Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
A recent trend has been the active involvement of ordinary bank clients – individuals – in servicing the needs of the shadow economy. The fight against drops was on the agenda of the Central Bank and the banking sector as a whole. What transactions may raise questions from the bank and how to respond to these questions? Should a client who was consciously or unknowingly involved in suspicious transactions have the right to rehabilitation? Who becomes a drop and how long do the cards of such people "live"? How do banks treat transactions related to cryptocurrency? Larisa Zalomikhina, Vice President and Director of the Compliance Department of Sberbank, spoke about this in an interview with Forbes
About suspicious transactions and the client's right to rehabilitation.
— What is the role of bank compliance in the existing system for combating money laundering and terrorist financing (AML/CFT)? In your opinion, does this system need to be improved?
— Compliance means not only the anti-money laundering system, but also other areas of regulation, where the work of the organization is built from the point of view of the public good and ethics. This includes, for example, anti-corruption compliance, regulation in the financial market and much more. Now many questions arise around anti-legalization compliance – the same AML/CFT, but this system did not take shape yesterday.
AML/CFT legislation was adopted back in 2001 and has not changed significantly in terms of the role of banks. The role of the bank is to know its client, control operations, prevent the penetration of the shadow economy into the financial sector, and exchange information with authorized bodies. But now the public demand for how this function should be built has changed: in addition to complying with the law and regulatory requirements, it is necessary to remember about the client, whether he was treated fairly. If the client has violated something, could not realize and comply with the requirements of the law in time, but is ready to change his work, the nature of operations, then there should be an opportunity to rehabilitate. Sberbank provides such opportunities. Openness to the client and dialogue with him are the keys to the work of modern compliance.
— Can we say that compliance is becoming more customer-oriented, and focused specifically on individual customers?
— Now there is a transformation of shadow flows — individuals are involved in serving the needs of the shadow economy. And the bank is faced with the task of distinguishing a bona fide client from a client from whom it is necessary to clarify the goals of the operation, and to do it very carefully, pointwise, so as not to disturb people unnecessarily.
— There are clients who are really connected with the shadow economy, act intentionally, and those who are involved in this perimeter unintentionally or in general come to the attention of compliance only due to certain patterns of customer behavior. Is it right to make such a distinction and has the ratio of such clients changed in recent years?
— By and large, you can't get into a person's head, and there is no task to understand whether there was or was not an intention. It is important to what extent the client is ready to change the nature of his transactions if these transactions contradict some provision of the law.
For example, a company has recently been registered, people are setting up their business, andAnd they have shortcomings in the documentation of transactions. Such a company can be given recommendations on the organization of the back office, the normalization of financial discipline and not immediately apply any restrictions. If the company received recommendations, but nothing was done in the future, questions will arise whether the business is really being conducted, and then restrictive measures may be applied.
The same applies to the transactions of individuals. But there are deviations when a person makes multiple transfers per day with changing counterparties, of which there can be hundreds, this attracts the attention of banks. The bank will ask the client questions to understand what the real life situation is behind such transactions. We urge you to refuse to make inexplicable transactions, and then the bank will continue to cooperate without any restrictions, blocking cards.
— What customer behavior, in addition to multiple transactions, can attract the attention of the bank's compliance?
— The general criteria are not secret — they are published in the regulatory documents of the Central Bank.
When analyzing citizens' transactions, the regulator's key criteria are built around an unusually large number of counterparties: if the number of counterparties exceeds 20-30 people per day, this may attract the attention of banks. For example, you may face restrictions if you work for yourself and conduct transactions with a personal bank card with multiple counterparties without the status of an individual entrepreneur or self-employed. It is clear that not every person who has 30 transactions a day will be addressed with questions, since the bank uses more advanced tools in its work to accurately address questions to those who are incomprehensible to us.
In the case of legal entities, it is very likely that the bank will sooner or later have questions about the company whose work is related to cash. If the nature of the company's work changes significantly – the turnover increases significantly, or there are payments that are not related to the main activity – this will also lead to questions from the bank.
The bank is so precise in determining who to ask questions to ask that only in 5% of cases the client gives exhaustive explanations on transactions that are incomprehensible to us. In other cases, this is really the behavior that is of interest to the regulator. But even if you do not have a meaningful answer for the bank and you understand that you have been doing something wrong, it makes sense to enter into a dialogue with the bank, and then the bank can give recommendations on what to change in its activities so as not to face blocking.
