federal authorities, such as the Financial Transactions and Report Analysis Centre of Canada (FINTRAC), the nation’s financial intelligence unit, require that banks review their customer records to search for suspected terrorists.
Until recently, RBC had conducted those searches manually. “”We’ve been using some technology — basic SQL queries and stuff like that — but essentially it’s been a manual process,”” said the bank’s anti-money laundering officer Karim Rajwani.
RBC has bought data cleansing and data matching tools from SAS subsidiary Dataflux to automate that process.
“”If you’re looking for Osama bin Laden’s name in your data source records, variations upon that name can be matched,”” explained Gary Love, head of risk management strategy for SAS Canada.
“”These two tools that RBC has taken from SAS are key to ensure that information and the intelligence that they service within Royal Bank is in fact highly accurate, as opposed to receiving a lot of false positives, as they were previous to this,”” he added.
“”We feed in our client data and we feed in the various control lists provided by the regulators and the tool matches the client name with the terrorist name. If there’s a potential match, then it kicks it out as an alert,”” said Rajwani.
The lists that RBC matches names against include FINTRAC’s registry of known terrorists. A positive result must be reported to FINTRAC.
The Personal Information Protection and Electronic Documents Act (PIPEDA), due to come into effect on Jan. 1, 2004, is a piece of legislation designed to regulate the way companies collect and use personal data. Like all other Canadian businesses, RBC will have to comply with that legislation, but “”the reporting obligations under the terrorism regulations . . . supercede privacy,”” said Rajwani.
He added, however, “”From our perspective, privacy is obviously paramount to our business and we will not automatically report a client until it’s gone through the process. We must have reasonable grounds to suspect before we can report.””
SAS is preparing repackaged, and in some cases new software to help banks comply with anti-terrorist regulations. Other nations that are urging financial institutions to comply include the U.S. and the U.K. The software will vary from country to country, but only to meet specific parameters to track criminals and suspected terrorists. “”For instance, a suspicious transaction, which has to be tracked according to FINTRAC, is anything dealt in cash over $10,000. In Europe, that amount is different,”” said Love.
Most of the forthcoming suites will include SAS’s Dataflux technology, but RBC required only those pieces because much of its software is developed in-house, said Love.
RBC is a longtime customer of SAS and has been using the company’s business intelligence tools for more than six years. Rajwani said there will no link between RBC’s existing SAS implementations and its latest addition. He said he couldn’t comment on whether or not RBC has had to report terrorist activity to FINTRAC yet for security reasons.