarding and use AI to monitor transactions.
  • Monitoring Regulations: Rules and regulations are being promulgated and revised at a rapid pace. Instead of hiring a cadre of attorneys to keep up, banks can use regtech to monitor requirements and recommend actions to keep the bank in compliance.

Banking is, by necessity, a risk-averse industry. As such, taking a leap with companies that will touch bank data, gather information from back-office software or deploy AI can seem like a scary proposition. Some regtech providers on the marketplace today are new, but some were forged through the fires of the financial crisis, and others are time-tested vendors that have been around for decades. Whether a regtech partner is established or emerging, banks can (and should) hedge their bets by communicating with their regulators and forming a plan to monitor the new technology.

The CFA Institute Research Foundation posits that we are on the precipice of phase three in the evolution of regtech. This future state will be marked by a need for regulators to develop a means of processing the large amounts of data that regtech solutions generate. In addition, regtech has the potential to enable real-time monitoring. Both advancements will require a rethinking of the regulatory framework, and more openness between banks and regulators.

Despite the portmanteau (which is usually reserved for new or unfamiliar concepts), regtech is an old friend to the banking industry. Its future may hold the keys to a new conceptualization of what oversight means. For now, though, regtech represents an opportunity for banks to leverage technology for what it was intended to do: Save humans time, labor and money.

New Anti-Money Laundering Rules Will Impact Banks


anti-money-laundering-6-8-16.pngFueled by the leak of the Panama Papers, the Financial Crimes Enforcement Network (FinCEN) has published a final regulation requiring banks to identify beneficial owners of their legal entity customers. Heralding the new regulation as a critical step in its effort to prevent criminals from using companies to hide their identity and launder criminal proceeds, the Treasury Department, buttressed by new Justice Department initiatives, is amplifying the momentum building within the anti-money laundering (AML) enforcement community to achieve unprecedented transparency across the corporate spectrum.

What the Regulation Does
In writing the regulation, FinCEN has built upon the customer due diligence mandated by existing Customer Identification Program (CIP) regulations, adding a provision requiring banks to identify and verify natural persons who are beneficial owners of legal entity customers together with one individual who has significant management responsibility. To give adequate time for retooling of CIP programs, compliance with the final regulation becomes mandatory by May 11, 2018. Once in force, it will apply to all new accounts, but will only apply to existing accounts when the bank detects information relevant to reevaluating a customer’s risk profile.

FinCEN defines “legal entity customer” to mean a corporation, LLC, or other entity created by filing a public document with the secretary of state or similar office. General partnerships and other entities formed under foreign laws are also covered, but most trusts are excluded.

The regulation permits, but does not require, the use of an official Certification Form. Information must be provided to the best knowledge of the person opening an account. A bank may rely on the information supplied by its legal entity customer so long as it knows no facts causing it to question its reliability.

Beneficial ownership is measured by an “ownership prong” requiring identification of individuals owning 25 percent equity in the legal entity customer and a “control prong” requiring identification of a single individual having significant management responsibility. FinCEN makes clear that only the identity—not the status—of beneficial owners must be verified, and verification procedures should address elements in a bank’s CIP. Updating of beneficial ownership information would be triggered only if normal monitoring detects heightened risk in the profile or activities of a legal entity customer.

Even More Regulations May Be Coming Down the Pike
Treasury also proposes to issue regulations targeting U.S.-based, foreign-owned, single-member limited liability companies, to require taxpayer identification numbers and eliminate exemption from U.S. reporting requirements.

Treasury also has asked Congress to pass legislation requiring a company to disclose owner names at the time it is formed. If enacted, the legislation would enable the capture of critical information when a company commences business and would give U.S. enforcement authorities access to a central registry of beneficial ownership data. Treasury officials have not indicated whether the registry would be made available to banks. Treasury is also recommending legislation requiring U.S. banks to provide foreign jurisdictions with the same information that foreign banks must provide to the IRS.

Aligning itself with Treasury, the Justice Department also is proposing legislation to combat illegal proceeds of transnational corruption. If enacted, the legislation would allow prosecutors to pursue cases directly against corrupt foreign regimes, authorize administrative subpoenas and expand substantive corruption offenses.