— If it does come to blocking, what is the client's procedure?
"When receiving a request from the bank, we recommend that the client provide explanations on transactions and establish a dialogue. We appreciate that 80% of customers actually change their behavior after receiving recommendations.
As you know, the regulator has implemented the so-called "Know Your Customer" platform, which indicates various levels of risk. The "red", high level of risk includes companies that do not show signs of real business. The client can challenge inclusion in this list if he submits documents to a special interdepartmental commission that indicate the opposite. EThere are examples when companies successfully challenge this.
By the way, there are few companies with a "red" level of risk, less than 1%. Now the situation with legal entities, thanks to comprehensive actions, is in the controlled zone. Therefore, the shadow sector is now looking for tools that mainly involve individuals, ordinary citizens in order to serve the shadow flow.
As for the fight against drops, the Central Bank already indicated at the beginning of the year that it is necessary to strengthen the fight against drops. What tools and technologies does the bank have to identify them? What portrait of a client who becomes a drop can be drawn up based on the bank's data?
"A drop is a figurehead whose card is used to serve shadow flows. Do not give your card to anyone! Fraudsters also use social engineering methods to take possession of the card. For example, a person is offered to hand over his card to someone for a fee in exchange for a signed "guarantee document" that someone else is fully responsible for card transactions. This, of course, is not true. All responsibility lies with the cardholder.
Recent statistics suggest that approximately 60% of people with drop profiles are young people under 24 years old who are chasing easy money and do not assess the consequences of such activities. Non-residents are also involved as drops. It is important to improve financial literacy so that people know that nothing passes without a trace - questions from law enforcement agencies are not excluded.
Sberbank has more than 100 million customers, and, of course, artificial intelligence technologies are indispensable. There are methods that allow you to determine that the card is used, for example, for payments for illegal gambling, pyramid schemes, illegal drug trafficking, cryptocurrency and, possibly, for the purpose of paying for terrorist acts. Depending on what the profile of a particular cardholder looks like, a strategy for working with him is built.
If a client cannot explain transactions with an unusually large number of people who transfer or receive money from him, we urge you to think about the possible consequences and stop such activity. In this case, it is still possible to work with the bank in the future without blocking and without consequences.
Now the average lifespan of the card, which is used to ensure shadow turnover, is about two days and is constantly decreasing. This is already becoming very inconvenient and costly for the organizers of the shadow scheme, because it is profitable for them to use the card as long as possible in order to recoup the cost of its acquisition from the drop. We have prepared a number of tools that will reduce the lifespan of drop cards to minutes.
On monitoring systems and determining residency
— A lot has changed over the past two years, and these changes have probably affected compliance procedures as well. Surely, before 2022, a certain system of interaction with Western organizations was built, which was used in one way or another for compliance purposes.
— This system is multi-level. There is an interstate system of interaction. Rosfinmonitoring previously mentioned that have become very complicated, and in some places the contacts that previously allowed for the effective exchange of information have been interrupted.
Banks did not face the tasks of interstate cooperation, but control systems were built based on their own developments. As you can see, the idea fully justified itself — we did not depend on external developers and suppliers of monitoring systems. We are actively developing our own tools, including the use of AI technologies.
We have accumulated a huge amount of data, but we certainly use all available external sources of information, including various commercial lists and reference books.
— Some banks are now emailing clients with a request to confirm or update information about tax residency, which has changed for many people recently. Does Sberbank conduct such work and why does the bank need such information? If a client provides incorrect information about his tax residency, what tools does the bank have to get the correct one?
— The bank is not inventing anything here — it follows the requirements of the law, which says that we must collect a certain amount of information by interviewing customers, then double-check this information using all available information, including information previously submitted by the client to the bank, and transfer the information to the tax authorities. The tax authority has published on its website information for citizens about what the consequences may be if a person does not disclose information about tax residency in full.
— What data on customer activity can the bank use to determine residency?
"Basically, the bank relies on the information that the client provided about himself. The bank then transmits this information to the tax authorities in a certain reporting format.
— At the beginning of the year, the media wrote that the Ministry of Finance had prepared a draft government decree according to which banks would have to monitor residency by the client's geolocation, track where he enters the online bank from. Are you aware of such an initiative and how effective can it be, given that customers often use VPNs?
