Risk Management Software for Banks

The dreaded Know-Your-Customer (KYC) rules such as Bank Secrecy Act and Anti-Money Laundering (AML) cause financial institutions to struggle with risk mitigation strategies. To combat this struggle, non-banking institutions and banks often enlist the help of third-party vendors. These third-party vendors assist in fulfilling regulatory requirements.

Financial risk management assesses a financial institution’s portfolio risks. Banks and non-banking financial institutions handle highly sensitive information. Thus, they must determine their cyber risks and cyber risks to the third-party vendors they use to answer questions from Board of Directors.

Compliance risks also impacts the financial risks of non-banking and banking institutions. This means to determine liabilities they must understand the information security and potential market risks. You may not realize this, but at a certain point security risks for these financial institutions are more important than credit risk. That is why addressing information security must be part of asset-liability management programs.

What Poses Risks to Non-banking and Banking Financial Institutions?

Fraud threats used to pose of huge threat to both types of financial institutions. That’s why BSA, AML and KYC procedures and policies along with vendor management oversight protection is more vital now.

KYC procedures and policies require collecting a customer’s:

• Name.
• Social security number.
• Date of birth.
• Address.

According to BSA and AML policies, financial organizations must prove they have vetted their customers by documenting their personal information.

Commercial accounts, those accounts owned by businesses, must have their data collected too. Financial institutions and non-banking financial institutions only collect business information such as tax identification numbers (TIN) and articles of incorporation.

Financial institutions and non-banking financial institutions are required to hold documents for five –to-seven years. Many institutions are choosing to keep this information in digital form. For instance, they may use an online account or scan the information into a database. Thus, more customer data is in third-party vendors’ hands and remain on networks where breaches can occur.

Institutions must continuously monitor their customers’ records to protect themselves from criminal activities outlined in the BSA and OFAC. BSA requires documentation of any suspicious activity be outlined in Cash Transaction Reports (CTRs) and Suspicious Activity Reports (SARs). The information must be shared with the institutions Board of Directors.

OFAC requires the institutions document and review their anonymized information. This information includes the removal of information and/or names that could identify a listed party.

.

It is a fact, that non-banking and banking institution face more compliance risk that any other industry. At the same time, they have been increasingly relying on online accounts to

store and protect consumer data. Any outside, third-party vendors must also follow the same rules and regulation.

Vendor management for financial institutions has long been a compliance hassle. The institutions must ensure vendors remain secure and solvent. Many institutions include SOC 1, SOC 2 and SOC 3 reports reviews in their vendor management procedures, but that is not enough.

The institutions must be stringent in reviewing vendors. Years ago, keeping detailed spreadsheets was the most effective way of monitoring vendors. This practice has been outdated as more departments need the same information to ensure proper compliance. Financial institutions must rely on management solutions that streamlines communication.

Many banking and non-banking financial institutions are attempting to incorporate new technology into their reporting process. Blockchain technology, called “RegTech” is artificial intelligence and machine learning. The goal is to assist inprotecting and retaining transaction information at the same time.

For example, every party to the transaction creates data called a “block.” The block protects is protected by a cryptographic key. This block also maintains information that all parties can use to build on it. Each building block becomes a chain. It is called a chain because the encryption protects the data while maintaining its complete history.

The advantage of the new technology is that anonymized transaction histories provide due diligence over customer information. The technology also has its disadvantages such as requiring additional vendors to monitor the information created through the block and blockchain.

It is a certainty. Fintech will drive more financial services such as banking and non-banking institutions to reevaluate their monitoring activities. For example, the technologywill be able to retain information. The technology will also continuously monitor its controls to protect important data. Fintech will also allow institutions to follow BSA requirements regarding segregation of tasks. This requirement often places a burden on information technology teams because they must appropriate system access. Therefore, monitoring controls becomes vital for financial institutions.

Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT. Learn more at ReciprocityLabs.com.

(15)