View from a practitioner – Babar Shameem, former Global Head of AML/Sanctions and AB&C Technology

Q: During your tenure at Citi, what were three operational and/or technology issues that caused you the most pain?

Babar Shameem, former Global Head of AML/Sanctions and AB&C Technology

A: Striking a balance between effectiveness and efficiency of AML and sanctions systems, principally transaction monitoring and processing but also KYC and Due Diligence. Technology solutions are weighted towards effectiveness rather than finding, often small, details requiring attention based on the risk appetite of the businesses. False positive alerts generated by legacy data and out-dated screening and scenario-based monitoring technologies results in significant customer onboarding and process transaction challenges. In addition, there is a risk of missing suspicious activities simply due to high volumes of false alerts

Secondarily, initiatives that are multi-year in duration. Such “strategic” initiatives often retard progress at the operational and tactical level. For instance, if certain changes in upstream business systems are required to meet current requirements, the “strategic” plan may be unsupportive since resources are dedicated to other areas. Or, timings to address these requirements will be much further out creating dependencies that are fluid since schedules often shift to later dates than originally envisaged. I favored a “chunking” strategy where a modular approach is followed to deliver incremental and sustained improvements in 2 – 4 month release intervals. Deliverables flow steadily and course adjustments can be made on a timely basis to maintain the initiatives’ requirements.

Operational overhead continues to increase for a number of reasons:

  • Unit volumes of work increase over time due to greater regulatory demands and business growth – e.g., alerts to be reviewed and investigated
  • Efficiency improvements generally lag behind growth, making implementation of planned improvements more onerous given there’s regular workload and additional layers due to testing and validation of enhancements
  • Lapses often result in remediation work which may require a “lookback” which involves reviewing and dispositioning historical transactions and/or alerts that have already been reviewed or which missed review. Such retroactive reviews present a formidable challenge for compliance operations which tend to be already burdened. In addition, IT is also challenged as they need to recreate the environment in which the transactions originally occurred; i.e., the same watchlists and operating systems logic.

Q: The challenges of onboarding corporations are significant, what recommendations would you share from your experience of working with large and complex financial institutions?

A: For multinational financial institutions, a particular challenge revolves around large corporations or holding companies that operate in multiple jurisdictions and are often onboarded through different systems in different regions and/or businesses. Many financial institutions operate with different systems with differing data attributes. For instance, credit cards may be managed on old mainframe systems that have certain limitations such as x number of characters allowed for names before these names are truncated.That same customer may have accounts in the same institution but with other business units with differing technology platforms, names and other associated data may get captured in various forms depending upon field characteristics of a particular system. As a consequence, connecting the dots to align all the seemingly disparate entity descriptors becomes a sizable challenge for those conducting the required due diligence. Knowing the customer is even more of a challenge given it may not be possible to aggregate or create a logically unified profile complete with transactional history. Onboarding also becomes a challenge given the piecemeal or jigsaw puzzle view of the entity.

In conclusion, rationalizing and resolving client entity relationships within an enterprise is critical to effective KYC and transactional monitoring.

Q: In your opinion what areas are the highest focus for the regulators in 2019?

A: Consistency of risk-based practices and systems across the enterprise needs to be at the top of the list. Not necessarily “one size fits all” but certainly rationally defined, risk assessment-based regime. A key driver for enabling and sustaining consistency is change management which is an area specifically highlighted by the OCC as a priority for 2019.

A second area of focus is innovation and automation as suggested by the following statement: “Innovation has the potential to augment aspects of banks’ BSA/AML compliance programs such as risk identification, transaction monitoring and suspicious activity reporting.” – Joint Statement, December 3, 2018, FinCEN, Federal Reserve, FDIC, OCC, NCUA.

Lastly would be model risk validations of systems, data governance, and reporting (including internal and regulatory reporting ) with greater participation and understanding of compliance management requirements by first line of defense; i.e., a FIs’ business units.


David Buxton

David is a former investigator who has advised banks, law firms and leading multinationals on corruption, fraud, money-laundering and other risks. He is a regular speaker on the use of technology for collection, analysis and reporting in a KYC/AML context. He graduated from Oxford University.