RegTech Project Assignment Report: Strengthening KYC and AML Compliance at Horizon Bank

Developing a Regtech Strategy

1. Regulatory Landscape Analysis:

• Explore current regulatory requirements and industry standards.
• Identify emerging trends and potential regulatory changes.

2. Internal Process Evaluation:

• Examine existing compliance processes and workflows.
• Identify bottlenecks, redundancies, and areas susceptible to human error.

3. Stakeholder Collaboration:

• Engage with key stakeholders from various departments.
• Gather insights into department-specific compliance challenges and requirements.

4. Risk Identification and Assessment:

• Conduct a comprehensive risk assessment related to compliance.
• Prioritize risks based on potential impact and likelihood.

5. Technology Readiness Check:

• Evaluate the current state of technology infrastructure.
• Identify gaps and areas where technology can enhance compliance processes.

Establishing a comprehensive understanding of the organization’s unique compliance requirements and create a roadmap for RegTech implementation.

Implementing a Regtech Strategy

Vendor Selection and Due Diligence

• Technological capabilities, vendor reputation, and alignment with organizational values.
• Due diligence: Track record, security measures, and scalability.

Integration with Existing Systems

• Orchestration of data migration, software integration, and staff training.
• Liaison between RegTech provider and internal teams for a smooth transition.

Performance Evaluation Metrics

• Define key performance indicators (KPIs) for the RegTech solution.
• Establish metrics to measure the effectiveness, efficiency, and impact on compliance processes.

Implementing a Regtech Strategy

Regular Audits and Assessments

• Conduct regular audits of the implementation.
• Evaluate the solution’s performance against established benchmarks and compliance standards.

Incorporating an Ethical Framework

• Embed an ethical framework into compliance assessments.
• Ensure that technology implementations align with ethical standards and societal values.

Project Summary

Your firm, Horizon Bank, is a digital bank offering financial services to both individual and business customers. The firm was established in mid-2023 and commenced operations with limited resources, both human and technical, and it’s approach to KYC and transaction monitoring was significantly limited. The firm also implemented its AML policies and procedures in mid-2023, and began accepting applications in January 2024.
Though the operational environment has improved, the bank has just recently identified that the initial batch of new customers were not onboarded correctly, with many records missing KYC information. Additionally, during the implementation of the firm’s transaction monitoring and sanctions screening systems, the initial batch of customers were erroneously excluded from the underlying datasets used and therefore have not yet been subject to transaction monitoring or sanctions screening.

As the compliance function, your team is tasked with conducting an investigation and review of all customer information and transaction history associated with each customer. Your task is to consider the available data and outline potential risks, areas of concern and raise any other relevant questions that should be put to the operational teams responsible for onboarding, transaction monitoring and screening etc.

Project Questions

• Are any customers connected in some way?
• Has the UBO been identified for all corporate customers?
• Were the customers correctly risk scored at the time of onboarding and are they correctly scored at the present date?
• Does the information recorded for each customer align with the transaction activity?

Note:

• N/A means the information is not required.
• Null means the information is not available/was not provided.

Resources:

• You can use any tools available to you that would aid in your investigation, for example Power BI or Tableau, but pivot tables or basic Excel analysis are equally acceptable.
• Refer also to the EU HRTC list in the group project data file. Check for enforcement dates also.

Project Deliverables

• Draft a report to the board outlining the risks identified with recommended corrective actions.
• Draft a summary briefing outlining the benefits and potential limitations of technology to address the risks identified, including any recommendations going forward.

OPTIONAL:

• Prepare any data analysis/visualisations that could be useful for the board to review (e.g. any relevant charts/summaries)
• You can use any tools available to you that would aid in your investigation, for example Power BI or Tableau, and basic Excel analysis is equally acceptable.

Draft Submission Date: 29th April 2025

Final Submission Date: 4th May 2025