Workflow-controlled fraud prevention and Know Your Customer processes
Compliance requirements often dictate how every-day business processes are performed: legal obligations and other external or company-internal guidelines force the employees of companies to perform a whole series of measures aimed, among other things, at preventing money laundering, making sure that embargo stipulations are adhered to and creating transparency. The avoidance of deception (fraud prevention) also protects the company from the threat of risks such as payment default caused by business criminality.
The Money Laundering Act as well as the 3rd Money Laundering Directive form the legal basis for the principle of "Know Your Customer (KYC)". The name emphasizes the point directly: your own customers must be investigated according to particular criteria in order to ensure that the envisaged (or existing) business relationship does not violate compliance requirements. If this is not the case, there is a threat of significant sanctions and damage to the company's image – not to mention the economic loss that the company can suffer due to cases of fraud.
According to Art. 8, 3rd Money Laundering Directive, for example, the financial beneficiaries must be determined, which in complex cases with participation structures over multiple levels can be very unclear and difficult to comprehend. Politically exposed persons (so-called PEPs) must also be identified, as they are subject to increased requirements in relation to money laundering. Finally, identified persons may need to be compared with around 400 sanctions lists.
As already indicated, these and other measures are not only necessary when a new business relationship is envisaged but also once the relationship exists: continual dynamic monitoring must be ensured (Art. 8, 3rd Money Laundering Directive).
IT-supported monitoring measures make this possible: one approach can be that at the start of a business relationship a risk class is allocated on the basis of the obtained information. This can be adapted dynamically during the course of the relationship when new information becomes available – and the company can take action if necessary. The documentation of all stages also makes it possible for the company to meet its obligations to provide records at any time.
A look into the near future shows that the compliance requirements will be tightened up and extended. The 5th EU Money Laundering Directive has already been passed and its requirements must be adopted into national law by German legislators before 10th January 2020. Companies should take a look at the forthcoming changes as soon as possible. Among other things, obligated organizations must, in future "if applicable" also provide evidence of registration in the transparency register. It is, however, still unclear when an online interface for automatic comparison will be available.
The meeting of compliance requirements in companies is time-consuming, prone to errors due to its complexity and does not result in any value creation. It is nevertheless necessary.