compliance icon

company info: compliance

← back to company info

Compliance should make international trade safer by preventing malfeasance such as money-laundering and funding or terrorism. Instead it's become a box to tick to defend financial institutions from penalties. It's a necessary evil to be overcome to allow trade to take place.

We see it somewhat differently...


why compliance isn't working

Financial compliance has become the universal term for a minimum response to regulatory requirements. Its original intent - to prevent or punish financial malfeasance - has become obscured by blame-shifting and overloaded bureaucracy. Banks routinely fail to meet the reporting time limit for suspicious activities; regulators fall ever further behind as they drown under mountains of false positives. Prosecution rates run at less than a hundredth of a percent of reported suspicious activity. And who knows how many crimes slip through completely undetected?

Due diligence on the parties involved in an international transaction has largely moved beyond the basic "passport and utility bill" requirement that used to suffice, though it's still all that's required for many smaller payments. But it's still common for institutions to onboard customers and then pay little attention to an account provided it stsys within preset limits. This means that illicit transactions can flow under the radar, never triggering an alarm that might lead to a suspicious activity report.

gathering information

A more modern approach, being adopted by an increasing number of institutions, is to inspect every transaction, rather than trust to the initial onboarding. This provides greatly enhanced data on which to judge a payment's acceptability. as well as providing better legal compliance, it helps an FI to avoid passing payments for purposes outside its policies, such as tobacco or gambling. The downside is that it's far more labour-intensive than the once-only onboarding diligence. Many different sources may need to be interrogated; multiple high-cost subscriptions may be required; data in many forms may need to be aggregated and analysed. Then all this information must be stored in a secure and auditable form.

All of this costs time and, inevitably, money. It also introduces delays as e-mail proliferate requesting further details. This cost mitigates strongly against smaller transactions, potentially making them commercially unviable. Compliance costs increase when executing diligence on parties in challenging jurisdictions, creating regional exclusion.

duplicated effort

Those financial institutions that operate a more detailed diligence process may look more closely at each transaction. But the payment chain can involve several banks and NBFIs. Only those at each end have visibility of the transaction's counterparties - and even then, potentially only those at one end of the chain. To get the full picture, they're forced to request information from other parties - information that usually arrives by e-mail and then needs to be transcribed for storage and auditability. Alternatively, they may carry out their own diligence checks to fill in the blans, duplicating effort and creating further delay.

is it fit for purpose?

If we're prepared to accept that compliance is there merely to protect organisations from penalties*, then is it working? Non-compliance penalties fell by 22% in 2022, which should encourage us, but they still exceeded $4 billion. But enforcement actions for AML breaches rose by 52%**. These numbers demonstrate that compliance failures are still widespread. But they reflect only those activities that were detected. As it's widely recognised that criminal methods are becoming more sophisticated, we must ask whether the diligence measures used by most organisations are adequate.

And who's being punished? The penalties are levied against institutions who dropped the compliance ball, not the criminals themselves. And the real victims are those who lost their money in a bad transaction or, worse still, lost their lives to terrorism. It's like prosecuting someone for not closing the window rather than pursuing the burglars.

Compliance on its own is at best an incomplete defence against penalties. Its requirements are inadequate to detect all but the most unsophisticated crime, and it's too slow to allow rapid detection and prosecution of the wrongdoers. We need a shift in perspective from doing the minimum required to avoid blame to active prevention and timely detection.

* and we're not
** source: Fenergo

 

related stories

turning compliance into business

Moving compliance from blame-shifting to crime prevention

firing the dollar cannon


transactional diligence

Recognising the shortcomings of once-only onboarding diligence, more financial institutions are adopting the practice of inspecting every transaction is becoming more widespread. This is the technique employed by Clarency since its creation. Best practice requires every counterparty to be onboarded, and then re-evaluated every time a transaction is executed. For each person involved, the following information will typically be collected and, where possible, validated using advanced technology:

  • photo id such as passport, driving licence or government ID
  • utility bills to establish residential address
  • background checks for criminal records, adverse media etc.
  • PEP status

In addition, the associated company should provide:

  • certificate of incorporation
  • shareholder structure certificate
  • proof of registered address
  • ICO certificate
  • MLR registration approval and expiry date
  • annual return
  • audited accounts

The above information, collected at onboarding is checked for being up to date and correct. It can then also be checked for factors like adverse media, trading history, active markets, sanctions, prohibited companies and so on. Now the transaction itself can be inspected:

  • identities of all counterparties, including originator, instructor, beneficiary etc.
  • description of the goods involved
  • invoices
  • shipping documentation, ideally including vessel identification, volume of goods, routing and customs clearances

Clarency ensures that the goods coincide with the exporter's and importer's market sector, that volumes and values are rational and that shipping routes are practical and permissible. Should anything suspicious be detected, the transaction can be paused for immediate reporting and investigation.

 

storage and audit

Transactional diligence gathers a potentially massive, and growing, amount of data. All of this must be auditable and formatted in a format that allows rapid assembly of reports where necessary. Much of this information may be of a highly personal nature, and therefore subject to GDPR. Security and immutability are therefore paramount. These requirements argue strongly for a blockchain solution, and this is the route chosen by Clarency. Core storage is by the next-generation InterlockLedger system, and a new integration is in progress to incorporate the similarly advanced Chinese Tiande chain to provide jurisdictionally separated storage while maintaining end-to-end transparency. Both chains operate a low-power consumption model for sustainability and can operate offline to ensure continuous availability.

report creation

Both chains use advanced techniques to ensure that data, once stored, cannot be changed. Each step of progress through the customer relationship is stored chronologically as new data, effectively creating an evolving story that shows every decision, document and action since onboarding to the present day. This can be assembled with a few mouse-clicks into a detailed report for regulators, auditors or any other authorised body.

GDPR requirements

One unresolved dilemma regarding compliance is the requirement to store information indefinitely for access by an authorised regulatory or law-enforcement body. This is in direct conflict with most privacy laws, which demand that personal data be destroyed when no longer actively involved in a relationship, and that individuals have a right to be forgotten by means of data deletion. Clarency satisfies both requirements by means of an access-controlled blockchain data vault. This contains a secure, immutably verified copy of the relevant blockchain data that is linked by a relationship invisible to anyone, including Clarency itself. Data in this vault can be deleted on request, whereas the raw data stored on the core blockchain cannot. Certified law enforcement and regulatory bodies can access the raw data via a unique, encrypted code that is not available to Clarency or anyone else requesting access.

shared compliance data

The duplicated effort mentioned above can be avoided via a sharing technology developed by Clarency for the purpose. Using the secure data vault previously outlined, authorised counterparties can be provided with a smart link that allows them controlled access to compliance data relating to a transaction. This smart link is sufficiently compact to be passed to all connected participants using just one field of the SWIFT MT103 message.

 

related stories

how does blockchain impact climate change?

Clarency 'C'

biz.Clarency

business sectors

working with us

about us

contact us

privacy policy

cookie policy

 

Clarency Singapore PTE. LTD. Guoco Tower, 1 Wallich Street #14-01, 078881 Singapore   +65 6403 3956

© 2021 - 2024, Clarency Singapore PTE. LTD