SHOULD AML/CFT DATABASE PROVIDERS BE ACCOUNTABLE TO YOU FOR ERRORS AND OMISSIONS ?

A reader recently lamented that anti-money laundering compliance is getting harder all the time, and one of the issues is that the commercial-off-the-shelf AML/CFT databases that compliance relies on are not accountable for their errors and omissions. This is a valid avenue of inquiry, to be sure, but does it not also remind us of the drawbacks in relying upon a packaged solution, rather than crafting our own ?

For six years, at two firms, I regaled readers with war stories about writing and publishing articles about major criminals, only to learn that neither the event nor the participants were previously covered in the databases that I was writing articles for. A database should serve as an early-warning system, and not purely a repository of past evens. You want to anticipate future moves, so that you can reject or deflect them.

 We all know that no AML/CFT database can have every possible profile, but we trust that major criminals, PEPs and other suspects are included in the high-risk databases that we subscribe to, and access on a daily basis. Any database that indexes results by individuals and entities, rather than criminal acts, will never have all the necessary information. When a prominent bad actor is not found, and you discover his sins and transgressions elsewhere, during your own search, you realize that many information databases are, simply, a work in progress. They are rarely all-inclusive. Some large banks try to remedy the problem by subscribing to all the principal databases, but they still come up short.

I am sure that, if you peruse the contracts that you have with the database providers, there is sufficient exculpatory language contained within to defeat any lawsuit for negligence, especially since the data is limited to that which is publicly available, unclassified, and accessible to any regulatory authority that wishes to verify it, when you take action, or decline to take action, based upon the information you glean from a database, so bringing a civil action is out of the question.

So, what to do ? Do you knowingly utilize what you believe to be an incomplete, and therefore, only marginally useful, product, or do you create your own solution ?  I vote for the latter; though it will be more time-consuming, you can trust the end results, and they will be accurate. conduct the enhanced due diligence yourself, and you will sleep much better, I promise.