Financial companies in Europe are under increased regulatory scrutiny due to Russo-Ukrainian war. FS companies, including insurance companies, need to implement robust AML controls and focus more on knowing the customer to ensure compliance with regulations.
Changes in the operation environment
The Russian invasion of Ukraine has had a significant impact on AML (Anti-Money Laundering) controls in financial companies, particularly in Europe. The invasion and subsequent sanctions have resulted in increased regulatory scrutiny and a heightened focus on AML compliance. These sanctions have increased the need for financial companies to implement robust AML controls to ensure compliance with regulations. Even though traditionally the AML risk has been considered lower in insurance companies compared to the banks because of lower volume of transactions, the changes in operating environment have had significant impact on the insurance companies as well. The criminals have become even more creative and sophisticated in their actions. Knowing the Customer has become increasingly crucial part of effective AML risk management framework.
Counter-manoeuvring the current operating environment
Insurance companies are required by law to comply with regulations related to KYC, Anti-Money Laundering (AML), and Countering the Financing of Terrorism (CFT). These regulations aim to prevent financial crimes such as money laundering, fraud, and terrorist financing. By implementing advanced KYC controls, insurance companies can ensure that they are complying with these regulations. Advanced KYC controls have several benefits for the companies:
- Risk based approach: Risk based approach is the core essence of AML-regulation meaning that more resources should be focused where the AML risk is considered to be highest. KYC controls enable insurance companies to identify and assess the risk of their customers which is important because some customers may pose significantly higher risk of financial crime than others. By effectively identifying high-risk customers, insurance companies using risk-based approach can implement additional measures where needed to prevent financial crime and protect their business.
- Prevention of fraud: Effective and advanced KYC controls support insurance companies to prevent fraud by verifying the identity of customers and detecting fraudulent activity using both technology and manual investigations when needed. Fraudulent claims can result in significant financial losses for insurance companies. Thus, it is important to have effective measures in place to prevent it. As a rule of thumb, the better the company knows its customer and their behavior, the faster and easier it is to detect fraudulent activity.
- Reputation management: Insurance companies rely on their reputation to attract and retain customers. Instances of financial crime or fraudulent activity can damage an insurance company's reputation and result in loss of business. Advanced KYC controls reduce the likeliness the reputation risk caused by undetected financial crime.
Efficient and advanced customer risk rating methodology in insurance companies involves a systematic approach to identifying and assessing the risks associated with customers.
Customer risk monitoring in insurance companies
Knowing Your Customer in big financial institutions may be tricky if the volume of customers is huge and client interactions happen mostly online. The key in supporting this process is efficient customer risk rating methodology which involves the use of a combination of qualitative and quantitative factors to assess the risk of potential and existing customers. The goal of this methodology is to identify high-risk customers and apply appropriate risk management measures to mitigate potential criminal activity and financial losses. Key components of an efficient customer risk rating methodology in insurance companies include:
- Effective assessment of customer information: Insurance companies gather information about the customer such as identity, source of funds, and transactions history to evaluate their risk profile. For effective assessment of this information data should be analyzed using data analytics and artificial intelligence (AI) technologies to identify suspicious activity. However, it is important to note that technology cannot always replace the subject matter expertise of human investigators and in unclear cases, manual investigations should be performed. The main purpose of the technology is to reduce the amount of false positive alerts and highlight those cases for manual investigations where actual suspicious activity can be seen.
- Customer scoring system: A Customer scoring system should be used to determine the level of risk associated with each customer. The total score for each customer is based on different risk factors such as the customer's industry, location, transaction history, and any other relevant information. The score is used to rank customers into different AML-risk classes based on their risk scores. Different scores and weighting factors may be applied based on the risk appetite of the company and the nature of business.
- Risk-based due diligence: Based on the risk scoring different process flows may be applied. High-risk customers undergo enhanced due diligence processes, which involve additional scrutiny, such as verifying the customer's identity and conducting KYC updates on a more frequent basis. Customers that obtain lower risk scores are subject to normal ongoing due diligence with frequency decided by the entity. Any abnormal or suspicious activity triggers alerts, and the insurance company conducts additional investigations to determine if the activity is to be considered suspicious and should be reported to FIU.
Overall, an efficient and advanced customer risk rating methodology in insurance companies involves a systematic approach to identifying and assessing the risks associated with customers. By using a combination of qualitative and quantitative factors, insurance companies can identify high-risk customers and apply appropriate risk management measures to protect their clients and business and to prevent financial losses.
Contact us
Jenny Lehto
Jenny Lehto on vakuutustoimialavetäjä Suomen riskineuvontapalveluissa ja osa Digital Operational Resilience Act -sääntelyyn perehtynyttä pohjoismaista tiimiä Deloittella. Hän on tehnyt vakuutustoimialalla ja -alan kanssa vuosikymmenen verran töitä ja kerryttänyt syväosaamista vakuutusliiketoiminnasta, sääntelystä ja olennaisista teknologioista. Ennen Deloittelle siirtymistä, Jenny oli liikkeenjohdonkonsultti vakuutuspraktiikassa ja keskittyi liiketoiminnan ja teknologian transformaatioihin. Nykyisessä roolissaan, Jenny on vastuussa tulevan sääntelyn, kuten DORA:n, kääntämisestä toimialakohtaisiksi vaatimuksiksi ja vaikutuksiksi. Briefly in English: Jenny Lehto is the Insurance Sector Lead in Risk Advisory Finland and part of the Digital Operational Resilience Act Nordic working group. She has worked in and with the insurance industry for the last decade gaining experience and in-depth understanding from the insurance business, regulation and relevant technology. Previously, she worked as a management consulting practitioner in an insurance practice, and at the time her focus was business and technology transformations. In her current role, Jenny is responsible for translating the upcoming regulation, including DORA, to financial services industry specific requirements and impacts.
Aleksandra Wieckowska
Aleksandra toimii asiantuntijana Deloitten Finlandin Regulatory Risk -tiimissä ja hän työskentelee erityisesti finanssialan toimijoiden kanssa. Aleksandralla on laaja tietämys ja kokemus finanssialan regulaatiosta, kuten sijoittajansuojasta, sekä rahanpesun ja terrorismin rahoittamisen estämisestä. Briefly in english: Aleksandra is an assistant manager in the Deloitte Finland's Regulatory Risk team and works with financial institutions. She has broad knowledge and experience in financial regulation advisory in matters such as investor protection, and Anti- Financial Crime.
