Impact of Poor Data Quality on Compliance

02/08/22 | Uwe Weber

Impact of Poor Data Quality on Compliance

Over the past years and decades, the majority of the financial world has invested large amounts to do full justice to the regulatory requirements in the area of compliance. This starts with the recruitment and training of qualified staff and ends with the implementation of regulatory requirements that are subject to constant change due to new services, products and processes. Screening and monitoring software systems have been implemented with great effort to check transactions for indications of money laundering and terrorism financing.

However, what was often not in the focus was the necessary analysis of the quality of the data to be processed. This forms the basis to be able to operate systems adequately. Dealing with missing or incorrect data has an enormous impact on the effectiveness of compliance and represents a high risk of not complying with the regulatory requirements in the course of internal or external audits.

Missing or incorrect data means that the parameters stored in the systems cannot take effect as would be necessary from a compliance and regulatory perspective. On the one hand, this can lead to a large number of incorrect hits in systems, which then need to be closed automated or manually − taking into account the necessary requirements for the quality of the documentation. On the other hand, transactions cannot become suspicious or the required customer risk classification cannot be done as necessary and required by law. 

To outline the effects of collecting incorrect data, let us consider the following situation as an example:

  • A business relationship is established with an MBS (Money Service Business).
  • Based on recommendation 14 of the FATC, it should be checked whether the MBS is a licensed provider.
  • This applies to natural and legal persons without any restrictions.
  • If the "Sector of Activity" is not correctly recorded as part of the customer acceptance process, all further defined measures cannot take effect, such as
    • Approval during the customer acceptance
    • Adequate customer risk classification
    • Assignment to the correct risk class
    • Period of the data update
    • Transfer to the monitoring system
    • Appropriate monitoring in the payment systems
    • Possibly, incorrect / incomplete reporting

Besides the collection of such data, the maintenance of customer-related master data is an elementary basis for proper compliance. Only with complete, up-to-date and correct data is an analysis of a customer's activities possible in the first place. If, in the scope of the research, the compliance department decides to make a report to the FIU, the authority will only be able to analyze cases and to take the necessary action if complete and correct data has been transmitted.

Only complete and correct data permit the obligated party to comply with the recommendation 16 of FATF in the case of foreign bank transfers. Furthermore, only with complete and correct data are the continuous checks of the customer portfolio against the sanctions or PEP lists possible.

This year and in the coming years, many Financial Intelligence Units (FIUs) will start using the goAML software by UNODC for more effective tracking of reports across borders. However, these effort can only be successful if the data transmitted electronically to the FIU is correct and complete.

As a first step, therefore, the financial institutes must identify whether the customer master data records are stored multiple times in the core bank systems. If this is the case, it is strongly recommended to merge similar customer data records to be able to get a consistent picture of the total exposure.

Further steps include the verification of individual pieces of information such as

  • Last name
  • First name
  • Date of birth
  • Place of birth
  • Address
  • Passport data

with regard to completeness and correctness.

The completeness of the data is not only restricted to the customer's master data. It is also important to regularly check whether the data, which is transferred to the research systems, is completely and correctly transmitted and processed. For instance, a missing country code for a foreign transaction can lead to important facts not being noticed in a monitoring system, even though this data is available. Because without a corresponding country code, cross-border transactions cannot be processed in the SWIFT network.

In this respect, obligated parties face the constant challenge of not only dealing with regulatory requirements, but also ensuring that a closed system in its entirety ensures that all regulatory requirements can be met.

Back to Blog

Topics: AML, FATF

Blog Author:Uwe Weber

Uwe Weber |

Expert for AML Compliance | 20+ years experience as Consultant & Compliance Officer | Long-standing advice to the financial sector | Extensive knowledge of national + international regulations

Key Themes:

  • Anti-Money Laundering/Counter-Terrorism Financing
  • Risk Models (AML, KYC, Sanctions)
  • Risk Analysis
  • Risk Management
  • Business Process Reengineering and Optimization

Industries:

  • Banking
  • Insurance
  • Asset Management