By Joel Lange,
payments product manager
Since the emergence of software systems to screen payment messages against sanctions lists in the 1990’s there has been a constant struggle between ensuring compliance with global sanctions regimes as well as demonstrating increases in payment efficiency. While compliance departments are judged on implementing effective controls that protect the organisation from a regulatory fine, operations departments are judged on the efficiency of their systems ensuring that payments get out the door with little manual intervention. In the past decade the globalisation and expansion of Anti-Money Laundering (AML) standards have had a direct impact on Straight Through Processing (STP). This has occurred in two main areas. The first is the increase in the size and breadth of the high-risk entity data files organisations are using within their screening solutions. The second is the increase in the scope of screening required by regulators.
The expansion of watch list data
Sanctions programmes have been in place for decades. The US embargo on Cuba has continued since the 1960s. Certainly there has been a proliferation of similar programmes following “9/11”. Since 1993, the US Treasury Department’s Office of Foreign Assets Control (OFAC) list has increased in size by nearly ten fold. This trend is also prevalent in other domestic lists such as Her Majesty’s Treasury List in the UK or intra-national lists such as those provided by the United Nations and the European Union. The vast majority of global organisations will screen their payments against a consolidated file including these lists as well as lists from jurisdictions where they operate or for currencies that they trade or remit payments in. As organisations become more global the amount of lists they are obliged to comply with naturally increases. Also prevalent is the need to add private or homegrown watch lists of individuals or corporations banned by the organisation. The entity counts for a “basket” of watch lists can be as much as 50,000 entity names.
This pales in comparison to less real-time screening exercises where lists including Politically Exposed Persons (PEPs) and Negative News entities can reach the heights of 1,000,000 entities. Fortunately legislation has not gone as far to say that organisations must screen payments against these lists as the operational impact in terms of false positives would be significant. The lack of legislation, however, has not deterred some organisations from attempting this type of screening if not in real-time, more often in a post-haste manner.
More fields to screen, more false positives?
The second area involves regulatory bodies like the Financial Action Task Force (FATF) demanding the addition of screenable fields to payment messages. These include the MT202 COV as well as new FATF recommendations currently being discussed to add further beneficiary fields for all payment types. The emergence of the MT202 COV came as a necessary improvement to make sure that interbank transfers related to an underlying credit transfer included screenable beneficiary details. The industry braced itself for large increases in false positives. KPMG’s Global Anti-Money Laundering survey states that only 50 per cent of banks responding were using the MT202 COV and “only a quarter of European financial institutions stated that they always use the MT202 COV” (1).
It may therefore be too early to tell the exact effect on the industry from the creation of this payment message. However in the Wolfsberg Group’s representations to the FATF in regard to their standards review, they confirm that “with the implementation of the MT202 COV messages, false hit messages increased by 30per cent” (2).
Organisations globally will configure their systems to adjust to the regulations that affect them directly. However sometimes they need to be conscious of the regulations that affect their banking partners, in particular when it comes to US financial institutions. European banks in jurisdictions that maintain normal diplomatic relations with, for example, Cuba have always been careful to exclude US based banks from their correspondent chains for Cuban payments. Recently this has been more complex as banks have found that Cuban payments sent via correspondents in Europe can also be frozen if that bank is a branch of a US financial institution. To mitigate this banks have looked to add databases of the BIC codes of all branches of US financial institutions globally.
Another example of this was the sanctions changes which occurred in the recent ‘Arab Spring’. Changes to Libyan sanctions occurred in quick succession sending both banks and their data providers into action to add entity names to their screening environments. US-based financial institutions using enhanced sanctions data were quick to add the names of companies owned by the Libyan Investment Authority (LIA) such as Deutsche Tamoil GmbH in Germany, an organisation with business links throughout Europe. Before sanctions were in full force, business partners sending payments via European banks had no issues getting payments to Deutsche Tamoil, however those using US banks in Europe had money frozen.
Not just a banking problem
The situation described above, with a payment being frozen due to the interpretation of a banking partner, actually occurred with a FTSE 100 company. This company has no regulatory requirement to screen the payments it sends to its banking partners against sanctions lists. Traditionally, this practice has been limited to the financial sector; however, the impact of a payment being frozen and subsequently delayed has a massive impact on an organisation’s supply chain. There is also the risk of the banking partner discontinuing relations for repeated sanctions violations. Screening vendors is becoming increasingly popular in the corporate sector and not just for sanctions compliance. It is also to comply with bribery and corruption legislation mandating controls over payments to PEPs.
The increase in pressure from regulators has led some banks to put pressure on their downstream payment partners. This is especially the case with foreign exchange and payment services providers using banks to process aggregated volumes of payments. Banks are requiring these partners to demonstrate robust payment screening facilities to ensure that sanctions screening is being performed. This naturally decreases the risk of banks and potentially could reduce false positives, especially if their partners are using similar screening systems.
Who will win AML or STP?
Ultimately, organisations, especially those which specialise in payment processing will need to keep STP rates high in order to keep costs down and garner volumes. Increasingly payments professionals will interact with their colleagues in the sanctions and AML areas of the organisations in order to dictate a healthy balance between payment efficiency and risk mitigation.
(1) KPMG AML survey 2011
(2) The Wolfsberg Group Comment Letter on FATF Standards Review January 2011