How to Prepare
Even though mandatory compliance with the beneficial ownership regulation is two years away, the board should have compliance personnel begin the process of amending their bank’s CIP to satisfy the requirements of the new regulation, paying particular attention to the account opening process.

With regard to account opening, banks should:

  • Determine whether and to what extent the CIP already captures beneficial ownership information.
  • Develop beneficial owner identity verification procedures for legal entity customers that meet the new regulatory definition, and determine to what extent existing CIP verification procedures should be incorporated.

With regard to account maintenance, banks should:

  • Establish criteria and “red flags” that will trigger beneficial ownership reviews and updates of legal entity customers.
  • Identify legal entity customers that meet the new regulatory definition so that the institution will be able to act when triggering events occur.
  • Consider the need, despite no regulatory requirement, for conducting standardized periodic updates of beneficial ownership information.

With two powerful agencies combining to tighten risk-based controls on money laundering and foreign corruption, it is clear that banks will need to devote increased resources to AML compliance. Board members must remain mindful that the functional regulators will continue to require the global enterprise to maintain safety and soundness by appropriately managing risk and minimizing susceptibility to illegal financial activity.

 

Do You Need an Anti-Money Laundering Dashboard?


1-9-15-Crowe.pngAnti-money laundering (AML) has been a focus of regulatory and enforcement activities for several years, and, with heightened concerns about the financing of terrorist organizations like Islamic State group, AML likely will continue to be the subject of close scrutiny. Merely establishing an AML program is not nearly enough—banks also must verify that their programs are operating effectively and efficiently. AML analytics dashboards can help bank directors and compliance officers do just that, acting as an early warning system when a program isn’t operating at desired levels.

An AML analytics dashboard is rapidly becoming a necessary tool for bank directors and compliance officers to take a proactive stance toward changes to their institutions’ AML risks and AML system and model performance. Banks can use AML analytics dashboards to improve the agility, efficiency and effectiveness of their AML programs and reduce the risk of fines and other government actions. In particular, dashboards can help banks to accomplish the following critical compliance activities.

  1. Monitor for and Raise Alerts About Risk Profile Changes
    A bank’s AML risks change in response to new regulations as well as to changes in customer base, product and service offerings, and money launderer and terrorist group behaviors. With the rapid pace of such changes, it’s no longer sufficient to examine an AML monitoring system annually—bank directors and compliance officers need the ability to view their AML risks on an ongoing basis.

    An AML analytics dashboard provides bank executives up-to-date information on the bank’s current risks in a format that is easy to digest and further analyze. By continually monitoring the firm’s AML risk indicators, executives can proactively alert management when an indicator reflects a significant change to a component of the bank’s risk profile. The dashboard then allows directors and compliance officers to examine the details of the change so they can determine what triggered it and take appropriate action to mitigate any increased AML risks. For example, an AML analytics dashboard can raise an alert if the number of customer wires to or from high-risk countries increases by a predetermined percentage within a certain period of time.

  2. Monitor AML System Performance
    Banks typically have multiple systems for AML monitoring and compliance, including transaction monitoring systems, customer due diligence and risk scoring systems, and sanctions screening systems. These systems sometimes fail due to technical issues or human errors. In addition, these systems must be periodically tuned and optimized to maintain their effectiveness.

    An AML analytics dashboard can monitor the health and performance indicators of these systems and alert bank directors and compliance managers when potential issues are identified. For example, a spike in suspicious activity alerts produced by a transaction monitoring system could indicate a system issue or an increase in money laundering activity. An AML analytics dashboard also can monitor and send notification about issues related to use of the system and compliance workflows—for example, if suspicious activity reports are not being filed in a timely fashion.

  3. Perform “What-If” Analyses for Changes to Systems, Programs, and Models
    When performing an optimization exercise on an AML system, or implementing a new system or monitoring rule, bank directors and compliance officers must know the cost implications in advance. An AML analytics dashboard allows management to examine the implications of implementing specific system configuration changes and to perform “what-if” analyses. This is particularly valuable when conducting model tuning exercises. For example, compliance managers can evaluate in real time the staffing impact of setting a threshold for an AML monitoring rule to a particular value as compared with an alternative value.
  4. Demonstrate AML Compliance and System Effectiveness
    AML monitoring systems and models must be validated and audited on a regular basis. Regulators will conduct periodic examinations to confirm that the AML systems have been properly configured and optimized to execute the bank’s AML processes. An AML analytics dashboard can be used as part of a conversation with auditors and regulators to demonstrate how the bank’s AML models, systems, and processes are performing in real time. It also can be used to demonstrate effective oversight of the bank’s AML models.

