Title: Data Quality
1Data Quality A Key Enabler for Compliance
2Key Points
Data Quality is the DNA for AML Customer
Identification Program (CIP) and Know Your
Customer (KYC) Compliance Data Quality Is
Required By Policy And By Regulation We Have
Raised The Bar On CIP Data Quality Using Six
Sigma Tools And Methods Risk Of Regulatory
Fines Measured In Millions Of Dollars In
Financial Services Industry For AML Program
Failures
3Industry Fines/Penalties
Date of Fines/Penalties Dollar Amount
Q4-2005 3 86MM
Q1-2006 1 3MM
Q2-2006 3 12MM
Total 7 101MM
4AML and Compliance The Business Need
5Money Laundering versus Anti-Money Laundering
Anti-Money Laundering (AML) encompasses all
efforts to prevent and detect 1. Money
laundering - disguising the proceeds of criminal
activity through a series of apparently
legitimate transactions 2. Terrorism financing,
using funds to finance terrorist activities
- Money laundering often involves three primary
components - Placement - the process of placing, through
deposits or other means, unlawful cash proceeds
into traditional financial institutions - Layering - separating the proceeds of criminal
activity from their origin through the use of
layers of complex financial transactions - Integration - using an apparently legitimate
transaction to disguise illicit proceeds,
allowing laundered funds to be disbursed back to
the criminal - It is estimated that 2-5 of the global GDP, or
600 billion - 3 trillion, is laundered
annually.
6Reverse Money Laundering
Terrorist Financing is often referred to as
reverse money laundering, which is using clean
money to commit criminal activity, such as taking
the proceeds of funds derived from legitimate
sources and using them to finance terrorism.
- Typical channels include
- Cash smuggling
- Structured small deposits to, or withdrawals
from, accounts - Purchases of monetary instruments
- Use of debit and credit cards
- International telegraphic transfers
- Underground banking
- Misuse of charities or non-government
organizations
7Regulatory Requirements(USA Patriot Act)
- Section 326 Customer Identification Program
(CIP) - Requires implementation of procedures covering
all customers who open accounts - 1. Capture ID information from all customers
- 2. Verify customer identity
- 3. Notify customers of CIP process
- 4. Compare customer names to government lists
- Required identification information (prior to
account opening) - 1. Name
- 2. Street address (no P.O. Boxes)
- 3. Date of birth (for individuals)
- 4. Identification number (for U.S. citizens, it
must be a US taxpayer ID number)
8Section 326 contd Verification (prior to or
within reasonable period of time after account
opening). Documentary or non-documentary means
Standard is that we have a reasonable belief
that we know the true identity of the customer.
Recordkeeping of verification information CIP v.
KYC v. EDD CIP is solely focused on
identification information. KYC (of which CIP
is a component) is appropriate risk-based know
your customer due diligence performed by lines of
business (LOB) in connection with account opening
and relationship maintenance. EDD Enhanced Due
Diligence (EDD) is the practice of conducting
additional due diligence or investigative actions
beyond what is required by normal KYC due
diligence.
9Seven Elements of a Compliance ProgramTM
10Governance and Accountabilities
- Board Of Directors
- Audit Sub Committee
- Executive Committee
- AML Governance Committee
- AML Compliance
- AML Project Management Office
- AML LOB Project Management Office
- LOB Business Teams
- Process Owners
- Associates
11Data and Information QualityCIPKYC
12Information Quality Overview
- Information is Everywhere, It Fuels the
Enterprise (and Compliance) -
- Information Quality Defined Fitness for Use
- Definition Quality (Enterprise glossary)
- Data Quality, Typical Critical to Quality
Measures (CTQs) - Completeness
- Validity
- Accuracy
- Timeliness
- Presentation Quality
- Architecture Quality
13 Key Comments on Data Quality
- Data Quality
- Our ability to execute strategic plans, make
sound business decisions and fully serve our
customers depends on the quality of our data. It
is every associates responsibility to ensure the
integrity of the data we rely on to run our
company. - -- Ken Lewis, Chairman and CEO
It costs ten times as much to complete a unit of
work when the input data are defective (late,
incorrect, missing, etc.) as it does when the
input data are perfect. -- Dr. Thomas Redman
14Our Approach
- Defined in Corporate Policy
- Executive Sponsorship and Governance
- Risk Based Approach
- LOB Process Owners
- Daily, Weekly and Monthly Operational Reports
- Compliance Process Owner and Oversight
- Monthly Automated Monitoring by Compliance
- Monthly Process Owner Meetings
- Quarterly Report to Governance
- Mistake Proof it Where Possible
- Six Sigma
- Balance Risk and Reward
- Continuous Improvement
Tip Data Profiling Tools Are Very Helpful,
Especially During The Analyze Phase
15 Typical KYC Data Elements (with CIP subset)
16 Federal Financial Institutions Examination
Council (FFIEC) Exam Manual View
- Examiners are provided an exam manual which is
used to provide consistency in exams. - Typical Questions Include
- Show Detail Customer Identification Program (CIP)
requirements are met for opening an account,
including the use of documentary and
non-documentary methods to verify a customer. - Sufficiently document KYC information to allow a
determination as to whether or not the actual
activity is consistent with the nature of the
customers business.
