LexisNexis Risk Solutions’ Chrisol Correia on AML, the convergence of risk intelligence

Chrisol Correia is director of global financial crime compliance for LexisNexis Risk Solutions. He leads the firm’s global anti-money laundering solutions strategy and technology-driven product development.

In his role, Correia works with the largest financial institutions in the world. Based in London, he is responsible for managing and developing international AML and financial crime solutions, including customer- and transaction-screening software, and data solutions for third-party risk management.

We spoke to him regarding trends in anti-money laundering efforts internationally, why this sort of criminal activity proves so difficult to weed out f legitimate finance.

Correia also discussed how compliance, tax, and know your customer data, once siloed, is coming together to provide banks the heightened risk intelligence they need to operate efficiently and make quicker, more informed risk decisions that support both compliance needs and business growth.

Looking at some of the stats coming in from Basel, the Financial Action Task Force on Money Laundering, and other sources, it seems that money laundering, despite all the focus and attention it gets, is not going away.

Why is money laundering so hard to tamp down?

Banks have invested a lot of time and effort in systems, data, and training to bolster their lines of defense, but AML is a persistent problem that is constantly evolving.

While money laundering still takes place, however, it is still a lot more difficult to walk into a bank with a $1 million deposit without a whole range of questions being asked. It is a lot more difficult to walk into a casino, exchange cash for chips, put some money down, and walk back out again with clean money.

The defense mechanisms provide better protection against the way money laundering was typically undertaken, but there are still challenges. Professional money launderers are clever. They spend a lot of time and effort working out new strategies. Banks, their vendors, and government regulations, need to keep pace with them. That can be difficult to do, in part, because some of the transactions and products used to launder money are so very complex.

Trade-based money laundering, for example, could be described as a persistent problem. It is very difficult to determine if one set of microchips is worth $1 million dollars or $5. With underinvoicing, overinvoicing, and other various sorts of trade-based fraud, money laundering becomes very difficult to detect.

De-risking is a real issue. As you said, the government regulators don’t like it, but the banks feel that it’s a proper response to the obligations they need to comply with. It is also a bit confusing because, in some ways, sanctions policies, particularly with regards to Iran, have been all about de-risking.

Technology is more effective. I’ve been in this field since 2000 and the tools available to banks have grown. Technology like artificial intelligence and machine learning are being deployed the frontline, plus compliance department have grown in size and in importance. The role of compliance, hopefully, now has direct reporting to the board.

Money laundering is still a persistent threat. There is, however, greater recognition of the offenses around money laundering and tax crimes. We see more and more countries following the Financial Action Task Force guidelines and criminalizing money laundering.

One might think that the U.S. is right on top of money laundering issues, but when it comes to beneficial ownership, it is also admonished, and rightfully so, regarding matters like beneficial ownership and legal entity identifiers. Even in countries with seriousness about this issue, there remain lapses.

Why do people rob banks? It is because that’s where the money is. Money laundering goes where the money is, in places like the U.S. There’s a lot of money there and, inevitably, that’s were a lot of it ends up.

Now, there is concern of course about the use of opaque corporate structures being used for money laundering.

There are areas where identifying beneficial ownership is very difficult and some jurisdictions in the States maintain facilities where it’s relatively quick and easy to open new corporate structure without having to treatment provide much support for any information about the purpose or beneficial ownership.

Our clients are taking that more into account in the risk assessment. So, at the point of onboarding, there’s a greater range of questions being asked about the purpose of a business and who owns it. Banks have become more sophisticated in their efforts to identify potential (shells) and I think there is ongoing monitoring processes and personnel to identify corporate changes that could indicate capture by organizations or individuals who intend to money laundering.

Recently, the House Financial Services Committee held a hearing on the financing of “lone wolf” terrorists. We think of a lot about terrorism financing and the money laundering associated with it. There are, in response, Suspicious Activity Reports and a $10,000 threshold for transaction reporting. There is a problem, however, with the persons involved in small-scale money laundering that may support their terrorism activities. The fear is that they could slip through the cracks.

Yes, and the small guys, as you call them, are not surprisingly the hardest ones to stalk. Some of the terrorist attacks in Europe are funded with very little in terms of a monetary value.

Now, we are seeing that the European Union, for example, is placing more requirements on compliance and governance around prepaid cards, making sure there are appropriate checks and harder to use that very portable means of finance. We see quite sophisticated arrays being used to detect these patterns, but it’s still very difficult.

As the financial system and law enforcement have, in relative terms, become more successful in catching the big guys it is the little guys that pose the biggest risks. If you are a terrorist, perhaps you don’t want to do business at one of the big banks because you know they’ve got sophisticated technology. You probably want to open sort of a relatively low-key product at a community bank where there may not be a dedicated compliance department or they may not perceive themselves to be at a high risk.

There is a need for those institutions to really look at their risk assessments carefully and the put in measures to help manage those risks effectively.

Sanctions compliance continues to be challenging.

It is not only the scope of the sanctions but also the complexity of implementing the requirements and the speed which they change. We have customers that update their Office of Foreign Assets Control lists, for example, within minutes of it changing something on one of their lists.

