ServiceNow: The Case for AML (Anti-Money Laundering)

Abstract: This whitepaper discusses how the ServiceNow products Financial Services Operations (FSO – a platform built for the industry), case management capabilities can be used to respond to level 1-3 AML alerts as well as other related incidents quickly and efficiently. And how ServiceNow's Integrated Risk Management (IRM) and change management capabilities can be used to ensure that AML-related policies and procedures are up-to-date and compliant with the various and ever-changing regulatory requirements.

Anti-Money Laundering (AML) programs are crucial for financial institutions to prevent, detect and report suspicious activities that may be related to money laundering or terrorist financing. These programs are designed to comply with the regulations set by governments and organizations globally to ensure that financial institutions are not being used as a conduit for illegal activities. Implementing and maintaining an effective AML program can be a complex and challenging task, especially for large financial institutions with multiple departments and branches. But the time and cost are worth it, as fines and penalties for AML failures for transaction monitoring, sanctions screening, and suspicious activity reporting can reach into the billions of dollars.

In 2022 alone financial institutions were fined a total of $8 billion for AML-related infractions (source ComplyAdvantage). These fines serve as a reminder of the importance of AML compliance and the serious consequences of non-compliance. Financial institutions are expected to maintain robust AML programs to detect and prevent money laundering and other financial crimes.

ServiceNow is the platform for digital business and excels as orchestrating complex processes and investigations like AML. ??We can help financial institutions meet their AML program regulatory obligations as well as internal risk tolerances in several ways.

First, ServiceNow's Financial Services Operations (FSO – a platform built for the industry), case management capabilities can be used to respond to level 1-3 AML alerts as well as other related incidents quickly and efficiently. This can include automating the routing of alerts to the appropriate AML team for investigation and escalation, as well as tracking the progress of investigations and ensuring that they are completed in a timely manner.

Second, ServiceNow's Integrated Risk Management (IRM) and change management capabilities can be used to ensure that AML-related policies and procedures are up-to-date and compliant with the various and ever-changing regulatory requirements. This can include automating the approval process for changes to AML-related policies and procedures, as well as ensuring that all changes are properly documented and auditable.

Third, ServiceNow's knowledge management capabilities can be used to create a centralized repository of AML-related information that is easily accessible to all members of the AML team company wide. This can include information on suspicious activity patterns, typologies, Model Risk Management (MRM) and best practices for investigating alerts.

Fourth, ServiceNow's reporting and analytics capabilities can be used to track Key Performance Indicators (KPIs) and metrics related to the AML program. This can include metrics such as the number of alerts cleared, escalation of alerts, and the time it takes to complete investigations. This data can help financial institutions identify areas where their AML program may need improvement and make data-driven decisions.

Finally, ServiceNow's workflow capabilities can be used to automate and streamline the various processes involved in an AML program, such as filing Suspicious Activity Reports (SARs), investigating suspicious activity, and reporting to regulatory authorities. This can help to reduce the risk of errors, improve efficiency, and ensure that all AML-related processes are completed in a timely and compliant manner.

ServiceNow case management can help financial institutions with their AML programs by providing a centralized platform to manage and track all suspicious activities and related cases.

The platform allows financial institutions to establish a consistent process for identifying, investigating and reporting suspicious activities. It also enables tracking, management reporting, and a real-time view of the progress of each case to ensure that all relevant parties are informed and involved in the process.e stricter regulatory requirements and higher expectations for detecting and preventing financial crime. By continuously monitoring customer data and activity, businesses can identify and address potential risks in real-time, rather than waiting for a periodic review or audit.

The platform allows financial institutions to establish a consistent process for identifying, investigating and reporting suspicious activities. It also enables tracking, management reporting, and a real-time view of the progress of each case to ensure that all relevant parties are informed and involved in the process.

One of the key benefits of ServiceNow case management is its ability to integrate with other systems and data sources. This allows financial institutions to gather information from various departments and sources, such as account transactions, customer data, and third-party databases, and combine it in one place for analysis and reporting. This helps to identify and investigate suspicious activities more efficiently and effectively.

ServiceNow case management also provides financial institutions with the ability to automate many of the manual tasks associated with AML programs. For example, the platform can automatically flag transactions that exceed certain thresholds or match certain patterns that may indicate money laundering. This helps to reduce the risk of human error and ensures that suspicious activities are identified and investigated in a timely manner.

ServiceNow case management can provide financial institutions with a powerful tool to help with their AML & fraud programs enabling management and tracking of suspicious activities, integration with other systems and data sources, automation of manual tasks, and addressing compliance with current regulatory standards.

?With the help of ServiceNow case management, financial institutions can reduce the risk of money laundering and terrorist financing and protect their reputation and financial stability.

