IT Systems Play A Key Role In Responding To Terrorism

By Ara C. Trembly

San Antonio

In the post-9/11 era, financial services companies, including insurers, must utilize technology to meet federally mandated guidelines for guarding against money laundering and other “suspicious activities,” said Scott R. Harrison, a partner in PPMG, LLP, New York.

Speaking at the LOMA Systems Forum here, Harrison, formerly deputy superintendent with the New York Insurance Department, said the events of Sept. 11, 2001, showed us that “insuranceis an essential part of our national infrastructure.”

While property-casualty insurers bore the brunt of the financial damage from 9/11, Harrison said the life insurance industry also took a major hit, adding that future events could be equally serious for life companies. He emphasized that information technology professionals are a critical part of an infrastructure that must be protected.

According to Harrison, the USA Patriot Act, passed in October 2001, “imposes” enforcement duties on financial services companies with respect to anti-money-laundering activities. The Act was enacted by Congress as a way of better tracking the assets of terrorist groups.

Harrison said the Act calls for minimum standards for identifying customers who open accounts. Overall, financial services firms must develop an anti-money-laundering compliance program, verify customer information, report suspicious activity and perform “enhanced due diligence,” he explained.

“Every piece of information [regarding accounts and transactions] must be under control,” Harrison said. “Its a huge, huge problem. Banks are still struggling with this. Your systems have not been designed to do law enforcement detection.”

In order to create a compliance program, he noted, financial institutions need to develop internal policies and controls, designate a compliance officer, conduct ongoing employee training, and have an independent audit function to test the program.

Financial firms must also deal with the Office of Foreign Assets Control, a federal agency that maintains a list of companies, countries and individuals with whom it is illegal for Americans to do business, said Harrison.

The list, which is updated frequently, currently contains more than 5,000 entries, Harrison said. “Your company is responsible for checking that list before you do business with anyone.”

Doing business with an entity on the list can result in fines, prison and potentially embarrassing public exposure of the misstep, said Harrison.

In terms of overall compliance with federal security regulations, most companies dont have the manpower to do it themselves, he noted. Instead, they are “heavily reliant on systems and technology to detect suspicious activity.”

Harrison characterized technology–such as software tools that can do OFAC checks and other types of compliance screening–as “a critical component of a compliance program.”

Companies need to do continuous transaction monitoring as well as ongoing checks of the OFAC list, since the name of a customer may not be listed today, but could be added tomorrow, he explained. Such safeguards, he added, apply to all monetary transactions, including those involving brokers, agents and vendors.

More robust technology systems will utilize “fuzzy logic,” in which a system will not only search a given name, but also check on likely variations of that name, he noted.

“Youve got to have a tool that is vigorous enough to do multiple searches based on variations of names,” he said.

It is also important to be able to distinguish between legitimate transactions and those of criminals such as money launderers or drug dealers, Harrison said. Good compliance systems will be able to flag suspicious transactions and forward them to people in the company for closer scrutiny, he added.


Reproduced from National Underwriter Edition, March 24, 2003. Copyright 2003 by The National Underwriter Company in the serial publication. All rights reserved. Copyright in this article as an independent work may be held by the author.