— A completely fair remark about VPNs. Of course, we have seen such an initiative and we believe that there are technical possibilities to hide such information, and this kind of control is ineffective.
About cryptocurrency
transactions
– It is believed that banks are very disloyal to cryptocurrency transactions. Is this true?
"Now the legislation does not prohibit a person from making transactions with crypto assets. But such transactions always attract the attention of the bank due to the specifics of settlements, which involve the involvement of a drop, and the high risk of money laundering. When we send a request to a client with a request to explain our operations, we attach a memo on what documents can be provided depending on various life situations. In the case of trading crypto assets, you can provide the address of the exchange/exchanger where you bought or sold cryptocurrency, a profile screenshot, and transaction history. If these explanations are provided, the bank's questions are removed.
If we are talking aboutAs for a crypto exchanger that attracts drops, creates a shadow settlement infrastructure, then such activities are classified as high-risk, and transactions are blocked.
— Is it possible to estimate the volume of fiat transactions for which there is reason to believe that they are related to crypto activity?
— Here it makes sense to turn to the pilots and to the development of the tool that was proposed by Rosfinmonitoring — "Transparent Blockchain". This tool has several goals: on the one hand, to assess the tokens themselves, whether they have been involved in illegal activities, on the other hand, to assess the comparability of fiat and cryptocurrency transactions. This is not the only tool on the market, there are already a number of them, banks are developing them on their own. But there is a nuance here. There are transactions that are verified as related to crypto assets, and there are those where such a conclusion can only be reached by analytical means. Therefore, it is difficult to give a clear quantitative assessment of the volume of such transactions.
— But have there been fewer or more of them lately?
"We see that compared to last year, the volume of the shadow flow has decreased manifold.
— In the spring, it became known that Rosfinmonitoring and the Central Bank were testing a new platform called "Know Your Crypto Client", which should help banks determine the links between fiat and non-fiat transactions. Is Sberbank participating in the pilot of this platform and is it already possible to draw the first conclusions?
"The second stage of the platform pilot has been completed, Sber is an active participant in this project. We understand that the proposed tool really makes it possible to verify the tokens used in transactions, and this creates a good basis for ensuring that the calculations do not use tools related to illegal activities in further settlements. It also makes it possible to compare transactions in fiat and crypto assets. Of course, any tool in this area needs to be developed and integrated into current procedures – such work is underway.
About suspicious transactions and the client's right to rehabilitation.
— What is the role of bank compliance in the existing system for combating money laundering and terrorist financing (AML/CFT)? In your opinion, does this system need to be improved?
— Compliance means not only the anti-money laundering system, but also other areas of regulation, where the work of the organization is built from the point of view of the public good and ethics. This includes, for example, anti-corruption compliance, regulation in the financial market and much more. Now many questions arise around anti-legalization compliance – the same AML/CFT, but this system did not take shape yesterday.
AML/CFT legislation was adopted back in 2001 and has not changed significantly in terms of the role of banks. The role of the bank is to know its client, control operations, prevent the penetration of the shadow economy into the financial sector, and exchange information with authorized bodies. But now the public demand for how this function should be built has changed: in addition to complying with the law and regulatory requirements, it is necessary to remember about the client, whether he was treated fairly. If the client has violated something, could not realize and comply with the requirements of the law in time, but is ready to change his work, the nature of operations, then there should be an opportunity to rehabilitate. Sberbank provides such opportunities. Openness to the client and dialogue with him are the keys to the work of modern compliance.
— Can we say that compliance is becoming more customer-oriented, and focused specifically on individual customers?
— Now there is a transformation of shadow flows — individuals are involved in serving the needs of the shadow economy. And the bank is faced with the task of distinguishing a bona fide client from a client from whom it is necessary to clarify the goals of the operation, and to do it very carefully, pointwise, so as not to disturb people unnecessarily.
— There are clients who are really connected with the shadow economy, act intentionally, and those who are involved in this perimeter unintentionally or in general come to the attention of compliance only due to certain patterns of customer behavior. Is it right to make such a distinction and has the ratio of such clients changed in recent years?
— By and large, you can't get into a person's head, and there is no task to understand whether there was or was not an intention. It is important to what extent the client is ready to change the nature of his transactions if these transactions contradict some provision of the law.
