Maximum security

In the high-tech war against money laundering, the region's banks are our first line of defence.

  • E-Mail
By  Duncan MacRae Published  March 10, 2007

The challenges that IT specialists at banks in the Middle East are having to deal with in 2007 are plentiful. Dealing with thousands of customers and millions of dollars, it is the IT managers who are feeling the pressure to keep the business running as smoothly as possible.

Processing a vast amount of transactions each and every day, as well as reducing costs, increasing operational efficiency and keeping customers happy are just a handful of goals that financial institutions in the region are striving to achieve. Banks in this part of the world are experiencing a unique pressure now — leading the good fight against would- be money launderers.

To meet increased regulatory requirements, banks and other financial institutions have purchased automated systems to help them monitor customer activity to look for suspicious or unusual events. These financial institutions have also substantially increased their compliance staff to monitor and constantly investigate the activity.

Tens of billions of US dollars are now being spent globally to find and report suspicious activity. While there are no regulations set in stone from the region’s governments in relation to money laundering, any bank dealing with partners in the Western world is having to show a level of compliance with regulations set by the likes of the United Nations, European Union and the USA through the Patriot Act.

In the past few years Europe and the USA have developed tough regulations; meaning banks must actively prevent money laundering, or risk extremely hefty fines. Any bank in the Middle East working with banks in the West is also bound by these laws, as Kalpesh Desai, COO at 3i Infotech explains.

“The problem is mainly from a compliance perspective,” says Desai. “Also, if you were an institution that needs to deal with the US you need to be able to demonstrate the fact that you are complying with the norms set by the regulators. Not only are you complying with the regulators but you are looking at it from a customer relationship perspective and that could help the bank build better products and service its customers better.”

Haround Dharsey, vice president and head of projects at Dubai Islamic Bank believes IT is absolutely important in dealing with money laundering. “Managing all of this is a huge task,” he explains. “Your core banking operations need to support this and you need to ensure that your compliance officer can extract the data fairly easily and also do this in as little time as possible. There are a number of money laundering tools and compliance tools all over the world being applied in all kinds of countries, especially in city banks, and all of these tools are working.”

Dharsey also feels that compliance is the real problem for IT departments at banks in the Middle East, rather than the people attempting to launder money. This is due to their being a number of other channels available to the criminals, such as exchange houses, independent exchanges, physical trading across the open trade and cross-border traffic.

He explains: “There are a huge amount of channels, so the perception that money laundering is happening within the region, is it correct? I’m not sure. But I can confidently say that it doesn’t happen in our bank because we monitor and profile transactions. In my view the banks are the last resort for these guys as it has the highest risk of being caught. So why would they go to a bank?”

Business intelligence provider SAS feels the bulk of the challenge in addressing money laundering lies in comparing data historically over time for patterns and trends, as banks have to deal with and process millions of transactions each day.

“We’re talking a large volume of data,” says Steve McTigue, solutions manager at SAS. “The challenge for banks is that their systems are generally a mix of different systems that have all been developed at different times over the years and aren’t all of the same format. So a transaction from a credit card is different to a transaction from a savings account. You need homogeneity across your transactions to be able to compare apples to apples. Without implementing specialised systems the challenge for an IT manager is how do they compare and analyse activity across a range of different historical systems? It’s very difficult.

“As is the case with most of these areas, you can either do it properly or do it with the least amount of effort," McTigue explains. “To do it properly means taking all of your transaction systems, extracting all of the data and putting it into a new system where you can then structure it in a way that lets you monitor it in a sensible way.

“Without going down to that level, if an IT manager is looking to just take what systems he’s got now and put some reports around it, he’s going to have very limited ability to do monitoring.

“If you’re going to do it, do it properly. Doing it properly, however, means that it becomes a significant project, it costs and takes time — it certainly could be a six-month project.”

According to Ayman Fathallah, director of business and marketing at EastNets, the problem of money laundering intensified after the September 11 attacks in the USA. Since then, he says, financial organisations worldwide have had to look at the various ways launderers try to smuggle money, and how best to combat it.

Despite the sharp increase in money laundering activity, Fathallah is adamant that the problem is nowhere near as bad as it once was. “The problem is definitely getting better,” he says.

“Before, there was no regulation so people could transfer money very easily. For example, you could get an e-mail from somebody you don’t know, saying they needed to transfer US$80m into your account and the next day you just had to send them back US$77m.

“Most of us receive those spam e-mails every day. This is what we call cash rebounce. You get your salary paid into your account every month and you have some spending patterns. All of a sudden, if we see you have this huge amount of money going into your account it bounces back.”

Anti-money laundering software can detect this and highlight it as a suspicious transaction to a bank’s compliance officer. It is then their responsibility to report it to authorities so they can investigate what the money is for and what it is being used for. “Now, financial institutions are in a position to deal with these problems,” adds Fathallah.

It is high time the banks in the Middle East are stepping up their efforts.

“Half of the banks in Europe have implemented anti-money laundering software and the other half are in the process of doing so," says Parth Desai, CEO at Ace Software, a specialist solution provider for payments and securities processing. “The third wave is now happening in the Middle East where banks and financial institutions are addressing the problem. Financial institutions want to make sure that their partners are following the same rules as them because of the ‘KYC’ — ‘know your customer and know your customer’s customer.’

“So Western institutions can’t do business with banks in the Middle East if they don’t have some procedures in place. There is no mandatory requirement from the governments in the Middle East but a bank needs to impress upon the Western world that it is a professional player in the global market for payments and international trade.”