How does case management for AML work? Case management typically involves several steps. First, financial institutions and other regulated entities must implement AML programs that include customer due diligence measures and ongoing monitoring of transactions. This may include identifying and verifying the identities of customers, monitoring transactions for suspicious activity, and maintaining records of all transactions. Next, a financial firms transaction monitoring system will deliver alerts on potential suspicious activity it has identified. Historically, an abundance of alerts are false-positives and knowing those that are important to the program have been a challenge since regulations were first introduced. This has only become more challenging over the past 20+ years as the amount of data and complexity of algorithms have become more complicated. ServiceNow’s platform which includes a superior case management capability, and Now Intelligence for Alert Optimization can help to clear false positives, separating the wheat from the chaff. Level two alerts requiring investigation can leverage ServiceNow’s Robotic Process Automation (RPA) Hub and FSO to aggregate and deliver data to the analyst. SAR filings can be automated FSO.

AML program management is a continuous process and not a one-time event. Financial institutions must continuously review and update their programs and monitor customer transactions to ensure compliance with regulations and to detect any suspicious activity.

?******

What is Perpetual KYC?

Perpetual KYC (Know Your Customer) is an automated compliance process to continuously verify the identity of customers. Unlike traditional KYC, which is typically conducted only at the onboarding stage (and renewals), perpetual KYC involves ongoing monitoring of customer data and activity to ensure compliance with regulatory requirements.

With perpetual KYC, customer data such as identification documents, address, and transaction history are regularly updated and verified to ensure that they are accurate and up to date. This is done using automated systems that analyze customer data and flag any changes or suspicious activity for further investigation.Perpetual KYC is becoming increasingly important as businesses facWith perpetual KYC, customer data such as identification documents, address, and transaction history are regularly updated and verified to ensure that they are accurate and up to date. This is done using automated systems that analyze customer data and flag any changes or suspicious activity for further investigation.Perpetual KYC is becoming increasingly important as businesses face stricter regulatory requirements and higher expectations for detecting and preventing financial crime. By continuously monitoring customer data and activity, businesses can identify and address potential risks in real-time, rather than waiting for a periodic review or audit.

**************

Here is a list of some of the most notable fines issued in recent years:

1. TD Bank (2024) $3 BN Fine for violations of the Bank Secrecy Act and Conspiracy to Commit Money Laundering
2. Danske Bank (2023) $2 BN fine for AML failures in a now-shuttered branch in Estonia
3. USAA (2022) $140 million fine for violations of the Bank Secrecy Act and failure to report thousands of suspicious transactions
4. Deutsche Bank AG (2020) - $150 million fine for AML failures in its Russian operation.
5. Barclays (2020) - $100 million fine for AML failures, including deficiencies in its transaction monitoring systems.
6. Credit Suisse (2019) - $536 million fine for AML failures, including deficiencies in its transaction monitoring systems.
7. ING Bank (2018) - $900 million fine for AML failures, including failures to adequately screen transactions for sanctioned entities and failure to report suspicious transactions.
8. Commerzbank (2016) - $527 million fine for AML and sanctions violations, including failure to comply with regulations regarding transactions with countries subject to U.S. sanctions.
9. JPMorgan Chase (2014) - $1.7 billion fine for AML failures in its transaction monitoring systems.
10. BNP Paribas (2014) - $8.9 billion fine for violating U.S. sanctions against Sudan, Iran, and Cuba.
11. HSBC (2012) - $1.9 billion fine for AML and sanctions violations, including failure to monitor transactions involving Mexican drug cartels.
12. Standard Chartered (2012) - $667 million fine for AML and sanctions violations in its transactions with Iran.

**********************

What are the five largest risks related to a banks anti-money laundering activity?

1. Non-compliance with regulations: Financial institutions are required to comply with various regulations related to AML, including the Bank Secrecy Act (BSA) and the USA Patriot Act. Failure to comply with these regulations can result in fines and penalties, as well as reputational damage.
2. Lack of effective AML controls: Financial institutions need to have effective AML controls in place to prevent, detect and report suspicious activities. If these controls are not adequate, it increases the risk of money laundering and terrorist financing going undetected.
3. Inadequate customer due diligence: Financial institutions are required to conduct Customer Due Diligence (CDD) to identify and verify the identity of their customers. Failure to conduct adequate CDD can result in serving illicit actors who may be using the institution as a conduit for illegal activities.
4. Insufficient monitoring and reporting: Financial institutions need to continuously monitor their transactions and customers for suspicious activities and report any suspicious activities to the appropriate authorities. If monitoring and reporting are not done effectively, it can lead to undetected money laundering and terrorist financing.
5. Lack of employee training and awareness: Financial institutions need to ensure that their employees are properly trained and aware of the risks associated with money laundering and terrorist financing. If employees are not properly trained, they may not be able to identify and report suspicious activities, which can increase the risk of money laundering and terrorist financing.

******************

Spending on Financial Crime Compliance

·????? The global spend on financial crime compliance at financial institutions reached US$274 bn in 2022, an increase of nearly 22% from the previous year. (source ThomsonReuters)

·????? KYC costs can now constitute approximately 4% of a bank’s total operational cost base.

·????? With reduced human intervention, the potential savings for a medium-sized bank is estimated at 60-80%, which is about USD14.4 million annually for a book of corporate customers and USD13.2 million for retail customers. (source PWC)