Effective anti-money laundering (AML) compliance requires a data governance program to address the acquisition and management of the data – also known as “know your data” or KYD. This is a hot topic for financial institutions monitoring client transactions for money laundering, terrorist financing, or other forms of financial crime. Many firms are under regulatory pressure for not properly implementing KYD.
Exploring the Meaning of KYD
KYD means understanding how data is used throughout the organization for various purposes. To accomplish this, firms need to put in place the documentation, processes, and controls for tracing the origin and managing the entire lifecycle of data as it is used within financial crime detection technology.
AML software and other financial crime tools use data from a variety of internal and external sources to determine whether a transaction is suspicious. Both firms and regulators are realizing that the adage “garbage in, garbage out” applies to the models that these software tools use. Regulators are beginning to demand that financial institutions validate not just the models but also the data being fed into them.
While there is no explicit regulatory requirement to implement a data governance program, regulators have been focusing on critical data elements for data management. The New York State Department of Financial Services’ (New York DFS) Regulation 504 is one of the first sets of AML rules to specifically establish the expectation of documentation and testing the lineage of data that firms use to analyze their transactions for potential crime. The implementation deadline of this regulation was April 2018, however many organizations are still struggling to meet the requirements. These requirements include:
- The identification of all data sources that contain relevant data
- The validation of the integrity, accuracy, and quality of data to ensure that accurate and complete data flows through the Transaction Monitoring and Filtering Program
- Data extraction and loading processes to ensure a complete and accurate transfer of data from its source to automated monitoring and filtering systems (if automated systems are used)
These regulatory requirements provide a high-level view of what firms should be doing to ensure that they know their data. Today, most firms are in the process of building a data governance program around the data they use within their financial crime technology processes.
Below are some common issues that firms experience with their KYD initiatives:
- Poor-quality data at the source – Data quality is essential for financial crime technology to work properly, but errors can sneak into data at the original source, be it internal or external. Simple mistakes such as misspelling a name or getting a birth date incorrect in a customer management system can derail the investigation process.
- Failure to understand the use of the data – Sometimes when data is created, there is a lack of understanding of how that data will be used further down the line. As a result, it is not captured in a way that is useful and leads to ineffective use of data.
- Corruption of the data in transit – Often the technology systems that create data are not speaking directly with the financial crime technology. Instead, the data can be routed through one or more intermediary technology platforms, which may result in data becoming garbled. For example, fields may be deleted or truncated. It’s important to ensure that data remains intact and to have the data lineage tested and documented.
- Not communicating about the data – Many firms lack an organized way to talk about data. For example, the financial crime team may not be aware that a new CRM system is being installed, or that a field is being added to data captured on a trading platform, which might impact downstream systems. Firms need a centralized data dictionary and metadata for their data, as well as comprehensive data documentation.
- Management of data in silos – Financial crime technology often uses data from a wide variety of sources across the organization. Yet, data is often managed in silos. This creates communication gaps among teams that often leads to data duplication, disparate data processes, and multiple versions of data transformation logic.
- Being unable to keep up with the business – When organizations do not have a robust approach to data governance, it can be hard for compliance functions such as financial crime to be agile enough to adapt when business needs change.
Making sure the data is correct is the first step towards model validation for a financial crime technology program. This means that KYD is of fundamental importance for compliance. Firms need to make sure that they are addressing their core data governance needs or they risk failing to identify financial crime as well as being subject to regulatory censure.
How We Help
Our team of experts can help you develop a data governance program, meet the New York DFS requirements, or review your current program for efficiency effectiveness.