The task of keeping money launderers at bay is not an easy one though, as criminals continually come up with new ways to try and beat the system.

“Money laundering is like a cat and mouse game," Desai says. “Terrorists and other people keep on coming up with various new schemes of money laundering and the banks and financial institutions need to stay ahead as much as possible to make sure all the avenues available for money laundering are made as difficult as possible.

“Money laundering is one of the ways that terrorism is financed so, in order to stop that financing, all unusual transactions or any suspicious operations need to be looked into and trapped,” he says.

“Banks need to make sure that no money is passed from one party to another without having a valid business reason. It has to be a proper business transaction and the only thing banks can do is have a good process in place,” Desai strongly adds.

It is, therefore, up to the banks’ IT department to make sure they have versatile technology in place that can be enhanced and adapted to meet ever-changing needs.

American-based Gifts Software, an anti-money laundering and compliance solutions provider, has a number of customers worldwide and is in the process of making its first implementation at a Middle East bank. Paul Campanaro, VP at Gifts Software is sure the money laundering challenge is not going to get any easier.

“Unfortunately, no end is in sight because as the methods of detection improve so do the schemes, methods and sophistication of the abusers. Banks must remain very diligent and constantly tweak their systems and be willing to adjust their methods and techniques in order to catch the bad guys.

“Based upon our experiences in other parts of the world it’s safe to say that the problem has always been present and, now that regulatory and law enforcement agencies are paying more attention to money laundering and terrorist financing, in turn more money laundering cases will be found.”

From the perspective of Dubai Islamic Bank, compliance is a very important issue, which is the case for every other bank in the region. “At Dubai Islamic Bank we have two issues to deal with,” says Dharsey.

“First, we are in the region and two, we have an Islamic connotation behind our name, which makes it even more imperative to make sure we have some sort of compliance environment.

“Having said that, compliance is not as easily applied as most people think because we run into a number of variances. We have 174 ways of spelling the word Mohamed in our system but where do you stop it?”

The bank opted to put a compliance environment into its organisation and formally appointed a head of compliance who has now been working as a compliance officer for a number of years. It also follows due diligence ensuring that it has value transactions reviewed and accounts validated.

Before people open accounts they have to meet certain criteria — Dubai Islamic Bank has its own criteria, which it uses in conjunction with the US and European Union blacklists. The bank has a screening process in operation but it is by no means an easy exercise, says Dharsey. “If you’re dealing with a person called Mohamed Bin Laden is this Osama Bin Laden? Is it Laden with an ‘e’ or an ‘i’? And we have to go through a rigorous process of actually looking at the account details.

“This is what we do and we’ve been doing this for a few years now. We’ve realised that compliance is not necessarily a requirement driven by regulatory pressure from outside markets but it’s also an internal requirement,” he says.

The bank has been making an effort to ensure good banking practice, customer base and regulatory governance within its own organisation. “For us, compliance extends beyond hyper-political sanctions around sanctions of the UN and European Union,” Dharsey explains. “It relates to a lot more than that. It relates to our client base. We are an Islamic bank but it doesn’t mean we will let just anyone open an account just because they have an Islamic connotation behind their name — not at all. We reserve the right to bank with whomever we feel like banking with. It’s our bank.”

Not all banks in the region have their defences quite so well-developed, though, with some banks yet to embrace anti-money laundering software.

According to ACI, a provider of electronic payment solutions, the countries within the Middle East region that lagged behind others in putting money laundering regulations in place — and therefore may not have all of their banks using anti-money laundering solutions — are probably experiencing higher levels of money laundering.

“This situation will be redressed and money laundering will move on to the next global weakness when all banks across the region have solutions in place,” says Katherine Watts, marketing coordinator at ACI.

“It does, however, push the focus quite clearly on to the countries and banks that have yet to legislate or implement AML solutions, as these are the weak spots within the region,” continues Watts. “All IT managers are challenged by money laundering, with no countries dealing with it better than others. We can, of course, though recognise that Saudi Arabian banks having been implementing AML systems for several years now are further along this road than many others.”

McTigue at SAS feels it is impossible for anyone to know which banks in which countries are experiencing the most criminal activity as not much information from studies on this is shared with the public.

“In terms of which parts of the world are doing more money laundering, the City of London probably does more money laundering than there is out here. In terms of the pressure the region’s banks are under to comply with international regulations, in Saudi Arabia they’re very strict — they put the banks there under quite a bit of pressure. The UAE is following to a similar degree and then in places like Kuwait and Egypt there are varying levels of pressure from the governments.”

Local and international banks in the Middle East are advancing rapidly and look well-placed to continue doing so in coming years. Nevertheless, in order to support the increased requirements of customers and potential customers, banks have to ensure that their IT systems are robust, scalable and flexible enough to ensure that they can offer what is demanded of them.

The initial responsibility must lie with those responsible for the various aspects of risk management to identify needs and engage the CIO on how best to meet them. The experienced CIO keeps close to the business functions as they identify and explore new systems’ needs.

Martin Owen, VP of product design at Haydrian, a risk management solutions vendor, thinks all members of the IT department need to fully understand the business needs and work in partnership with the line departments in evaluating the options for meeting them.

“They have a particular contribution to make in assessing such issues as ease and cost of installation and maintenance,” he explains. “Risk management will always be a dynamic business, since ways of doing business will keep changing, and so will the threats.”

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code