KYC3 is growing – are you fit enough to join our team?

This is the career defining CTO opportunity you’re looking for!

Launching in 10, 9, 8, 7 … are you ready to drive the rocket ship to success with us? If you have experience with modern technologies like Apache Titan, Spark, Hadoop, OpenNLP, and Bootstrap then you should jump on board the KYC3 rocket now!

KYC3 has opportunities for Senior Software Engineers who will build and extend our state of the art technology. Join the core team behind innovative state of the art technology for real. We’re looking for full-stack developers who are passionate about innovating on big data and delivering great user experiences. You like to code and have an eye for clean, intuitive design. If you want to use your abilities to deliver the next generation of intelligence processing application technology, then join us to create engaging, easy-to-use, and visually delightful intelligence analysis applications that address complex user needs. Become instrumental in converting sales opportunities into deals faster working with our sales team. You and the technology team will be responsible for delivering solid production quality systems for KYC3.com and its enterprise and API clients.

KYC3 offers you a chance to get in a ground level, with equity options and a potential CTO position for the right candidate who can combine technical skills with business acumen in a readily accessible manner in front of clients and investors.

You should be motivated, very flexible, and able to work in an environment that constantly generates new ideas and new invention. Creativity and a willingness to take bold steps are a plus. Although some travel, mostly to Luxembourg and Switzerland, will be required, you can work form anywhere most of the time.

We’re looking for demonstrated full-stack experience in one or many of the following areas:

• Previous experience with Apache Titan, Apache Spark, OpenNLP, Hadoop, Elastic Search
• UI design including HTML, CSS, Javascript UI frameworks; e.g. Dojo, jQuery UI, Bootstrap, Flat UI, d3js,
• Web application (Model View Controller (MVC), My Virtual Model (MVM)) frameworks; e.g. Java Enterprise Edition (JEE), AngularJS, EmberJS, Sinatra, or Rails,
• Cloud computing environments; e.g. Amazon Web Services (AWS)
• Building applications using cloud APIs and Representational State Transfer (REST)ful services

Financial industry background or expertise would be a bonus.

Please express your interest via e-mail to support@kyc3.com with details of who you are and why you would make a great addition to the KYC3 team.

KYC3 is a startup with massive potential – we have won numerous awards and have offices in Luxembourg in the BGL BNP Paribas LuxFutureLab and in Geneva in the FintechFusion program – both prestigious accomplishments in their own. Our team collaborates openly and freely. We research new ways to approach difficult problems and quickly adopt new technologies. We work in cross-site teams and with customers in international settings.

https://kyc3.com
Luxembourg: LuxFutureLab, Boulevard Royal 59, L-2449 Luxembourg City
Switzerland: Fusion, Av. de la Praille 50, CH-1227 Geneva

49.609749 6.126501

KYC3 Demonstrates: FinTech on Big Data for Market Intelligence – Decoding Docler Holdings

Check out a new video that demonstrates KYC3 market intelligence capability by analyzing the corporate structure of Docler Holdings in 1 minute and 23 seconds… easy as 1:23.

More than a negative screening tool, KYC3 provides state-of-the-art tools to discover actionable market intelligence from massive real-time data feeds.  Check it out!

Unleash your Risk Based Approach.  Turn your compliance costs into competitive advantage.

When do you say “No” to a prospect customer or counterparty? (Part 1 of 2)

Several hurdles should be jumped to show that you Know Your Customer

KYC is the foundation of the AML process. Knowing Your Customer is the most obvious way to spot suspicious behavior. When taking on a new customer or entering into a transaction with a new counterparty, it is very important to understand who you are dealing with. In this regard, there are a number of common base efforts that are usually made, such as verifying the ID cards of the individuals involved, checking the legal status of the companies and organizations involved, and checking utilities or other invoices from known providers in order to verify that the address information for the person or company is correct.

Collecting documents this is only the first hurdle. The next immediate step is to check the party against various government issued watch and sanctions lists. This is a step that is still in the “tick the box” approach; if the party is on the FBI Most Wanted list or has been sanctioned by the European Union for committing human rights violations, then clearly dealing with the party is a “No, No”. The only complications in this check are that there are a lot of various lists to check from different sources and that there are sometimes names that match the lists because the parties simply have the same name. The first case is easily addressed through the use of tools that enable searching all the lists at once. The second case requires comparing the list entry with the party in front of you in order to make a determination if it is a match or not. This is done by comparing attributes, such as date of birth.

