Introduction
Challenges
Insufficient Granularity of the Customer Risk Profile: The historical risk rating scale did not have the granularity to align to the true customer profile and regulatory standards.
Lack of Controls in Identifying Customers due for Review: Data quality and aggregation issues resulted in customers not being identified within adequate lead times to allow teams to complete review before the required due dates to be compliant with regulatory requirements.
Exclusion of Transaction Monitoring in the Re-review of Clients: Client activity was not being analyzed to ensure trade activity aligned to the nature of the business.
Implementation
Customer Risk Rating Re-design:
The risk rating model had to be analyzed and recalibrated to evolve from a High, Medium, Low risk rating to a High, Med-High, Med-Low, Low model. The key client details such as location, nature of business, location, type of activity, ownership structure, and negative news had to have their risk weights and mapping to each of the level adjusted based on guidance from regulators and benchmarks against industry standards. To accomplish this enhancement a redesign of business processes, application workflows, and system calculation models had to be re-engineered and redesigned.
Customer Review Control Implementation:
To ensure customers had their profiles reviewed and revalidated within the timeframe mandated by regulators, new exception reports and controls were implemented. As a first step to ensure accurate reporting, front office systems were modified to standardize inputs to eliminate data inconsistencies and data quality issues. From there a consolidated database was created to act as a golden source to generate reports based on controls that would identify clients that were coming up for review within a specified threshold and alert the appropriate teams to take action based on level of priority.
Transaction Monitoring Implementation:
As client activity was not previously taken into consideration when assessing a client’s risk rating, an additional client specific activity report and review process had to be established as an additional dimension of consideration when calculating the overall risk rating. This began with the development of a client specific report that consolidated current and historical trade activity and analyzed the data to calculate a variety of metrics. Additional logic was built into the report to identify activity that fell outside of the usual trade thresholds, product types, or activity within high-risk sector or region. These factors were then fed into a bespoke model to generate a risk score that would feed into the overall risk calculation.
Results
Through collaboration across Compliance and Technology, this bank was able to successfully evolve their customer review process to adhere to regulatory requirements and industry best practices. By evolving their 3-rating system to the more granular 4-rating system, this bank was better able to identify which clients required additional oversight as well increase their operation efficiency by reducing the over-reviewing of clients which were originally misclassified into a higher risk rating.
Through the implementation of data quality and customer controls, this bank was able to better scope their clients into appropriate review phases to ensure adherence to regulatory deadlines. Within the first year of implementation there was a 100% compliance rate with no overdue reviews.
Additionally, with the inclusion of transaction monitoring within the client review process, client that operated outside their original business intention were identified and engaged to update their client profiles, revise their trade agreements, or raised to Compliance for additional action. This resulted in a overall better understanding and servicing of their clients as whole and reduction of inquires from regulators regarding suspicious activity.
Conclusion
By transforming their Compliance Program with regards to their client onboarding and ongoing review, this bank gained benefits across a multitude of dimensions. First, they were able to improve their operational efficiency by reducing the frequency of reviews needed due to over classifying the risk of their clients. Secondly, they were better able to comply to regulatory requirements by ensuring their clients were reviewed by the necessary deadlines, which in turn reduced the risk of regulatory fines and actions. And through the review of client activity they were better able to ensure their clients were not engaging in non-compliant activity as well as ensuring they were offering the right assortment of financial products to their clients.