Risk assessments, streamlining KYC and building meaningful red flag indicators are primary areas of concern for Indian anti-money laundering professionals in banks and should be high priorities for activity in the near future. Attention to robust and comprehensive staff training must underpin AML in regulated entities, added, PK Tiwari, the director of FIU IND, the Indian financial intelligence unit, although training norms vary from bank to bank. The unit is planning to publish a brand new typologies report, is implementing a series of red flag indicators in banks and has introduced new reporting software which should enable more concise analysis of data contained in suspicious transaction reports. The question of enforcing the regulations, however, remains open. Although the FIU is keen to work with banks to make sanctions a rarity, the director underlined they are a necessary part of any AML regime.
The FIU is guiding banks towards several distinct areas of work required to bolster AML/CTF.
Increased awareness of the risks posed by financial products and services. The increase in interactions with non-face to face clients and products in the Indian market raises questions about ‘know your customer’ information. As in any burgeoning compliance culture, banks need to move towards more complete KYC processes to obtain a deeper understanding of the client. Risk management and a risk based approach to banking, AML, CDD and risk rating clients and products are operating fully in MNC and some private banks in India. Many institutions are at the implementation stage.
Adopting a risk based approach to financial products and services is widely accepted as best practice. Assessing these risks will give the compliance officer a more complete profile of the product and ultimately feed into transaction monitoring systems, creating more useful reports which will lead to a swifter decision on whether to escalate or close a query. Products bought and sold remotely pose a higher risk than those sold over the counter. The same logic applies to clients whose only interface with the bank is online, as opposed to in a branch. This message must filter down to customer facing staff.
Red flags should be a part of a bank’s core banking solutions. Developing effective red flag detection systems is a work in progress. The risks associated with products, clients and behaviour evolve throughout the lifetime of the banking relationship and the red flags should develop accordingly.
- The FIUIND, the Reserve Bank of India and the commercial sector are working on publishing a series of red flag indicators, examples of how the Indian banking system in India has been used by financial criminals.
- A combination of up to date market information, emerging trends and typologies are needed to identify red flags.
- Red flags differ in different banking verticals – banks need to look at how each business line operates and develop red flags for each line.
- Developments in industry trends, practice and customer behaviour will guide changes and updates in red flag indicators.
- Regulated entities must build mechanisms to continuously review and refine red flags in line with changes
- They should also adequately inform themselves of the developments in this area via the media and industry associations.
Find a library of typologies in the Case Studies section of Compliance Knowledge Platform.
Shifting reporting from reactive to proactive The trend in Indian banking has been to send reactive STRs to the FIU. Examples relate to media reports on frauds discovered at banks will cause a flood of related STRs to the FIU. While this undoubtedly helps the case, had the banks been aware of behavioural patterns in accounts and reported anomalies to the FIU as a matter of course, there is a chance the fraud or financial crime could have been identified and stopped earlier. The regulator has imposed fines upon some banks for not having systems in place to identify threats.
In 2011, Citibank India paid a 25lakhINR (US$50,000) penalty for a case of employee fraud that lost the bank’s customers 300crINR(US$5.9m). That aside, many of the fines imposed on Indian banks for AML failures have been an average of 1lakhINR(US$2,000) handed out to cooperative rural banks in Gujarat. In November, the National Bank for Agricultural and Rural Development warned rural banks they faced sanctions for failing to implement adequate KYC and counter terrorist financing measures. Banks have one month to present a written plan of action for implementing KYC norms to the NABARD, or face regulatory penalties.
Although the FIU IND has a mammoth task on its hands, the incentives to comply are not apparent. The regulator’s enforcement regime is not strong. The direct approach favoured by the US and UK regulators, which sees fines for AML and sanctions breaches reach into the millions, have closed some institutions. The FIU IND claims it wants to make sanctions a ‘rarity’, and with the absence of any meaningful enforcement regime, it is not clear at this stage how the government plans to incentivize compliance with the AML regime.
Centralized KYC – a possibility?
The government wants to avoid duplication of KYC information requests and essentially reduce the inconvenience to the customer, which it sees an obstacle to streamlined banking. Banks across the country do not ask for the same information, and a lack of standardized approach has created a trend towards the banks of least resistance, ie those that ask for less information. The FIUIND director called upon banks to debate the pros and cons of a centralized KYC database. Data sharing laws may stop banks from sharing client information but a unified system of KYC should appeal to the banks with more stringent systems. Encouraging those without good KYC to comply with the requirements is already a challenge for the government. Nonetheless, KYC in banking is firmly on the agenda for change.
Mandate for training or mandate for learning?
Comprehensive and risk based training on AML risks, KYC data and red flag indicators is an essential part of building a solid counter financial crime regime in banks. Although the FIU and government claims training should form the basis of AML, and the Reserve Bank of India mandates AML training, there is still little take-up from some banks. Some banks restrict training to those in the AML unit, and issues the difficult to interpret RBI circulars to the remaining staff. In others, client facing staff members ask others to take the course on their behalf. There is no system for monitoring who is learning and what they are learning. Perhaps the bigger debate facing compliance officers is this: how can you convince your entire workforce to support and comply with AML in your bank without engaging them in active learning?