After the second hurdle, the Risk Based Approach starts. This is a process moves into a grey area. It is here that KYC becomes a difficult and very personal affair. Two hurdles are overcome with yes or no answers. To set the third hurdle requires asking “How much risk does this party present and is it within our tolerances?”

In the next part of this article, I will discuss considerations of setting the third hurdle for the Risk Based Approach.

What’s a PEP problem and do you have one?

Is your rich foreign businessman a PEP back home?

In the age of globalized banking it is very important to understand the risk that “Politically Exposed Persons” pose to any business, no matter how small, that deals with international clients involving transactions or asset management of even modest sums.

Politically Exposed Persons or PEPs are those people that due to their own position or that of a close associate exercise functions that are conducive to corruption and related criminal activity.

Being a PEP does not necessarily mean that a person is corrupt, although some may argue this point.  A PEP is simply someone who has the access and the authority to be corrupt. According to FATF guidance on evaluating PEP risk, a PEP may be anyone who is elected or appointed to a political office, anyone who heads a state-owned or state controlled enterprise, any family member of the former two, or a known a close associate of the former types of people.  This includes judges, high ranking military officers, and government officials, especially those in a position where corruption is common, such as procurement or contracting.

A glaring example of such abuse by PEPs is the “Cash for Kids” scandal in which two U.S. judges were found to have been sentencing children to serve time in private juvenile prisons in which the very judges held a commercial interest.  While this scandal may have been difficult for the bank of the judges to detect there are often warning signs that should not be ignored.

The first step is to know that your client is a PEP.  Identifying PEP status and risk should be part of your KYC (Know Your Customer) client on-boarding and risk evaluation process.  You should ask your customer to disclose any political office or other politically exposed position they may hold and you should expect an honest answer.

Following advice that Ronald Regan made famous: a “Trust, but verify” approach is necessary.  Good research tools can be used to screen individuals against a database of known PEPs, as well as provide access to media coverage that will allow you to qualify the extent of the individual’s political exposure.

Take the very recent press example of former Minister Ninu Zammit of Malta.  HSBC Geneva managed accounts of more than 3 million Euros for him.  They took active steps to move the funds from Europe to BVI companies in order to avoid the EU Savings Tax Directive and clearly knew Zammit for several years.  However, a glaring red flag is that Mr. Zammit declared earning only 37,000 Euros per year from his ministerial position.  How is it then that he amassed a fortune of more than 70 years worth of his salary?  This is a typical Red Flag for a PEP: having assets far beyond their logical means.  Zammit claims that these deposits were built up since the 1970s through his savings and property business.  Unless he could document these deposits over that time, the source of the funds through tax returns and business records, and he could explain why he needed to put the funds in a secret offshore account, it would appear that HSBC may have been aiding and abetting corruption and been an active participant in money laundering in this case.  HSBC’s reputation is now suffering from their failure to manage this risk.

According to current statements, HSBC has changed their procedures and cleaned up their bank since this time; however, the example of Zammit is a very good case study of a high-risk PEP that would require a thorough KYC/AML evaluation and monitoring in order to manage the risk of the account.

CBI Demands Less Anti-Money Laundering Regulation

Just today, the Confederation of British Industry said that the UK needs to come up with simpler and easier AML/CFT regulations or British business will suffer.  CBI boss, John Cridland, says that Britian will not meet its 2020 goal of 1 trillion pounds in exports because of current anti-money laundering (AML) requirements.

The CBI’s position is a blatant and crude display of the most longstanding problem for the compliance function: compromising to revenue interests.  In August 2014, FinCEN published a series of guidelines (PDF) regarding effective compliance of financial institutions.  One would hope that in the U.K. the FCA is issuing similar advice.  The second item in the FinCEN list is titled Compliance Should Not Be Compromised By Revenue Interests and it reads in part:

Compliance staff should be empowered with sufficient authority and autonomy to implement an institution’s AML program. An institution’s interest in revenue should not compromise efforts to effectively manage and mitigate BSA/AML deficiencies and risks, including submission of appropriate and accurate reports to FinCEN. An effective governance structure should allow for the BSA/AML compliance function to work independently and to take any appropriate actions to address and mitigate any risks that may arise from an institution’s business line and to file any necessary reports, such as Suspicious Activity Reports (SARs).