Act Now
Implementing an AML analytics dashboard can prove time-consuming, so banks without a dashboard should start gathering the requirements now so they can reap the benefits as soon as possible. Regulators likely will begin to expect banks to have these systems in place in the relatively near future, and bank directors who want to stay ahead of the curve will make implementation a priority.

Safeguarding Your Institution’s Anti-Money Laundering Compliance Program


12-5-14-Covington.jpgThe Financial Crimes Enforcement Network (FinCEN) earlier this year issued an advisory, FinCEN Bulletin 2014-A007, “Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance,” stressing the need for financial institutions to have a strong culture of anti-money laundering (AML) compliance. A financial institution without such a culture, FinCEN asserts, is likely to have shortcomings in its Bank Secrecy Act/AML compliance program.

FinCEN’s advisory is just one of the latest governmental developments that places tremendous pressure on a bank’s board of directors to focus on AML compliance. The advisory attributes a strong compliance culture to, among other factors, the board of directors’ active support and understanding of the bank’s AML compliance efforts.

The need for a bank’s board of directors to be involved with AML compliance has been emphasized repeatedly in the past year. Recent enforcement actions against all types of banks, from multinational banking organizations to small community banks, have required boards of directors to play a prominent role in understanding and ultimately executing the enforcement action. Many actions have imposed remedial requirements on the board of directors itself to strengthen board oversight of the bank’s AML compliance program.

However, significant fines, compliance costs, and reputational damage from an enforcement action are not the only risks from a deficient AML compliance program. The federal banking agencies have delayed approval of several mergers, acquisitions, and other corporate transactions due to deficiencies in one of the parties’ AML compliance program. If a federal banking agency withholds its approval for a corporate transaction due to AML compliance, the closing for the transaction can be substantially delayed, thereby having the potential to make public in a highly visible fashion the compliance deficiencies as well as any remedial measures being taken by the bank.

All of these reasons demonstrate the importance of AML compliance to a bank and the imperative that the board of directors plays a significant role in overseeing the AML compliance program.

An effective AML compliance program requires significant resources and consists of several key components. The federal banking agencies’ enforcement actions and guidance have emphasized the following components:

  • Tone at the top—FinCEN Bulletin 2014-A007 stresses the need for a culture of compliance, and this culture starts with a clear expression from the bank’s board of directors that the bank does not engage in money laundering and terrorist financing and will not tolerate deficiencies in its compliance program.
  • Risk assessment—The cornerstone of an AML compliance program is a detailed risk assessment that identifies and measures the various areas of AML risk at the bank. The risk assessment provides insight into the areas of potential exposure to the bank, prioritizes ways to reduce risk within the compliance program, and enables the board of directors to track over time areas of risk and senior management’s implementation of internal controls to reduce risk. An AML risk assessment should be sufficiently detailed, updated periodically, and accessible to functions and business units in the bank with responsibility for AML compliance.
  • Monitoring and reporting—Day-to-day AML compliance requires extensive monitoring of transactions for suspicious activity and compliance with reporting obligations. Aside from compliance with these legal requirements, however, daily monitoring and internal reporting help ensure that bank employees not only react appropriately to overtly suspicious activity but also proactively identify circumstances that, although not facially suspicious, warrant further review.
  • Independent review—An AML compliance program is required to contain a mechanism for an independent review of the program. Independent review is an essential check on the program and those employees who are responsible for its administration.
  • Training—AML training for employees has evolved substantially from its earliest forms as a single presentation made available to all employees on a company intranet page. Training can be customized to the business line or function, include frequent team updates to pass along information quickly and directly, and culminate with a mandatory test that employees must successfully pass.

Boards of directors should have confidence that senior management has taken the necessary steps to implement an effective AML compliance program that includes these components. The potential consequences for AML compliance deficiencies are simply too severe and far-reaching for a board of directors to be passive and not actively engaged with the program.