COVID-19 Challenges: Working in a Remote Compliance Environment and the Top Ways Technology Can Help

June 11, 2020
By: Sadi Bezit, Regional Solution Consultancy Lead, Nice Actimize*

Due to the recent COVID-19 pandemic, the need for organizations to accurately and efficiently screen customer names and transaction against a variety of lists has increased significantly. Institutions now face several remote working challenges that have led to a renewed focus on watch list compliance.

Despite this challenging environment, organizations remain obligated by regulations to avoid conducting business with sanctioned countries, organizations, individuals, or trading in prohibited goods. They are also required, as always, to screen transactions and customers against multiple sanctions lists and screen customers to identify Politically Exposed Persons (PEPs) and high-risk customers.

To avoid missteps that can result in fines and reputational damage in the post-COVID-19 period, remote compliance officers must create and maintain a robust and effective watch list filtering program that will enable their organization to keep up with high standards in enforcement, yet minimize the impact on the organization’s time and remote resources. The best way to accomplish this and overcome any unique challenges is through the use of effective technology.

Unique Challenges Due to COVID-19 Pandemic

The global pandemic has created some unique challenges for compliance officers who are finding themselves faced with unexpected changes within their own organizations.

  • Influx of mergers and acquisitions: There is more likely than not going to be a wave of mergers and acquisitions in the post-COVID-19 period. Companies will have to change in order to survive and that means compliance officers are already having to (or will soon have to) deal with the complex task of maintaining compliance obligations across multiple business units and operating countries during this challenging time.
  • Multinational firms need to consider the sanctions and PEP requirements of the jurisdictions in which their subsidiaries operate, as well as the requirements of their home office location. In screening payments, they need to apply policies that are appropriate based on the origin, destination, and currency of the payment, which may be different in nature to pre-COVID-19 transactions.
  • Keeping remotely aligned: Creating and maintaining a high quality and traceable standard in this environment is a logistical challenge. This is because lists from multiple regulators change frequently and both global and local policy must be applied to keep remote workers aligned with standard procedures.
  • With regard to regulatory and criminal investigations, organizations are currently facing delays and find themselves with a not so consistent analysis of the suspicious data, given that workers are now more organized into silos.  Cross-functional collaboration also suffers as a result. There is also some evidence that certain organizations have slowed their investigations and seen them weakened as remote working impacts alert and case consolidation handling.
  • Growing failures of internal controls: Some banks across Europe have been under growing regulatory scrutiny, and the topic of failed sanctioned entities detection has become critical. Recently, certain revelations have exposed significant failures in internal controls. A Nordic bank, one of the most advanced ones in terms or European regulatory compliance, has been at the center of a huge dirty money scandal in the Baltics, and is now under investigation by criminal prosecutors. This was a clear case of lack of due diligence and weak sanctions screening triggering a chain of non-compliant transactions.
  • Similarly some of the most significant U.K. and German organizations have also been prosecuted recently on the ground of loose controls and failure in the identification of ultimate beneficiary ownership in relation to apparently normal transactions. As an illustration, Deutsche Bank has discovered serious failings in its anti-money laundering and sanctions controls that allowed checks and high-value electronic payments to be processed without proper screening.
  • Despite the fact that investigations and enforcement actions are likely to be of less impact in this lockdown period, organizations will most certainly have to deal with any compliance missteps in the post COVID-19 period. Detection accuracy is the driver more than ever, in this time when financial crime is suddenly and opportunistically on the rise.
  • Delay in enforcement activities makes internal investigations crucial: A number of regulators across the globe have halted their enforcement activities due to the crisis. The French Anti-Corruption Agency has suspended all on-site inspections and end-of-inspection closing interviews during lockdown, and the U.K. Financial Conduct Authority has declared it is postponing controls that are considered as not critical in favor of focusing on protecting consumers against fraud and abuse in the short term.
  • Nevertheless, this doesn´t mean that exposure to risk is being reduced. On the contrary, the risk remains even higher until the COVID-19 period has passed. Investigations remain at the center of our attention as sanctions specialists and the topic of a quality driven approach coupled with high accuracy in detection will become even more critical in order to prove to regulators, that despite the complex remote working environment which has been set up, controls have not been loosened.

But how does an organization apply these compliance best practices during the current ‘new normal’? The response is clear: through the adoption of relevant technology aimi+ng at making the detection more accurate than ever before.

Top Ways Technology Can Mitigate Risk During COVID-19

The following are recommendations and best practices for how the adoption of a technology solution can aid in these troubled times. This technology solution, which works alongside your skilled or remote workers, allows accurate detection as well as reliable case handling and investigation throughout the organization.

Reduce False Positives and Increase Risk Detection

In order to mitigate business risk effectively, it is important now more than ever to implement an advanced technology solution for sanctions.

By using a combination of unique 4th generation analytics and underlying mathematical algorithms, the organization can ensure effective filtering for multi-cultural names, obtain high alert quality, and at the same time minimize false positives, within this permanently changing pattern environment.

Also, culturally-aware fuzzy logic name matching analytics, combined with intelligent scoring for improved match performance within an increasingly multi-cultural world should be considered as a must rather than a ‘nice to have’ option when choosing the right technology.

A pragmatic approach to watch list management should be adopted by combining the previous described capabilities with unparalleled flexibility to customize and tune the filtering logic provided by the right technology if well chosen, in order to meet unique unexpected organizational changes.

If the adequate technological platforms enabling accurate risk detection and prevention coverage are implemented, the organization can benefit from a significantly reduced exposure to a risk of sanction violations through more filtering quality and lower false positive rates.

Global Consistency Across the Organization

Once chosen and implemented, this same advanced sanctions related technology will enable enterprise-wide consistency through an internal deployment of standardized list management configuration parameters, list updates, matching methods, business policies, and operational approaches.

