smartKYC’s Response to MAS Guidelines on: Strengthening AML / CFT Name Screening Practice

Earlier this year, the Monetary Authority of Singapore (MAS) published an information paper on “Strengthening AML / CFT Name Screening Practice”. The paper “sets out the observations and good practices noted by the thematic inspections, as well as MAS’ supervisory expectations”.

smartKYC has pioneered the use of artificial intelligence to address the very shortcomings MAS identifies. Here we review MAS’ observations regarding areas for improvement in each of the four categories that formed the scope of its inspection, and how smartKYC has been designed to meet the challenge of each. 

Before doing so, however, we should clarify that smartKYC combines name screening of lists (external watchlists AND internal blacklists) and adverse media screening in the same tool. We think there are synergistic, efficiency and oversight benefits in having such a holistic approach. 

A. Senior management oversight 

“Senior management of some FIs did not exercise adequate oversight, leading to deficiencies in P&P and poor checks and balances over alert resolution” 

smartKYC’s hit handling workflow ensures compliance conformance is hardwired. Permissions ensure roles and responsibilities are clearly defined and maker checker comes as standard. Comments can be appended to alerts and tasks assigned, and all the while, a comprehensive audit trail persists for supervisor / regulator review. 

 B. Frameworks, policies, and procedures  

“A small number of FIs did not implement adequate systems or tools to perform ongoing batch screening” 

smartKYC supports batch processing for each KYC use case: remediation, onboarding, refresh and monitoring. Batch doesn’t just apply to watchlists, it also applies to news too, but without the repetition and noise that so often plagues refresh cycles.  

“FIs should implement structured processes to track parties for screening, to prevent/detect omissions and delays” 

Not only does smartKYC allow for conjoined screening (for example of corporate entity and its directors and shareholders), but it also identifies other related parties (business associates, friends, and family members) for possible inclusion in subsequent refresh cycles. 

C. Screening parameters and databases 

“FIs also did not assess if vendors’ information sources were adequate for their specific business activities, or should be supplemented with additional sources (e.g., by including additional names in FIs’ internal lists)” 

smartKYC clients plug in all the sources they value to perform their KYC to the necessary AFC policy standards. They can be public (search engines), professional (watchlists, media archives, director and shareholder databases etc.) and private (internal blacklists). smartKYC also supports multiple languages and writing systems, including traditional and simplified Chinese, Japanese, Thai and many others, including most Indo-European languages. 

“FIs should implement regular checks to ensure that their internal lists are up-to-date and remain accurate and complete” 

We recently launched smartLISTS to allow banks to manage their internal lists. smartLISTS comes with a rich feature set including batch upload and export, revision history, sophisticated permissioning and partitioning and GDPR compliance. 

“Without screening tools with fuzzy matching logic (or appropriate system add-ins to implement partial-match capability), FIs would be impeded in identifying partial matches if there are minor name permutations, abbreviated names or typographical errors” 

smartKYC can be configured to handle names from perfect to partial to fuzzy but we would stress the importance of other identifying attributes (name variant, age, country of residence or birth, employer etc.). Name alone is often inadequate in disambiguating an identity, especially in media, which is why we score all media hits for accuracy based on more than just a name match.  

“FIs should understand and test the calibration of their systems’ parameters to avoid inadvertently omitting alerts that FIs intend to highlight” 

smartKYC’s hit scoring is configurable to allow banks to assign different weightings to different identifying attributes. Our software has also been independently assessed for efficacy and was found to exceed industry performance benchmarks. 

Furthermore, our name matching capabilities were tested to their limit by a Singaporean bank that was required by MAS to filter false hits from a huge remediation exercise, the details of which can be found in this paper

“Supplement name screening processes (e.g., risk-based performance of additional internet searches)”. 

smartKYC does not just rely on media archives for news content but also integrates news content from web sources like Google and Baidu.  

“An FI would treat a piece of adverse news as out-of-scope, solely because it came from regional or local news sources…By excluding adverse news from regional and local news sources, an FI may fail to detect information that may affect its assessment of potential ML/TF/PF risks associated with their customers” 

We couldn’t agree more. Intelligence about wrongdoing will more likely be found in a local (to the search subject) language source and will take time to reach, if ever, more mainstream sources such as national news outlets. Hence why we supplement media archives with web news content. 

“FIs should set clear requirements for staff to maintain adequate documentation of the assessment of alerts to demonstrate accountability and basis for alert resolution… A small number of FIs lacked maker-checker and/or QA controls to review if alerts were dismissed appropriately and in a timely manner”. 

All smartKYC user activity is recorded in minute detail for audit purposes and is available both digitally and in printable dossier form if needed. In addition, the four eyes principle is reflected in the tool’s workflows and controls. 

D. Alert resolution  

“FIs should implement adequate checks and balances over alert resolution, such as regular QA checks by the second line of defence.” 

smartKYC has several clients now empowering frontline relationship managers to pre-KYC their prospects. Further to this, power users in the second line have complete oversight of their activity and outcomes so that compliance control is maintained at all times. 

For further information about smartKYC’s capabilities in the areas outlined above or to request a demo, please contact us here.