Based on excerpts from A-Z Financial Crime in Africa, Temenos
The African banking market is rapidly growing, both in client numbers, as well as in the number of channels available. As a result, African banks are increasingly struggling to fight financial crime. According to PWC's Global Economic Crime Survey 2016, reported 'economic' crime has gone up by 7% in Africa over the last 2 years (to 57% against a global average of 36%). And KPMG's AML (Anti-money laundering) survey listed Africa as having the lowest satisfaction rate in terms of its transaction monitoring system. But why is fighting financial crime so complex and how can this cycle be broken?
In general, banking has become increasingly dependent on technology, and in the absence of a countervailing strategy, the systems that banks depend on to deliver their services have multiplied and grown much more complex. Complexity includes the growing number of channels, including websites and online banking platforms, mobile banking services (eight of the ten countries that make the most use of mobile ﬁnancial services live in Africa) and social networks. In addition, banks' IT has become more complex, as new information systems are implemented on top of older systems, building up layers of technology that do not necessarily link together, making it much more difﬁcult to gain a uniﬁed view of operations and spot illegal activity.
A common issue with AML and sanctions screening is that a system needs to allow for irregularities. In many cases, a financial institution's (FI's) data will contain gaps and inconsistencies. This may have come from established clients whose data was not fully captured or poor Know Your Customer (KYC) processes, irregularly updated or irrelevant data spread across disparate systems, or simply the inability to capture some types of information.
But the issues don't always lie with the FIs' data. There are often issues associated with the sanctions lists that the data is matched against. They may be poorly structured, or have incomplete or inconsistent records, and there is a risk that bad data is being matched to bad data. One method
of addressing this is to use a system that contains wizards to test newly-published public or private lists, highlight areas for improvement, enrich data with additional variations and permutations, and apply rules to avoid false detections. There is also the issue of coping with the increasing number of ofﬁcial lists to check against and their different formats.
Many banks within the region have highlighted that they find it challenging to monitor PEP relationships. In particular, large number of banks in the Eastern African region still rely exclusively on front office staff to identify Politically Exposed Persons (PEPs). And with only 77.3% of African banks requiring customers classiﬁed as PEP's to evidence source of wealth and/or source of income, this makes their jobs even harder. In fact, 77% of African FI's are concerned that they don't have qualified resources to identify financial crime and 72% say that there is an overall lack of training. This is further backed up by stats that show that only 34% of banks within the region have personnel that are fully trained to understand and be aware of ﬁnancial crime inhouse.
And with even relatively small institutions having multiple databases running on different servers that are accessible to a large number of staff, there are also growing issues with insider fraud. Collusion between staff members remains the easiest way to commit fraud within a bank. Aside from direct collusion, employees may also be able to defeat the four eyes principle if there is poor password security within the bank. If a staff member is able to gain access to a colleague's passwords, he or she may be able to carry out fraudulent operations on the system and sign in under another person's identity to validate them. As before, frauds carried out in this way are likely to be very difﬁcult to detect.
For a financial crime system to function effectively, a wide variety of lexica for city-/country-connections and bank identiﬁers in various market networks, need to be considered. Effective software screening solutions use lexical analysis to match against not only country name
variations, ISO country codes and deductions from city names, but also free text descriptions and ﬁnancial identiﬁers. The solution must be sufﬁciently agile to spot even the slightest irregularity, utilising features such as 'relaxed pattern matching', where words are compared with a tolerance for approximation. Flexibility is key, as every institution will have its own needs, and rules may need to be applied according to requirements such as geographical area or business line.
Cultural differences are also important when screening for sanctions in particular, as these can be used to avoid detection. In many cultures, people may use four or ﬁve names, combining their given name and family names. Matching algorithms that fail to take into account these cultural differences result in gaps for FIs to fall through when the individual slightly modiﬁes their name. Effective software should have good support for these cultural differences, capable of matching on portions of the name or name elements which are 'flipped' in order, and weighting them differently.
Breaking the financial crime cycle
92% of financial institutions in Africa state that money laundering is high risk, but failure to address financial crime is also a growing risk. In April 2014, South Africa's central bank ﬁned the country's four largest lenders a total of 125 million rand ($11.9 million) after ﬁnding deﬁciencies in their controls to combat money laundering and terrorist ﬁnancing. Despite the multiple considerations and issues that African banks are facing, it doesn't have to be this way. The right software should be able to effectively consider all the challenges listed above and evolve with the changing environment. It should screen a customer database, payments and any other type of transaction, and compare these against sanctions lists or customer profiles. Software should be sufﬁciently intelligent to identify when a transaction is matched up legitimately, yet there isn't a sanction applied or an incident of money laundering. This is often referred to as a 'false positive'.
But the right solution provider should look at the regional (and particular bank) challenges and look to address these. For example, from a staffing perspective, education is key. A good provider should have a post launch plan to re-teach and re-calibrate solutions at least every six months. This way, the maximum benefit is derived from the financial crime software. Another consideration is that a lot of the smaller banks don't want to pay for a list subscription. A knowledgebase can be created to support these banks, offering a list of both private and public lists for them to access.