When the first wave of sectoral sanction targeting Russia came, we saw that many financial institutions really struggled with implementation. They combined features of fairly traditional country sanctions and functions on the asset movements of individuals and companies. But they also targeted goods and services. It was that piece that I think customers found it harder to adapt to.

They were new, of course, but much of the compliance infrastructure hadn’t been geared up to manage sanctions risks, around products. So, the financial institutions that dealt with Russia or trading of various capital markets products, they had to adapt really quickly. We put a bigger effort into providing more beneficial ownership information for sanctions, Russian entities, and their proxies.

ABOUT CHRISOL CORREIA

Chrisol Correia leads LexisNexis Risk Solutions global anti-money laundering solutions strategy and technology-driven product development. In his role, he works with the largest financial institutions in the world.
Based in London, he is responsible for managing and developing international AML and financial crime solutions, including customer- and transaction-screening software, WorldCompliance data solutions for third-party risk management, as well as international identification verification solutions.
Areas of expertise include AML-KYC, real-time transaction filtering, negative media monitoring and anti-bribery and corruption compliance.
Correia has developed compliance data solutions since 2001, primarily for the financial services sector. He has worked with clients in six continents and is a regular speaker at events such as ACAMS and SIBOS, as well as often contributing to industry briefings for the British Bankers’ Association as well as industry analysts, like Chartis and Gartner. He is regularly called on by the UK and international mainstream and financial press, including the Daily Telegraph, Reuters, Bloomberg, American Banker, Wirtschaftswoche and The South China Morning Post, for commentary on money laundering, terrorist financing and global sanctions.
Educated at the University of Leeds, he received a Bachelor of Arts, subsequently attaining his Master of Arts from King’s College, London.

Now, I think that the sectoral sanctions on Russia were deemed to be a success so we expect to see more of them. Banks and other financial institutions are having to spend more time onboarding customers and then monitoring their behavior and activities. They need to make sure they’ve got the right policies, procedures, information, training, technology, and data.

There is also the concept of de-risking. A lot of financial institutions would probably be more than happy to say “this industry is off the books,” or “this country is off the books,” but you have the regulators in the U.S. saying, “no, broad de-risking is bad and you need to take a scalpel, not an axe to the problem and do better risk assessment.”

There are two jobs here. You’ve got to prevent money laundering from happening and passing through your institution. You also need to figure out a correct risk management process. Can the two be related in your program? Also, what changes are being done in order to pick up red flags and separate them from false flags?

I agree that there has been a trend towards de-risking. I think that’s here to stay. There are more publicized places where certain types of people have been de-banked, and certain types of products have been withdrawn for certain people. It’s quite difficult now for U.S. citizen and some parts of Europe to open up an account because the bank will never make any money from that relationship because of the FATCA [Foreign Account Tax Compliance Act] reporting obligations behind it.

De-risking is a real issue. As you said, the government regulators don’t like it, but the banks feel that it’s a proper response to the obligations they need to comply with. It is also a bit confusing because, in some ways, sanctions policies, particularly with regards to Iran, have been all about de-risking.

A more sophisticated risk-based approach takes in a much broader range of factors. We’re seeing our customers bring together what may have been previously disparate information sources. For example, private banking may have had a view of the customer, asset management had another, retail had another, and so on and so on. There are different countries, different lines of businesses, and we’re seeing efforts to bring these different facets from across a global institution together into one place to provide a fuller, more holistic view of risk that is greater than the sum of the parts. That is a good approach for large international institutions.

For smaller firms that may not have that range of products or geographical spread, it is about knowing your customers better and having more touch points with them that invariably can be used to understand their needs more effectively. It can lead to some good intelligence about the types of things the customer needs.

There has been more investment in Know Your Customer programs because it’s recognized the intelligence you get from them can be very useful in terms of providing services. It removes friction from the onboarding process.

We see there being quite a high dropout rate when it comes to trying to create a new commercial banking relationship, for example. Anything the banks can do to reduce those dropout rates by taking the customer along with them as they go through the process eally a benefit.

A lot of new technologies coming into play: artificial Intelligence, machine learning, perhaps even blockchain. How important is it for this evolving technology to combat parallel evolving technology on the bad guy’s side?

I think of a customer in the Middle East, a large bank offering with corporate banking and treasury services. I spoke to the compliance officer and he had just been with a customer. It was a FinTech offering with cheap, accessible, remittance services for expatriate workers. It had all the characteristics of a business you would want to bank: high growth, good leadership team, good brand, good marketing decisions, et cetera. But, my customer told me, they didn’t have a compliance department and so they had to close relationship.

Until relatively recently, some of the FinTech providers assumed that compliance wasn’t part of what they did. That was really what the banks would do for them, they thought. As we know, that’s not the case and regulators are raising their expectation of how the FinTech sector responds to compliance applications.

We think FinTech will respond as well. There’s a greater awareness of the legal and social obligations of making sure that a payment platform isn’t used by criminals to trade pornography, credit card details, or whatever it may be. Also, being able to demonstrate good compliance is a way of securing a good banking relationship because, at the end of the day, a traditional bank is still going to need it at some point.