Relationships around CBI as seen by KYC3.com

Giving the regulator the benefit of doubt, if AML could be simpler without being less effective, it probably would be.  The regulations and guidelines are fairly clear and flexible.  The problem may actually not be with them.  Bank aversion to risk and to regulatory sanction may be driving the problem.  The problem may be in how banks and financial professionals have implemented their processes and the tools they have selected in doing so.  Client on-boarding and transaction monitoring are difficult to get right 100% of the time and can be very annoying when they go wrong.  Part of the solution is to provide business development and customer facing employees access to self-service KYC tools so that they can do a “sanity check” of any new client right on the spot and business can continue uninterrupted.  Customers never like “waiting for compliance”.

While anti-money laundering and counter terror finance controls are often an inconvenience, the potential gain in business may not outweigh the cost to society of invasive corruption, crime and terrorist funding that would follow relaxing KYC/AML regulations.

The SEC Wants More Suspicious Activity Reports!

SEC Headquarters in Washington D.C.

According to Andrew Ceresney, director of the SEC Division of Enforcement, the SEC is considering enforcement cases against brokerages that fail to report suspicious activity.

According to the SEC, many U.S. brokerages are simply failing to report possible money laundering.

Citing statistics of that put the average number of reports at just 5 reports on average per brokerage firm per year, it would seem the SEC has a point.

Indeed, it is hard to believe that with billions of individual securities transactions conducted amongst millions of counter-parties across the 4,800 registered brokerages in the United States, that just 18,000 to 25,000 total suspicious activity reports would be filed per year.

Ceresney confirms that the SEC is still trying to figure out why the firms are not filing SARs.  Could it be that their KYC/AML tools are not up to the task?  Or perhaps they simply don’t want to be bothered with the time and effort required to interact with the regulator in filing them… either way, when the SEC comes knocking, Ceresney made it clear that the action “will send a strong and clear message”.

Read more at Many U.S. brokerages fail to report possible money laundering: SEC official.

FCA recommends EDD on directors of corporate clients

In November 2014, the FCA published Proposed guidance on financial crime systems and controls that lays out sound advice on how to manage compliance and mitigate the risk of financial crime activity across a financial institution.

In particular, they specifically advise

“carrying out searches on a corporate customer’s directors or other individuals exercising control to understand whether their business or integrity affects the level of risk associated with the business relationship.”

Good information is required in order to do this correctly. We look not only at the current employment of the directors, but also their present and past business activities and relationships is necessary in order to assess the risk associated with the individual.

Much like an HR screening, or a more detailed background check for a government security clearance, looking at the individuals more closely reveals patterns and relationships of risk, such as indications of past criminal activity, civil disorder or close relationships with politically exposed individuals or suspected criminals.

Most people still use general internet searches for this purpose.  However, tools such as KYC3 are the first step towards a true professional approach.  These offer current and historical company data and comprehensive news coverage and functionality such as qualified relationship graphs of the individuals.  We can quickly understand the subject’s activity with such information.  In an interesting development in the US Courts, the use of such tools is commonly becoming part of legal settlements in cases of non-compliance.

Of course, if one wants to really achieve the same level of certainty that a “Top Secret SCI” clearance would entail, then we would need an active investigation, complete with agents discretely collecting information on the individuals in order to form an accurate and very well informed opinion.  There are several companies out there that offer such services already.  Is this coming soon to a financial institution near you?

Lex FIFA means sports officials are now like PEPs in Switzerland

A new law, dubbed “Lex FIFA”, passed in Switzerland means that sports officials, such as those from FIFA, the International Olympic Committee, and Formula 1 will be subject to additional scrutiny in the compliance process, like Politically Exposed Persons are already.

The Swiss law comes after many years of allegations of corruption and bribery within the sports industry and was written specifically to account for FATF and FinCEN anti-money laundering guidelines.

This is an interesting development in that it acknowledges the strong influence between sports and politics and places the sporting organizations in a special “high risk” category.  With this development, it becomes increasingly important to address KYC (Know Your Customer) responsibility within professions required to guard against money laundering.  Adequate procedures and resources must be deployed to mitigate risk.  This can only be done by selecting well trained and knowledgeable staff in sufficient quantity and equipping them with the tools and procedural guidelines to perform effectively.  List checking must not be relied on as the sole mitigation tool for money laundering risk.