For example, a company has recently been registered, people are setting up their business, andAnd they have shortcomings in the documentation of transactions. Such a company can be given recommendations on the organization of the back office, the normalization of financial discipline and not immediately apply any restrictions. If the company received recommendations, but nothing was done in the future, questions will arise whether the business is really being conducted, and then restrictive measures may be applied.
The same applies to the transactions of individuals. But there are deviations when a person makes multiple transfers per day with changing counterparties, of which there can be hundreds, this attracts the attention of banks. The bank will ask the client questions to understand what the real life situation is behind such transactions. We urge you to refuse to make inexplicable transactions, and then the bank will continue to cooperate without any restrictions, blocking cards.
— What customer behavior, in addition to multiple transactions, can attract the attention of the bank's compliance?
— The general criteria are not secret — they are published in the regulatory documents of the Central Bank.
When analyzing citizens' transactions, the regulator's key criteria are built around an unusually large number of counterparties: if the number of counterparties exceeds 20-30 people per day, this may attract the attention of banks. For example, you may face restrictions if you work for yourself and conduct transactions with a personal bank card with multiple counterparties without the status of an individual entrepreneur or self-employed. It is clear that not every person who has 30 transactions a day will be addressed with questions, since the bank uses more advanced tools in its work to accurately address questions to those who are incomprehensible to us.
In the case of legal entities, it is very likely that the bank will sooner or later have questions about the company whose work is related to cash. If the nature of the company's work changes significantly – the turnover increases significantly, or there are payments that are not related to the main activity – this will also lead to questions from the bank.
The bank is so precise in determining who to ask questions to ask that only in 5% of cases the client gives exhaustive explanations on transactions that are incomprehensible to us. In other cases, this is really the behavior that is of interest to the regulator. But even if you do not have a meaningful answer for the bank and you understand that you have been doing something wrong, it makes sense to enter into a dialogue with the bank, and then the bank can give recommendations on what to change in its activities so as not to face blocking.
— If it does come to blocking, what is the client's procedure?
"When receiving a request from the bank, we recommend that the client provide explanations on transactions and establish a dialogue. We appreciate that 80% of customers actually change their behavior after receiving recommendations.
As you know, the regulator has implemented the so-called "Know Your Customer" platform, which indicates various levels of risk. The "red", high level of risk includes companies that do not show signs of real business. The client can challenge inclusion in this list if he submits documents to a special interdepartmental commission that indicate the opposite. EThere are examples when companies successfully challenge this.
By the way, there are few companies with a "red" level of risk, less than 1%. Now the situation with legal entities, thanks to comprehensive actions, is in the controlled zone. Therefore, the shadow sector is now looking for tools that mainly involve individuals, ordinary citizens in order to serve the shadow flow.
As for the fight against drops, the Central Bank already indicated at the beginning of the year that it is necessary to strengthen the fight against drops. What tools and technologies does the bank have to identify them? What portrait of a client who becomes a drop can be drawn up based on the bank's data?
"A drop is a figurehead whose card is used to serve shadow flows. Do not give your card to anyone! Fraudsters also use social engineering methods to take possession of the card. For example, a person is offered to hand over his card to someone for a fee in exchange for a signed "guarantee document" that someone else is fully responsible for card transactions. This, of course, is not true. All responsibility lies with the cardholder.
Recent statistics suggest that approximately 60% of people with drop profiles are young people under 24 years old who are chasing easy money and do not assess the consequences of such activities. Non-residents are also involved as drops. It is important to improve financial literacy so that people know that nothing passes without a trace - questions from law enforcement agencies are not excluded.
Sberbank has more than 100 million customers, and, of course, artificial intelligence technologies are indispensable. There are methods that allow you to determine that the card is used, for example, for payments for illegal gambling, pyramid schemes, illegal drug trafficking, cryptocurrency and, possibly, for the purpose of paying for terrorist acts. Depending on what the profile of a particular cardholder looks like, a strategy for working with him is built.
If a client cannot explain transactions with an unusually large number of people who transfer or receive money from him, we urge you to think about the possible consequences and stop such activity. In this case, it is still possible to work with the bank in the future without blocking and without consequences.
