Webinar Recap: The Benefits of a Holistic Member View
Credit unions and other financial institutions face significant challenges when trying to gain and leverage a holistic view of their customers. Sanctions are putting FIs on the front lines of conflicts, risk-based analysis is stretching staffing resources, Covid-19 has changed customer behavior, and new challenger banks are increasing the level of competition.
At a recent webinar, experts from Hawk AI and Aux discussed all these issues and more, as well as the solutions that credit unions can employ to get a holistic view of their members and ease the burdens on their compliance teams.
Responding to Regulatory Pressure
Kristen kicked off the discussion by talking about the banking sanctions introduced in the US in response to Russia’s invasion of Ukraine in February 2022. To underline their importance, the Financial Crimes Enforcement Network (FinCEN) asked financial institutions to be extra vigilant in detecting efforts to evade sanctions and other government-imposed restrictions.
Regulators are also concerned about Russia’s cyber warfare capabilities. They indicate that timely reporting of suspicious activity by financial institutions plays an important role in uncovering trends and patterns that support government efforts to combat ransomware and other cyber attacks. Lists from the Office of Foreign Assets Control (OFAC) are constantly updated to include the parties responsible for these attacks. It is imperative for all financial institutions to stay up to date on all the changes to OFAC lists to ensure compliance with US sanctions.
Regulatory bodies are exerting more pressure on financial institutions in the months after the invasion. This has created an environment in which it is essential for credit unions to have a 360-degree view of their members.
Not only are financial institutions seeing more sanctions and other regulatory requirements, they are seeing more enforcements as well. Credit union compliance officers know the importance of using up-to-date lists from OFAC, such as the Specially Designated Nationals and Blocked Persons List (SDN list), and to report any potential matches when screening new accounts and people being added to accounts, or for general membership screening. But Kristen noted that this doesn’t always happen, especially when the SDN list is being updated frequently, as happened after the invasion.
“There have been a couple of sanctions this year from OFAC against financial institutions and the main issue in both of these enforcement actions was that the financial institutions’ OFAC software wasn’t kept updated and/or employees didn’t know that there had been updates,” she said.
Kristen highlighted two such OFAC enforcements:
- MidFirst Bank: The bank discovered they had processed 34 payments on behalf of two individuals, 14 days after the individuals had been added to the SDN List. OFAC noted that the violations “stemmed from MidFirst’s misunderstanding of the frequency of its vendor’s screening of new names added to the SDN List against its existing customer base.”
- American Express: Over the course of two months, American Express processed transactions for an account whose supplemental cardholder had been added to the SDN list. American Express caught the activity, but a combination of employee errors and “compliance program deficiencies” allowed the designated person to conduct 214 transactions (to the value of more than $155,000) in violation of OFAC’s Kingpin sanctions.
“I bring this up to drive home the need to make sure that you are using the most recent OFAC lists when you’re doing your screenings,” said Kristen.
Regulatory bodies like FinCEN share their priorities with financial institutions to help them meet their compliance obligations. In 2021, FinCEN issued the first government-wide priorities for anti-money laundering (AML) and countering the financing of terrorism (CFT) required under the Anti-Money Laundering Act of 2020. FinCEN is scheduled to revisit these priorities every four years.
The regulatory priorities don’t require any specific actions, but they put financial institutions on notice of things that FinCEN and the Treasury Department are concerned about. Of the eight priorities mentioned, Kristen said that credit unions are most likely to encounter cybercrime, terrorism financing (especially as that includes domestic terrorism), human and drug trafficking to some extent, but most commonly fraud. Fraud is believed to generate the largest share of illicit proceeds in the US, and it is increasingly internet enabled. Indeed, FinCEN is particularly focused on so-called romance scams.
“You need to make sure that staff identifies [these issues],” said Kristen. “But you…need some way internally for the credit union to identify and recognize various types of fraud as well.”
Similar to FinCEN, the National Credit Union Administration (NCUA) also issues supervisory priorities. While BSA was not on NCUA's list of supervisory priorities for 2023, BSA review is required for each examination. So BSA compliance should remain a priority for credit unions going forward.
Operationalizing Risk-Based CDD
Putting a risk-based customer due diligence (CDD) program into practice requires credit unions to understand their individual members, conduct ongoing monitoring and report suspicious transactions. It’s important to note that the guidance from FinCEN discourages credit unions or other financial institutions from denying services to any specific class or type of customers.
“If you’ve got that blanket, ‘we’re not going to serve these types of entities’ in your BSA program or…policy, you probably want to take that out,” said Kristen.
Customers such as money service businesses and marijuana-related businesses, for example, should not be treated as automatically presenting a higher risk. The expectation is that credit unions do individual customer due diligence to determine and develop the risk profile of members and potential members. This should provide the basis for deciding whether to provide services to them. It is also expected that credit unions will obtain sufficient information at account opening to develop an understanding of the normal and expected activity for that individual member.
“I think of customer due diligence and account opening like an EKG — it gives you a baseline for what to expect from this particular account,” said Kristen. “How many wires are they going to do? How much cash are they bringing in? Are they doing electronic transactions, ACH, debit cards? The idea is to get that information up front so you can then monitor transactions and determine whether the member is doing what you anticipated.”