FIFA as seen by KYC3.com. Analysis of thousands of documents reveals the people and organizations most linked to FIFA.

Automated “list checking” solutions for identifying money laundering risk are but a first line defense.  As the nature of risk becomes more apparent, it will be increasingly necessary to rely on “open source” research tools, such as KYC3, in order to conduct judgement calls on a case by case basis that take into account contextual information.  The inclusion of general news, not just negative news, and of general business relationship information becomes necessary in order to evaluate the context and potential beneficiaries of proposed customer relationships and transactions.

This Swiss law is the first of its kind and other countries and international organizations, such as FATF-GAFI, can be expected to follow with regulations and guidelines of their own.

For more details on Lex FIFA, please refer to Swissinfo.ch

Compliance officers held PERSONALLY liable for compliance failures

As reported by the Wall Street Journal, Thomas Haider the former Chief Compliance Officer of MoneyGram Inc, has been personally fined $1 million due to compliance failures of his former employer.  This is a rare, but increasingly common, case of a compliance officer being held responsible for the company’s failure to follow prescribed anti-money laundering laws.

In what appears to be a “shoot the messenger” approach, the compliance officer is being personally punished, rather than the board level executives who ultimately hold responsibility for the company’s failure.

This is a lesson to all compliance officers to be very wary of potential compliance failures within an organization.  The end result of such actions will be to pressure compliance officers into an “insider threat” mode whereby they will need to amass data on potential failures and at the merest whiff of potential trouble must either have immediate and serious attention from senior management, and failing that become a whistle-blower to outside regulators and enforcement.

The end logic of such an approach would be to change the role of the compliance officer from one of internal employee of the organization to one that involves an employee of the responsible regulatory regime being embedded within the organization.

This may not be such a bad end-game given that the last few months have seen increasingly more reporting regarding the problem within the banking industry as extending “beyond just a few bad apples“.  If indeed the entire industry standard of behavior is broken by a culture of corruption and greed, then perhaps it is time to surgically insert the anti-bodies directly into the sick institutions.

In any case, every compliance officer should ensure that they have the authority and resources to perform their duties.  This means both good quality and adequate staff as well as all of the access and tools that they require to complete their mission.  If this is not the case, it would be advised make a very visible audit trail of the lacking resources or inappropriate organizational support so that any attempt to hold the compliance officer responsible for any failures could be clearly documented as a problem of senior management, where the ultimate responsibility for compliance failures should be placed.

 

FinCEN demands Casinos do KYC too

FinCEN, the U.S. financial crimes enforcement arm of the Treasury Department, is demanding that casinos do more to prevent their use as vehicles for money laundering.

To this effect, casinos will be required to know the source of their customers’ funds.  Of course, the first step in understanding the source a customer’s funds is to Know Your Customer.

Source: Wikimedia Commons

Secondly, FinCEN also demands that casinos adopt a Risk Based Approach to managing their exposure to financial crime, particularly money laundering and terrorist financing.  A successful Risk Based Approach requires several well planned and functioning elements.  These include 1) the process and guidelines in place to ensure that the approach is methodically applied within the organization, 2) well trained staff with the authority to make decisions related to the assessment of risk and a corporate culture that gives them the freedom and respect to make independent assessments of risk based on the situation and their experience, and 3) professional tools to support the research and evaluation of subjects of risk facing the organization.

As a third demand, FinCEN insists that casinos improve their information sharing with regulatory and law enforcement authorities.  This means that casinos are required to voluntarily file Suspicious Activity Reports for any suspicious activity that would be identified within the casino.  They also request that the casinos provide additional specific customer information for any unusual activity.  As a matter of fact, it is well known that within the Department of Treasury Law Enforcement community there are many who believe that Suspicious Activity Reports should be changed to Unusual Activity Reports, but that is a topic for another post.

Finally, FinCEN has issued a warning against a high risk behavior called, “Chip Walking”.  This involves using casino chips as a placement instrument for purposes of money laundering or facilitating illegal transactions.  For example, suppose a bad guy obtains a hundred thousand dollars worth of chips and places those in a casino lock box.  The bad guy can then take the key to that box out and give it to the bad guy who has brought him a load of illegal drugs.  Deal done and no messy briefcases of cash to handle.

Of course, if the casino would know its customers, this suspicious activity would be noted and may eventually lead to reporting and arrest of the bad guys.  And this is the whole point of the FinCEN demand.