FFIEC Web Site WWW.ffiec.gov
17The Cost of Poor Quality
- Get CIP/KYC Right The First Time
- Or
- Repair It Within A Reasonable Time
- Or
- Close The Account
18 Risk vs. Reward
- Rewards
- Improved Service
- Delight Opportunity
- Improved Revenue Generating Opportunities Like
Cross-Selling - Lowest Possible Total Cost Occurs by Capturing it
Correctly the First Time
- Risks
- Audit Failures
- Exams MRAs
- Fines
- Waste and Rework
- Poor Customer Sat.
- Fraud
There is no Business Value in Poor Quality Data
19Six Sigma Methodology
20Six Sigma Philosophy
- Everything is a process
- All processes have variation
- Variation is the enemy
21Six Sigma Tools and Methods
- Cause and Effect Analysis
- Failure Mode and Effects Analysis (FMEA)
- Green Belt Projects
- Black Belt Projects
- Design for Six Sigma
- Process Excellence
- Statistical Process Control Charts
- Design of Experiments
- Control Plans
22Six Sigma as a Metric
Sigma Level DPMO (Defects per Million
Opportunities) Six Sigma 3.4 Five
Sigma 233 Four Sigma 6,210 Three
Sigma 66,807 Two Sigma 308,537 One Sigma
690,000
/- Six Standard Deviations Between The Spec
Limits
The bigger the Sigma, the lower the DPMO
Why?
LSL
USL
23Six Sigma Methodology
Improve process for data not meeting the CTQs
Define
Analyze
Measure
Improve
Control
Manage process for data meeting the CTQs
Define
Measure
Control
24 Process Excellence Flow
25AML Business Process Objective
- Complete Set of AML Process Are
- Defined (Policy and Procedures)
- Measured (CTQs)
- In Control (Statistical Process Controls and
Change Controls) - Active Process Owners (Effective Execution,
Training and Tools) - Meeting CTQs (Capable Processes)
- Continuous Improvements (Where Needed)
- Certified Through Process Excellence!
26Overall AML Process Framework
Account Opening
l
s
l
s
a
e
r
O
c
e
o
v
r
Risk
More Due
OFAC
P
Open
KYC
CIP
Relationship
Diligence
Rating
Repair/ Close
Filtering
(if needed)
Ongoing Relationship Management
Identify
Close
CIP/KYC
Investigate
Report
suspicious
relationship
Refresh
activity
(if needed)
27CIP Defect Dashboard Reporting
Enterprise AML is using a series of Control
Charts to oversee the collection and repair of
CIP data for customer account openings.
Hundreds of Monthly Control Charts Oversee the
Process
28Types of Data Quality Problems
- Capturing The Data Correctly
- Multiple Business with Unique Needs
- Entering The Data Correctly Into The Data Base
- Multiple Disparate Systems
- Data Movement/Transformation Issues
- Unwilling to Provide Data or Possible Fraud
- Clarity Of Definitions
- International Address Variations and Rules
- International, Privacy and Security Data Rules
- Accountability Issues
- Insufficient Controls
29Variation Reduction Approaches
- Improved Edits and User Interfaces
- Improved Training
- Improved Service Level Agreement Between Systems
- System Consolidations
- Improved Definitions
- Utilize Enterprise Data Warehouse
- Compliance Monitoring
30Lessons Learned
- Leverage Corporate Policies
- Create DQ Governance
- Connect DQ to the Business Process
- Link it to Sales Commissions
- Separate Business Rules For Individuals vs.
