Anti-Money laundering, KYC & Regulations
Following a review in 2014/15 by the New York State Department of Financial Services, they concluded that there were significant weaknesses. One of the central failings was that virtually all organisations were using multiple, fragmented, siloed, non-consistent anti-money laundering and watch-list filtering processes and procedures. Data quality was highlighted as one of the significant hurdles and is specifically targeted which now requires “validation of the integrity, accuracy and quality of data …. to ensure a complete and accurate transfer of data from its source to automated monitoring and filtering systems”.
DFS 504 requires those in charge of Operations, Compliance and Risk Management, or the Board of Directors of a regulated entity, to annually certify that the monitoring and filtering systems in use are compliant with these regulations. Criminal sanctions for failure do not apply however individual liability may be imposed for up to 5 years post certification. Therefore for 5 years’ each institution is required to maintain all records, schedules, models and data supporting their certificate. This has far-reaching effects as it covers all services, products, operations, clients, customers and counterparties serviced by a regulated institution in all geographical locations.
Part of the process of being compliant requires an organisation to have a clear understanding of how data flows through their business and being able to detect anomalies and unusual processes. This entails end-to-end pre- and post-implementation testing, validation, data mapping, model efficiency, data input/output metrics and details of the system’s design.
All the assumptions must be fully documented and such documentation regularly updated. As anti-money laundering data is typically extracted from multiple sources, often in multiple formats, Solidatus is the ideal application to bring together all the siloed information. Not only can Solidatus rapidly import captured lineage from ETL & Governance applications, it can ingest scanned metadata models, excel documents and everything can also be entered manually. Dynamic display rules can also be added that show toxic combinations and as everything is captured, a complete audit trail can be shared with the senior management and the regulator. Additionally, the models can be forked to allow a ‘what if analysis’ to illustrate how changes to the data structure(s) might affect the organisation as it flows across sets of co-operating services or systems.