Now the average lifespan of the card, which is used to ensure shadow turnover, is about two days and is constantly decreasing. This is already becoming very inconvenient and costly for the organizers of the shadow scheme, because it is profitable for them to use the card as long as possible in order to recoup the cost of its acquisition from the drop. We have prepared a number of tools that will reduce the lifespan of drop cards to minutes.
On monitoring systems and determining residency
— A lot has changed over the past two years, and these changes have probably affected compliance procedures as well. Surely, before 2022, a certain system of interaction with Western organizations was built, which was used in one way or another for compliance purposes.
— This system is multi-level. There is an interstate system of interaction. Rosfinmonitoring previously mentioned that have become very complicated, and in some places the contacts that previously allowed for the effective exchange of information have been interrupted.
Banks did not face the tasks of interstate cooperation, but control systems were built based on their own developments. As you can see, the idea fully justified itself — we did not depend on external developers and suppliers of monitoring systems. We are actively developing our own tools, including the use of AI technologies.
We have accumulated a huge amount of data, but we certainly use all available external sources of information, including various commercial lists and reference books.
— Some banks are now emailing clients with a request to confirm or update information about tax residency, which has changed for many people recently. Does Sberbank conduct such work and why does the bank need such information? If a client provides incorrect information about his tax residency, what tools does the bank have to get the correct one?
— The bank is not inventing anything here — it follows the requirements of the law, which says that we must collect a certain amount of information by interviewing customers, then double-check this information using all available information, including information previously submitted by the client to the bank, and transfer the information to the tax authorities. The tax authority has published on its website information for citizens about what the consequences may be if a person does not disclose information about tax residency in full.
— What data on customer activity can the bank use to determine residency?
"Basically, the bank relies on the information that the client provided about himself. The bank then transmits this information to the tax authorities in a certain reporting format.
— At the beginning of the year, the media wrote that the Ministry of Finance had prepared a draft government decree according to which banks would have to monitor residency by the client's geolocation, track where he enters the online bank from. Are you aware of such an initiative and how effective can it be, given that customers often use VPNs?
— A completely fair remark about VPNs. Of course, we have seen such an initiative and we believe that there are technical possibilities to hide such information, and this kind of control is ineffective.
About cryptocurrency
transactions
– It is believed that banks are very disloyal to cryptocurrency transactions. Is this true?
"Now the legislation does not prohibit a person from making transactions with crypto assets. But such transactions always attract the attention of the bank due to the specifics of settlements, which involve the involvement of a drop, and the high risk of money laundering. When we send a request to a client with a request to explain our operations, we attach a memo on what documents can be provided depending on various life situations. In the case of trading crypto assets, you can provide the address of the exchange/exchanger where you bought or sold cryptocurrency, a profile screenshot, and transaction history. If these explanations are provided, the bank's questions are removed.
If we are talking aboutAs for a crypto exchanger that attracts drops, creates a shadow settlement infrastructure, then such activities are classified as high-risk, and transactions are blocked.
— Is it possible to estimate the volume of fiat transactions for which there is reason to believe that they are related to crypto activity?
— Here it makes sense to turn to the pilots and to the development of the tool that was proposed by Rosfinmonitoring — "Transparent Blockchain". This tool has several goals: on the one hand, to assess the tokens themselves, whether they have been involved in illegal activities, on the other hand, to assess the comparability of fiat and cryptocurrency transactions. This is not the only tool on the market, there are already a number of them, banks are developing them on their own. But there is a nuance here. There are transactions that are verified as related to crypto assets, and there are those where such a conclusion can only be reached by analytical means. Therefore, it is difficult to give a clear quantitative assessment of the volume of such transactions.
— But have there been fewer or more of them lately?
"We see that compared to last year, the volume of the shadow flow has decreased manifold.
— In the spring, it became known that Rosfinmonitoring and the Central Bank were testing a new platform called "Know Your Crypto Client", which should help banks determine the links between fiat and non-fiat transactions. Is Sberbank participating in the pilot of this platform and is it already possible to draw the first conclusions?
"The second stage of the platform pilot has been completed, Sber is an active participant in this project. We understand that the proposed tool really makes it possible to verify the tokens used in transactions, and this creates a good basis for ensuring that the calculations do not use tools related to illegal activities in further settlements. It also makes it possible to compare transactions in fiat and crypto assets. Of course, any tool in this area needs to be developed and integrated into current procedures – such work is underway.
