Why Banking Secrecy Act Compliance Officers Drink Maalox
By Glenn Hopkins, Director, Financial Services
If you have a Latin, Muslim or Arabic name and your name is similar to a terrorist, it can cause you inconvenience, perhaps even financial hardship. But the next time you’re having trouble getting through airport security, it might amuse you to know that your name is causing fits among Bank Secrecy Act (BSA) compliance officers all over the world.
If you’re curious to know if your name might be in the Specially Designated Nationals (SDN) list (PDF), go to the Instant OFAC site and type in your name.
OFAC is the Treasury Department’s Office of Foreign Assets Control, which “administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries, terrorists, international narcotics traffickers, and those engaged in activities related to the proliferation of weapons of mass destruction.” OFAC publishes Financial Crime Enforcement Network (FinCEN) Advisories and the SDN list.
Bankers are required to check their customers names against names on the SDN list, but with foreign names it’s exceedingly complicated.
Here’s the problem, according to Jeff Jonas:
“When resolving identities, understanding when names are similar is critical. And it requires very sophisticated algorithms to handle global name issues like transliteration. For example, while Mohammed is represented one way in Arabic, it can be spelled over 100 ways when translated to English (e.g., Mohamed, Muhammad, Mohammad, etc.) – the shortest of which is Mhd.”
Actually, Arabic expert Thomas Milo says there are over 200 ways to spell Mohammed. This is causing increased Maalox consumption among BSA compliance officers when a small difference in a name with one “m” or two can end up resulting in very big fine.
Reuters reported earlier this month that
“Bankers cautiously welcome moves to ‘tidy up’ sanctions lists, but say they want more.
“‘There is always room for improvement,’ said Hany Abou-El-Fotouh, first vice-president for corporate governance and compliance at Arab Banking Corporation, Egypt, a small bank which gets on average 20 possible matches a day with Arabic names on sanctions lists. ‘We on the compliance front expect more effort to be put into cleaning up or updating the lists, or supplementing them with key information to make our life easier.’”
Federal regulators recently updated the BSA with the intention of giving bankers a clearer understanding of what exactly BSA and Know Your Customer (KYC) compliance means and how it will be enforced. Unfortunately, the update just added more irksome ambiguity to what is required.
This section, in particular, drives me nuts:
“…A BSA Compliance Program must include a Customer Identification Program with risk-based procedures that enable an institution to form a reasonable belief that it knows the true identity of its customers.”
What is the legal, enforceable definition of a bank’s responsibility to “form a reasonable belief that it knows the true identity of its customers?”
Just how complicated can resolving foreign names get? Grab your bottle of Maalox and read my colleague Brian Calvert’s post on Playing the Name Game with Terrorist Watch Lists and Shoplifter Databases for a dizzying list of all the variables involved in figuring out who your customers are.
The only reasonable way to know the true identity of your customer is with an identity resolution solution. To quote Brian, “When it comes to making computers and people smarter in their search for names there are vast differences between name matching and simple similarity technology versus sophisticated identity resolution software like Infoglide Software’s Identity Resolution Engine (IRE) that incorporates over 70 carefully tailored algorithms to reliably compare data of special types.”
For more on transliteration, see:
The Politics of Naming: Post-9/11 Security and the Transliteration of Arabic Names
Subscribe to this blog