The regulatory compliance world can be very complex, and with the rapid expansion of digital payments, it’s increasingly difficult to identify and stop fraudulent transactions from occurring.
Technological solutions continue to evolve at an equally breakneck speed. But they have failed to keep up with the rapid-fire payments made by bad actors. This forces compliance analysts to manage the barrage with outdated and inefficient tools.
Euronet’s Skylight is a financial transaction monitoring solution that identifies fraudulent and suspicious activity behavior and aims to facilitate financial services compliance investigations by automating the entire process — mitigating both regulatory and reputational risk for businesses.
“Businesses have a lake of data they need to analyze,” said Bryan Zingg, President of epay North America at Euronet. “The system uses powerful algorithms to apply rules to that data and then it creates automated alerts. So, when a compliance agent logs onto Skylight, they’re able to see different alerts. The alerts have been created based on the rules businesses set.”
In a recent PaymentsJournal podcast, Zingg and Brian Riley, Director of Credit at Mercator Advisory Group, discussed how solutions like Skylight can greatly benefit businesses and help them streamline an otherwise difficult process.
Bringing Clarity to Regulatory Compliance Cases
Efficiency is key for an effective regulatory compliance solution. And it helps liberate time for AML/Compliance analysts to focus their efforts on spotting illicit consumer behaviors. Skylight creates a case management workflow for compliance analysts. How this plays out is that companies can modify their specific workflows. These can be based on the stringency of their compliance obligations. Workflows can be straightforward or more complex depending on the needs of the business.
“Once the analyst has gone through the case and determined that it generated a meaningful alert that needs to be flagged as a compliance risk, the system can automate and populate the SAR [suspicious activity report] and CTR [currency transaction report], which are two different types of forms that a business will have to file with their regulator,” said Zingg. “Through an integration that we have with FinCEN — Financial Crimes Enforcement Network — an automated process sends these to the regulator.”
On another note, the managerial team can use a dashboard on the platform. The organization’s managerial team can peer into key performance metrics, trends, alerts, and case aging.
“As a Compliance Officer, if I have cases that are more than 90 days old, I can take action and assign them to the agent or dig into why an agent might not be working through those aged cases,” said Zingg. “There’s a dashboard tool that shows all these key metrics that can be used to gain visibility in to the business’ compliance program.”
No-Code Rule Creation
When it comes to standard regulatory compliance software tools, the Compliance Officer typically needs technical support. They need either internal resources or contractors to create rules. If there is a fraud risk that hits their radar, the setting up of a rule to address that requires coding. With Skylight, there’s no code rule creation. This option exists for the Compliance Officer so that they’re free to create their own rules. Compliance officers run the rules against actual production data in test mode. They do this before they run them in production.
If there is a problem, businesses adjust the rules. They do not have to restart the process and engage technical resources.
“The benefit of no code rule creation is that if you don’t get a rule exactly correct, maybe you intend to flag 100 different transactions that might be fraudulent or risky – and you end up flagging 100,000 risky transactions and create 100,000 alerts, it’ll be overwhelming,” said Zingg. “Typically this results in the compliance analyst needing to work through all those alerts, and that would cause a massive backlog in the compliance management process.”
“With a global crisis in hand, financial institutions are focused on capital adequacy, the blood and guts of running their business,” added Riley. “Suppliers and the supply chains are disrupted. Focusing on the compliance aspect is more important than ever, as is bringing in tools that automate it.”
Regulatory Compliance as an Afterthought
In conversations with clients, Zingg noted that businesses place a lot of emphasis on building a successful user interface. They do this without giving much thought to regulatory compliance. This typically happens when businesses start out with a small customer base. When the numbers reach the thousands or millions, that’s when businesses start thinking about implementing a regulatory compliance solution.
“This is providing a powerful tool in the compliance world for companies that didn’t have it,” said Zingg. “And then in other instances, some companies have had a compliance solution that covers their case management, one covers their transaction monitoring, another compliance tool handles their fraud management, and yet another one that they might use for analytics. Skylight bundles all that into one cohesive, homogeneous platform that covers all their compliance needs.”
Regardless of the type of fintech, banking or payments market a company makes its foray into, the reality is that there will be an obligation for businesses for compliance. The automation solutions Skylight offers takes the manual steps out of the process of regulatory transaction monitoring investigations.
The Middle East, specifically, has specific regulatory compliance requirements that Skylight can address. This can also be transferable to any market worldwide as more countries begin implementing their own compliance regulations.
“There’s a lot of obligations that need to be fulfilled,” said Riley. “You start thinking about inflation, even the thresholds that trigger that will start to compress.”
The Benefits of Self-Service Creation
Most regulatory compliance businesses follow a predetermined set of rules. There are also rule templates available in which businesses can create their own rules. And there are attributes that can be designated to those rules.
“You can set a rule that says, ‘I want to know if customer A is in Mexico and customer B is in the United States,’” said Zingg. “You can even get down to a city in a country or to a zip code. It allows you to have a vast array of parameters that you can build into a rule, then you can click it and run it in trial mode so that you can run it against your own data to see what happens when that rule is applied.”
“If you’re successful, you’ll get a meaningful and reasonable amount of responses from that rule, and the alerts will show you the nefarious behavior you can detect, seek to eliminate, and potentially block through fraud mitigation,” he said.
As digital payments continue to grow, more compliance regulations will be implemented. This is to protect both consumers and businesses from data breaches and other fraud risks. Businesses must do all they can to protect themselves and their customers from bad actors.