MAKING SURE CUSTOMERS BEHAVE
Home > Case Studies
In recent years, our client paid a record-breaking fine to US authorities for a range of failings, including money laundering and doing business with countries covered by sanctions. As part of their settlement, they agreed to improve their internal controls. Since then, they have implemented global standards for money laundering and sanctions, upgraded IT systems to better monitor transactions and strengthened their Financial Crime Compliance function.
Our client needs to screen and block payments linked to sanctioned individuals, entities and countries. Automated software is used to screen payments against sanctions lists and to identify potential stripping activity where payments have been purposefully altered. Customers may intentionally remove information - such as customer names, bank names, vessels and addresses - to prevent sanctions screening filters from stopping the payments. A resubmitted payment will not be stopped by sanctions screening software if the information removed was the information that originally matched against the sanctions lists.
With the risk of large financial penalties and the bank’s reputation at stake, it is crucial that our client has in place a solution that can detect and block these resubmitted payments before they can be processed. Facilitating or turning a blind eye to resubmitted payments may subject our client and its most senior executives to regulatory actions and criminal proceedings.
Simply having the correct systems, however, is not enough to prove compliance with sanctions regulation. Our client also needed to provide clear and documented evidence of regular monitoring and testing of its resubmitted payments processes.
Our client wanted an independent assessment of the current processes in place for identifying and stopping resubmitted payments in order identify potential areas of concern. They also wanted to implement a new monitoring framework in this area. This process needed to sit as an independent function in the second line of defence.
Our first step was to review the current policies and procedures in place for identifying and stopping resubmitted payments. We then conducted a number of interviews and process walk-throughs with the global payment teams to understand how the policies and procedures were actually used by staff ‘on the ground’. Once we had this information, we could design the compliance testing process.
The testing process was designed to periodically select and review a sample of resubmitted payments and to report on the operating effectiveness of controls and/or adherence to the clients policies and procedures. A key part of the process was to develop a test plan and build repeatable test scripts for use by the compliance team. We also needed to ‘test the tests’. This involved testing the operational effectiveness of the procedures and controls implemented by our client for identifying and stopping resubmitted payments.
Once the testing process had been agreed, we turned to the design of the monitoring process. This involved reviewing and analysing key performance and risk indicators related to resubmitted payments so allowing our client to identify potential compliance violations. Key performance and risk indicators were translated into monthly management information reports covering both the compliance monitoring function itself, along with the results of resubmissions payment testing.
Our client now has a robust monitoring process over its resubmitted payment process which acts as an early warning system to allow senior management to identify - sooner rather than later - potential compliance issues. They can also demonstrate to regulators that they take the improvement of their compliance monitoring function seriously and regard it as an ongoing process.