Your organization will be able to leverage a single sanctions, PEP, or high-risk customer list across multiple business units and for multiple business functions, even when lists are updated. This will reduce the operational burden of list management, ensuring consistency, and reducing risks associated with operational failure due to the COVID-19 and post confinement period organizational challenges.

Process Transparency & Auditing

Business control of filter settings and system tuning should be easily enabled now more than ever, in order for organizations to face the changing COVID-19 and post confinement patterns. A technology allowing easy and explainable configuration will also provide clarity, transparency, and justification associated with list matches, in case of audit or regulatory investigations. The underlying filter and matching algorithms once implemented, will support the evidential processes associated with regulatory policy implementation, and allow the setting up of comprehensive audit trails.

Centralized audit and quality control will track system changes, interactions, and audit investigations will ensure transparency associated with regulatory process. This will support the independent audit function and program testing that will be required by regulators as soon as the world returns to normal working conditions.

There is no better way to prepare your organization for future post COVID-19 inspections than by adopting transparent processes now.

Monitor Costs and Budgetary Restrictions

Technology can also be leveraged to reduce hardware architecture and deployment costs for all list screening applications within the organization, independently of the channels and business units that are being considered. This can be accomplished by applying the same underlying technology to all transaction and customer screening requirements, avoiding a costly and hazardous system fragmentation.

Additionally, with regard to the benefits derived from a defragmentation of systems, another key factor should be taken into consideration: the enrichment of available data for the screening of suspicious entities. Only a platform based on open technological standards, allowing the setting up of a standard data interchange format used primarily for transmitting data between web applications and data servers, would enable an integration of easy-to-use web services into the newly adopted screening platform and, as a result, save costs in the data enrichment process.

Your organization’s technological solution should be configured in order to allow for fast analysis and resolution of issues with consolidated alerts, which will provide a complete picture of potential watch list hits and customer information, with guided workflow processes. Enforcement of various policies and procedures, such as regulatory filing, should be kept operational.

In other words, your organization can use technology to streamline client onboarding and payment processing by integrating directly with existing account opening and payment systems. By properly using technology, your organization can improve remote front office operations and enhance customer services while continuing to remain compliant.

Continued Enterprise-Wide Deployment

If you are implementing a screening program, you must cast your net wide so that each and every business unit, across multiple jurisdictions, will be protected.

An organization must operate, or continue to operate, in real time with transaction interdiction, batch, or in self-service mode, independently of the multiples sanctions lists being considered. For this reason, technology can greatly help in meeting the demands of a complex new operational and organizational environment, which can transform itself unexpectedly in these uncertain times.

Effective Workflow Management and Oversight

With technology, workflow templates can be easily customized to help meet legal and administrative requirements for establishing, enforcing, and documenting workflow processes. Built-in auditing of every activity means that record keeping is not a post COVID-19 after-thought, but an integrated part of managing risk.

Using technology for case management also allows for efficient alert management, management reporting, and full audit tracking. With role-based dashboard views and integrated workflow management, analysts and managers will be able to remotely open alerts, examine details of the hits, and execute actions such as alert updates.

Reliable Name Matching Using Advanced 4th Generation Analytics

4th generation analytics employ a completely different paradigm in order to perform matching. This matching approach is analytical, and it compares every name in the list against the input name. Each combination is assigned a relevance score that identifies the similarity between the pair. At the end of the scan, a minimum threshold is applied, and all matches that are at or above that threshold are then presented or sent on for further examination by another system. Only this approach is considered true fuzzy matching, in that every match is scored and the end user has the ability to adjust the threshold for moving a potential match on in the processing chain.

This 4th generation analytics approach  produces a reliable score computed based on a linguistic analysis of the underlying word pairings. A lexicological study of personal and organizational names is the basis for this computational approach, and scores are assigned based on known usage patterns of various cultural language families across the globe.

Not only is this approach comprehensive, but it is particularly relevant, both as institutions transact business across geographical boundaries, and as watch lists themselves contain names of multiple ethnic and cultural origins.

Real-Time Customer Screening & Transaction Screening

Facing organizational challenges in this period is tough and can trigger some service interruptions or weak prevention coverage within organizations. As a consequence, the sanctions prevention teams receive an unreliable or not operational real-time sanction screening coverage.

The underlying systems and technology that enable real time monitoring remain critical and should not be altered, since they will allow the following to be executed:

  • real-time filtering of customer data, as part of new customer on- boarding or real-time authorization of customer activity, enabling the organization to screen customer data against the most recent sanctions and/or PEP lists in order to identify sanctioned or high-risk parties and ensure proper due diligence. Not to be underestimated, the importance of a good integration with the organization’s account opening system, minimizing the impact on the client experience and the front-end user.
  • real-time transaction screening and message blocking to monitor fund transfers and block or reject transactions that are associated with sanctioned parties. Payments will be scanned in real time and will be immediately hold as suspicious payments for compliance review and decision making.

Increased Program Performance Management

Managers now have to remotely access and assess the overall status of their systems. With technology, concise reports and statistics on work progress and alert status can be produced automatically or on demand. These reports will help managers take proactive steps such as alert assignment or escalation.

Management can also use operational dashboards that summarize business unit productivity in order to assess and track the performance of the organization with remote workers. For managers with permission to use this tool, the interactive dashboard will provide volumes of work items grouped according to time and business dimensions, and therefore, insight into the remote workforce productivity.

* Sadi Bezit works as the Regional Solution Consultancy Lead for the EMEA region at NICE Actimize, applying his knowledge and more than 20 years experience to support organizations mitigate their risks from serious and organized crime in the regulatory landscape. Sadi is also a Member of the ACSS Sanctions Innovation Technology Task Force.

Recent Articles