The AML route for business protection at Kotak Mahindra Bank

Kotak Mahindra Bank set up an anti-money laundering technology platform for business compliance to monitor suspicious money transactions and avoid operational risk.

For most Indian banks, money laundering attempts have become a difficult task to monitor over the past few years. Kotak Mahindra Bank, one of India's leading private sector banks, found itself in a similar dilemma due to enormous transaction volumes. The bank has a diverse line of businesses such as commercial banking, investment banking, security trading and life insurance.

Kotak Mahindra felt the need for an automated system to identify suspicious transactions. At this point in time, Kotak Mahindra used Flexcube (the bank's core banking platform) to generate alerts about such transactions using Business Object reports. However, as the transaction volumes started to rise, Kotak Mahindra recognized the need for a comprehensive anti-money laundering (AML) strategy.

AML compliance strategy

According to Ravi Duvvuru, the head of compliance for Kotak Mahindra Bank, an AML strategy's critical element is a strong customer identification process -- a know your customer (KYC) policy. Today, banks deal mostly with non-face customers, who carry out transactions using the internet or cell phones.

A strong KYC policy is essential to build a first level of defense (at the front end) against the entry of fraudulent customers. Once Kotak Mahindra put this in place, the bank initiated education programs and seminars to inform its front end and business personnel about the importance of AML. It then formed a small cell to identify possible problematic business areas.

"We mapped areas such as corporate lending, retail lending and treasury liability. Then we narrowed it down to around five highest impact and risk areas," Duvvuru explains.

Kotak Mahindra's IT and compliance department developed a program to strengthen its KYC activity. Known as Nsafe, this program mainly contains negative customer information files. The bank feeds Nsafe with information issued by regulatory organizations on frauds, media reports on criminal activities, and defaulting customer profiles.

Besides Nsafe, Kotak Mahindra also subscribes to Factiva Watchlist (a solution from Dow Jones), which carries global negative databases. The bank has also put interlinked Nsafe and Factiva. These solutions have also been integrated with Flexcube to run customer profile checks for those opening new accounts.

"However, all these are entry level products, so we still need to understand transaction patterns. This is where an AML solution comes into the picture," Duvvuru says.

A committee was put in place by Kotak Mahindra to evaluate various AML packages available in the market. The fundamental evaluation criteria taken into consideration by Kotak Mahindra includes support for all subsidiary businesses (mainly securities and insurance), flexibility to add new parameters, India-based support/implementation and overall costs. Kotak Mahindra's evaluation list for AML vendors included Infrasoft Technologies Ltd, Logica, SAS, 3i Infotech Limited and Azlon.

After due diligence, the bank chose 3i Infotech's AML solution. The AML solution was deployed in three months. Kotak Mahindra has successfully used the solution for the past three years.

Two years ago, Kotak Mahindra used to generate very few alerts. Today, the bank receives about 400 alerts per month.

Implementation and impacts

Today, AML software allows Kotak Mahindra to keep track of all transactions carried out through various channels and departments. AML filters customer data based on the bank's defined rules. It monitors and classifies various aspects like suspicious transactions, patterns, transaction anomalies, etc., which may include large withdrawals, or a series of small transactions.

To explain AML, Duvvuru uses the example of a large incoming credit to an account. Small debits are then churned into 30 accounts, and money is transferred back to the original account. This helps the customer inflate his bank transactions, and thus increase his balance sheet size or lending capacity. In such cases, AML software creates alerts for the concerned departments. Banks have to submit suspicious transaction reports (STR) on the basis of these alerts to Government of India's Financial Intelligence Unit - India (FIU-IND). FIU-IND in turn reports these STRs to the concerned authorities.

Two years ago, Kotak Mahindra used to generate very few alerts. Today, the bank receives about 400 alerts per month. The bank has a central branch control unit which sends AML alerts, learning material and case studies to all the employees. Kotak Mahindra also involves regulator and FIU for training front-end staff.

"There has been tremendous amount of learning at the branch level. People are now aware about the law," Duvvuru says.

Going forward, Kotak Mahindra plans to build a group-wide platform to deal with AML and fraud risk. This platform will be used for Kotak Mahindra's security and insurance business. It will also take care of new regulatory requirements set by the Securities and Exchange Board of India (SEBI) and the Insurance Regulatory and Development Authority (IRDA).

Read more on Regulatory compliance and standard requirements