Entities - Action Plans from Process Owners (i.e. data
stewards) is Critical - Support The Business Process Owners With
Expectation Setting, Escalation Processes,
Technical Support And Shared Successes - Implement Data Quality Rules in Phases
31Key Points
Data Quality is the DNA for AML Customer
Identification Program (CIP) and Know Your
Customer (KYC) Compliance Data Quality Is
Required By Policy And By Regulation We Have
Raised The Bar On CIP Data Quality Using Six
Sigma Tools And Methods Risk Of Regulatory
Fines Measured In Millions Of Dollars In
Financial Services Industry For AML Program
Failures
32Glossary
33 - AML Anti Money Laundering
- BSA Bank Secrecy Act
- In 1970, Congress enacted the Bank Secrecy Act
(the BSA), the worlds first anti-money
laundering (AML) legislation, to deter money
laundering and the underlying criminal activity
by creating a series of paper trails for law
enforcement investigations into criminal
activity. Since then, the BSA has been amended
several times, most recently in 2001 with the
Patriot Act, which extends the scope of the BSA
to cover anti-terrorism and intelligence efforts,
as well as expanding the types of institutions
subject to the requirements of the BSA. - CIP Customer Identification Program
- A component of Know Your Customer (KYC) mandated
by the Uniting and Strengthening America by
Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism (USA PATRIOT) Act. The
regulation requires KYC to capture specific
customer identifying information, implement
verification procedures, retain specific records
and give customers notice. It also requires
comparison with government lists of known or
suspected terrorists or terrorist organizations. - CTQ Critical to Quality
- A term widely used to describe an element of
design, characteristic of a part, or attribute of
a service that is critical to quality in the eyes
of the customer. - DDA Demand Deposit Account
- Account from which deposited funds are payable on
demand, or a deposit issued with an original
maturity or required notice period of less than a
minimum number of days set by regulation.
Checking accounts are the most common type of
demand deposit accounts. - Documentary Method of Identification
- Used to review proper approved identification,
such as a drivers license or passport - Defects Per Million Opportunities
- The number of defects that would be encountered
in one million outputs.
34- EDD Enhanced Due Diligence
- Due diligence or investigative actions beyond
what is required by standard Know Your Customer
(KYC) due diligence procedures of a line of
business (LOB) that are coordinated and performed
by Bank of America Due Diligence Investigations,
who may engage appropriate outside investigative
services or consult appropriate external
databases when necessary. - FFIEC Federal Financial Institution Examination
Council - A joint agency representing all Federal banking
regulators. Members include the Board of
Governors of the Federal Reserve System, the
Federal Deposit Insurance Corporation (FDIC), the
Office of Thrift Supervision, the National Credit
Union Board and the Office of the Comptroller of
the Currency (OCC). The FFIEC sponsors joint
training sessions and from time-to-time publishes
joint position papers addressing topics of
interest (e.g., Securities Lending and the Retail
Sale of Non-Issued Investment Products). - KYC Know Your Customer
- A banking practice established as an effective
deterrent to involvement in money laundering and
fraud activities by obtaining a reasonable belief
as to the identity of the customer and developing
an understanding of the customers expected
activity by obtaining customer information
protection (CIP) mandated information and
conducting risk rated due diligence or enhanced
due diligence on customers. - LCL Lower Control Limit
- LSL Lower Spec Limit
- MBF Management by Fact
- MRA Matter(s) requiring Attention
- Regulatory finding requiring a formal written
management response typically included in the
regulator's quarterly report and discussed at the
Executive Management and Audit Committee Level.
35- Six Sigma
- - A statistical concept that measures a process
in terms of variation and defects. Six Sigma is
also a philosophy about managing, understanding,
measuring and improving processes. - SPC - Statistical Process Control
- TIN Taxpayer Identification Number
- An identifier assigned to a party by a
governmental agency for the purpose of reporting
tax liabilities. This identifier becomes unique
only when referenced with a Taxpayer
Identification Number (TIN) type. - UCL - Upper Control Limit
- USL Upper Spec Limit
- VOC Voice of the Customer