Identity Resolution Daily

For the banking industry, Knowing Your Customer (KYC) is not just good business, it’s the law. The Banking Secrecy Act (BSA) and its recent update require banks to

“include a Customer Identification Program with risk-based procedures that enable an institution to form a reasonable belief that it knows the true identity of its customers.” (Complete enforcement update available in PDF.)

Problem is, the BSA does not regulate what is reasonable and no one is exactly sure what is the legal, enforceable definition of a bank’s responsibility to “form a reasonable belief that it knows the true identity of its customers.”

Despite the update to BSA, banks are still caught between knowing their customers and knowing what banking regulators want them to know about their customers. This is an old problem and it begs to be fixed.

Back in 2004, this article from Bank Systems and Technology on the Riggs Bank Scandal reported:

“Currently, the USA PATRIOT Act requires banks to check customers’ names against a list of known and suspected terrorists. But that leaves room for interpretation as to the correct spelling of a name and its variants, as well as a degree of uncertainty as to the proper formatting of addresses and phone numbers. Furthermore, as the recent Riggs Bank scandal shows, a system that relies upon names alone is subject to manipulation. (The New York Times reported this week that a Riggs Bank employee changed the name of an account held for Chile’s General Pinochet to “A. Ugarte,” using his mother’s maiden name. As a result, searches for “Pinochet” would come up empty.).”

This article is so old they used the term “entity resolution” instead of the now common term “identity resolution” and Jeff Jonas’ SRD had not yet hooked its wagon to IBM.

Still, three years and one updated federal banking regulation later, banks like American Express are being fined $65 million.

“This is a worldwide bank. This is significant,” said Ken Thomas, a Miami bank analyst and lecturer at the Wharton School of Business of the University of Pennsylvania. “It tarnishes the American Express name. More important than the [amount of the fine] is the reputational risk.”

Until the BSA is redrafted to clearly outline what is and is not required of Anti-Money Laundering (AML) officers, identity resolution software is the best way to protect the banks’ assets. To protect itself from an ambiguous law, banks should go beyond what federal regulators require. And for this, they need to implement an identity resolution solution that uses sophisticated similarity search techniques to resolve multiple identities into one unified view.

Here’s more from the Identity Resolution Daily archives:

American Express Fined $65 Million — Bank Secrecy Act/Anti-Money Laundering STILL Needs Work
“No one wants to have the head of the DEA saying something like this about their bank: ‘Today an established and respected financial institution learned a valuable lesson about its legal responsibilities,’ said Karen Tandy, head of the Drug Enforcement Administration.”

Knowledge Center: Barry Graubart on Complexity of Identity Resolution and Anti-Money Laundering
“…when comparing customer records to Anti-Money Laundering (AML) or Terrorism watch lists, banks and other financial institutions frequently have very limited access to information (on the watch list side). Terrorists, money launderers and drug traffickers don’t often provide a SSN or a street address. Instead, AML pros are limited to matching a name and, at best, city or country. Further complicating matters is the fact that…”

Feds Update BSA/AML Compliance Regs: Still No One Know What KYC Means
“It’s really scary that because of the ambiguity surrounding BSA/AML compliance, bankers are forced to play defense against their own government, instead of being on offense against money-launders, drug traffickers and terrorists.”

No One Knows What Know Your Customer Really Means
“Now let’s assume that this hypothetical developer/exotic car aficionado/gambler happens to also be a terrorist financier, though that can’t be found on his resume. Now what would happen if a catastrophic terrorist attack succeeds due to funding from this gentleman and the subsequent forensic investigation ties him to the crime? Would the bank be fined for not knowing this customer well enough?”

Share This

This entry was posted on Tuesday, August 21st, 2007 at 6:19 pm and is filed under Anti-Money Laundering, AML, Banking, Identity Resolution, Federal Government, National Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.