All CDD programs should also include a process for updating the due diligence on members, whether it’s a triggering event such as new business owners or a specific time period. How and when this decision is made should be based on the potential risk level.
Responding to Market Pressure
Increased Demand for Digital Experience
The onset of COVID-19 drastically altered consumer behaviors, driving an increase in demand for digital banking solutions. This shift has enabled neobanks and challenger banks to gain a larger foothold in the retail banking sector, as they are able to operate with fewer compliance obligations than traditional credit unions.
“The neobanks…don't have the same mandates for compliance systems and headcount that the credit unions have to meet,” said Craig Wood, Financial Crimes Solutions Expert at Hawk AI. “In some ways, it creates an unlevel playing field.”
Credit unions need to provide seamless digital experiences to keep up with the competition. To provide these digital experiences, credit unions need streamlined compliance systems and processes.
A Need for Decreased Friction
Financial institutions need to take steps to reduce friction in their digital experience to keep current customers and acquire new ones. This is especially difficult in the current compliance climate, as we are seeing changes in consumer behaviors, new fraud and AML typologies, and new challenges from actors like Russia, North Korea, Iran, and China. Compliance teams on the front line must bear the burden of fighting the war against financial crime, which includes additional staffing needs and increased workloads for staff. To stay competitive and respond to market pressures, financial institutions must balance reducing friction in the digital experience with this increased burden on compliance teams.
Shouldering the Investigative Burden
Given these market pressures and the challenges of meeting their regulatory mandates, many credit unions are finding that their legacy solutions just aren’t equipped to offer the type of context and augmented analysis that’s needed without adding headcount.
“Throwing more bodies at the problem is tough given what’s going on in the economy,” said Craig. “There’s also a brain drain out there. When we look at all these things, we can see that there’s greater uncertainty for credit unions in terms of knowing who their members are.”
Of course, many of these pressures in the economy make the service offered by credit unions more important than ever. But that doesn’t lessen the challenge facing compliance teams. Pulling together the information flowing in from a CDD program and using it to identify suspicious transactions is a daunting task.
“I know what you’re thinking,” said Kristen. “There just aren’t enough hours in the day. And we understand that. The Aux compliance team is made up of credit union compliance officers. We’ve been there. Now we’re on the other side reviewing credit union BSA programs for compliance and seeing the different monitoring systems in practice. Some of those systems work better than others and we think Hawk AI is one of the better systems.”
Hawk AI’s unique solutions offer a leg up over the hurdles that compliance teams face, offering an affordable way for credit unions to know who their members are. Sean presented some of the different solution modules that Hawk AI offers for different parts of the process and demonstrated how AI can make life easier for AML and BSA operators.
Dynamic Customer Risk Rating
Combining demographic factors with behavioral analysis provides a better understanding of who the customer is. Hawk AI’s Dynamic Customer Risk Rating does exactly that. The solution is fully configurable, allowing you to identify which demographic factors are relevant to your financial institution. The combination of demographics and behaviors helps you to get a contextual view of your customers, enabling you to better understand why they may have moved out of their cluster or segment. Additionally, our solution offers Customer Risk Rating scores that refresh over time, helping you to adjust your risk management approach with incoming updates.
Unified Case Manager
To provide a truly holistic picture of member behavior, the different solutions need to talk to each other from onboarding and risk rating through to the transactional and behavioral changes that get flagged during the customer life cycle. Accessing all of this through an easy-to-use platform saves operator time and improves effectiveness.
“It’s really crucial that these are not siloed solutions,” said Sean. “They provide you with insights across different parts of the customer journey, which helps in being able to scale and apply the right risk-based approach to the right customer type. But also in the other direction, in being able to account for the transactional behavior that you see and use that to update the customer risk profile.”
False Positive Reduction
Using AI to automate the first-line case decisioning process helps to reduce noise significantly and clears a large percentage of the alerts that get generated. That saves time for the compliance team and allows them to focus on suspicious activity that warrants human intervention.
“We’ve been able to get as close as you can to approval for this technology to act like a virtual robot in the team that’s going through and automatically clearing off the low-hanging fruit,” said Sean. “And it’s auditable in a way that it will explain why something is a false positive and why it doesn’t pose a risk to the business. It has been a huge efficiency gain for our customers.”
Contextual knowledge is key to detecting suspicious behavior or transactions. During the webinar, Sean demonstrated Hawk in action, showing how it can intelligently group suspicious transactions.
“If we saw these transactions in isolation with a few alerts on them, we might not get the whole picture,” he said. “So, we’re mapping out the full money laundering journey and showing you where the source of funds is, what the hop in the middle is, and then the subsequent passthrough from this account, which makes for a very quick and easy decision.”
Natural Language Explanations
Hawk’s solutions offer a clear narrative to show why the model flagged a given behavior. It analyzes what’s normal for the customer and highlights all the factors that are identified as unusual, such as the mode or timing of a transaction. This quickly lets operators know if there’s a legitimate risk that needs to be investigated and leaves clear reasoning for why it did so.
“If we’re dealing with a simple alert-based system that does transaction by transaction, then you don’t get this aggregated view and you don’t get this narrative created for you, so you have to spend an awful lot of time across multiple systems trying to get a picture of what’s happening around this transaction,” said Sean. “By using this AI, it gives you that narrative, but also flags up risks that otherwise you wouldn’t know existed.”