FAQs

Approach

What is the Elucidate FinCrime Index (EFI)?

The EFI is a tool for quantifying and scoring financial crime (FinCrime) risk. The EFI applies detailed risk
models to FinCrime risk and runs over 1,200 discreet tests on specific FinCrime eventualities, resulting in a comprehensive and reliable assessment across nine FinCrime risk themes. The EFI allows counterparties to determine FinCrime risk on a comparable and systemic basis. Furthermore, the EFI enables clients to define acceptable levels of risk exposure and to automatically monitor that exposure on an ongoing basis.

How does the EFI differ from the status quo?

Our view is that most FinCrime risk management deficiencies in the industry are driven by the inability of financial institutions to factually assess and quantify FinCrime risk. The EFI provides a viable solution by offering a clear, objective and data-driven assessment of FinCrime risk. The platform also provides transparency throughout the banking community, so as to enable financial institutions to easily understand and manage FinCrime risk. The EFI is a model of risk assessment that pragmatically builds on the existing system, but also seeks to address its shortcomings. The combination of the Wolfsberg DDQ responses and additional data enables the identification of risks that may have been otherwise overlooked by typical due diligence practices. As a risk-based approach must be data-driven, the EFI model utilises an extensive data set that goes beyond the current compliance approaches. The model uses a combination of data from the public domain and internal data such as transactions, customers, and control process outcomes. The EFI also utilises supervised machine learning to enable ongoing refinement as more data is available to the platform.

Does the EFI replace transaction monitoring or sanctions screening?

The EFI does not replace transaction monitoring or sanctions screening, though, as part of the assessment of risk it performs, it does include tests aimed at assessing the effectiveness of such systems at detecting either unusual transaction patterns or identifying individuals and entities of watchlists. The EFI platform also leverages input and output data of such systems in order to measure various types of risks such as transactional activity risk or client portfolio risk.

Why does the EFI revise scores monthly?

The EFI measures risk on an ongoing basis, thereby enabling a feedback loop for decision makers to continuously monitor the effect of their decisions and their team’s execution at lowering residual risk of financial crime. In doing so, the platform also has the ability to highlight emerging risks and changes in risk profile faster and more dependably than the standard due diligence cycle process.

Where can I find information on the EFI model?

The summary of the EFI white paper is available here.

Platform

Who can use the EFI platform?

The EFI platform can be used by banks and non-bank financial institutions. The platform has multiple use cases, such as monitoring one's own financial crime risk profile or monitoring the risk profile associated with one’s counterparties. Users can make use of the platform in whichever way is most suitable for them.

How can my institution subscribe to the platform?

To subscribe to the platform, contact us here, and you will be contacted by an Elucidate team member. Subscription to the platform requires a signed user agreement to be in place.

How can I become a user of the platform?

Institutions can elect to use the platform in various ways, including to access risk report information of counterparties already on the platform. To become a user of the platform, contact us here, and you will be contacted by an Elucidate team member. Utilising the platform requires a signed user agreement to be in place.

Requirements

What data is needed to run the EFI?

The EFI leverages a variety of data points both public and proprietary. The EFI performs three types of assessment, preliminary, intermediate and extended based upon the data available. The EFI can run solely on publically available data as well as on an extensive data set as described in the Elucidate Data Protocols.

Do we need to provide all data for the EFI to function?

Financial institutions commonly experience data management challenges and/or hesitate to share data. Therefore, we have built a flexible model which adapts to the quantity and quality of available data. The model exists on a spectrum going from preliminary to extended assessment whereby the preliminary assessment uses public data, the intermediate assessment is based on public data and data contained in the DDQ and the extended assessment is based on public data, data contained in the DDQ and in the Elucidate Data Protocols. Whether an institution was evaluated based on the basic or the extended assessment is accounted for in the certainty score (not to be confused with probability), which we describe in section 4.2.2. of this white paper.

Can I use my own methodology?

The EFI uses a single consistent proprietary methodology to assess and quantify FinCrime risk. This is important to maintain independence, but also to maintain the ability to compare and contrast the institutions on the platform.

Can you produce bespoke reports?

Elucidate can produce one-off or ongoing bespoke reports.

Can the platform be integrated with my internal systems?

Yes, the platform can be integrated with internal systems through various means, including API.

Can the platform be customised?

Users can select the functionalities which they require for the platform. In addition, some customisation is possible in terms of the technicalities of the system integration should you opt to have the platform connected to your own systems. However, customisation of the platform is limited in order to facilitate deployment and enable streamlined system maintenance.

How is the data provided to the platform?

Elucidate offers users multiple options as to how to provide data to the platform. Whilst manual upload of the data is possible, we encourage users to create an automated data feed to the platform through an API. Elucidate offers deployment support to users in order to assist in the creation of such feeds.

Security

What security protocols are in place?

Data security is of paramount importance to Elucidate. The EFI Data Protocols dictate several steps to ensure the highest security standards. The EFI receives the required data onto the platform via an encrypted connection. If needed a public key to allow asymmetric encryption is provided. This ensures that there is no possible case of eavesdropping during transmission. Once the data is received, it is processed for reporting purposes and stored on an aggregate level, along with a hash of the complete universe of the data. This ensures that the EFI can replicate reporting with a specific set of data that can be verified to be correct at any point in the future. The data is then encrypted. All unencrypted data is securely deleted. Elucidate also supports a SFTP connection along with asymmetric data encryption. Institutions may anonymise sensitive client information at the source, should they wish to do so.

Is data encrypted?

Yes, in all cases data is maintained in an encrypted state.

What is “fingerprinting”?

Fingerprinting is Elucidate’s proprietary anonymisation whereby users can anonymise the data provided to the platform should they wish to do so whilst limiting the effect on the tests which are performed as part of the extended assessment.

Where and how is data stored?

All data is stored in a data-center in Frankfurt, Germany. After the data is used on the EFI creation only an encrypted version is kept in cold storage.

Is my data shared with third parties?

The data provided to Elucidate for the purpose of the assessment is not shared with third parties. Elucidate uses the data to produce a risk report for consumption by the user or any counterparties with whom the user agrees to share the report. Elucidate may use the data provided by users at an aggregate level and anonymously to further enhance the risk quantification algorithm, produce benchmarking reports, develop new products or produce thought leadership.

Browser support

You need a modern browser capable of uploading files:

- Chrome version 67 or above
- Safari version 12 or above
- Firefox version 60 or above
- Microsoft Edge version 44 or above

You need to have a mobile device on which you can install Microsoft Authenticator or Google Authenticator. This app is required in order to perform 2FA (two factor authentication)

Network

How many entities are using the EFI?

Currently there are 2100 data driven profiles on the EFI.

How can I know which of my counterparties are using the EFI?

To know which of your counterparties are already on the platform, contact us here.

Can I share my results with my counterparties?

Yes, you can share your results with your counterparties, even if they are not users of the platform themselves.

Can I request my counterparties to be assessed and scored?

Yes, you can nominate counterparties for extended assessment directly through the platform. You can also upload your counterparties’ Wolfsberg Correspondent Banking Due Diligence Questionnaires to the platform and get intermediate assessment results for them as a first step.

Will correspondent banks accept the EFI results?

Results can be provided directly to any correspondent or counterparty via the EFI platform. Should the correspondent not yet be using the EFI, Elucidate will contact them directly to enable access and provide a detailed briefing on content.

Are correspondent banks using the EFI?

A number of correspondent banks already use the EFI results for their own FinCrime risk management. Should you wish to know more or get assistance as to how to discuss the EFI with correspondent banks, contact us here.

Frequently Asked Questions

Approach

Platform

Requirements

Security

Network