Financial compliance management is a way for financial institutions to manage and reduce financial crime risks such as money laundering, fraud, bribery and corruption. These significant and important risks can vary widely, leading to financial loss, direct and indirect costs from sanctions or fines and, as importantly, reputational risk.
The concept of “one bad apple” is not an acceptable excuse for such crimes and financial institutions are being held accountable, no matter the circumstances. Regulators, customers, governments and the wider public fully expect financial institutions to be proactively mitigating for these risks by developing and implementing appropriate and effective processes and controls and ensuring there is sufficient oversight and risk-based compliance monitoring. This includes across all of their communications. Basically, they have to police their own backyards, and do it well.
In this vein, the 1st line of defense – ie the front and some middle office employees who are responsible for creating and selling a financial institution’s products – are now expected to be central to this process. Compliance processes need to be managed and all communication handled in a way that is vigilent and consistent in efforts to reduce risk.
Legacy financial crime solutions are past their sell date
It’s a fact of life that increasingly high expectations inevitably also bring more challenges. However, legacy financial crime prevention models simply don’t meet today’s requirements. For a start, they simply can’t cope with the data – not the volume, which we all know is overwhelming these days, nor the often low quality and lack of consistency of the data. Exacerbated by the fact that it’s often scattered across organizations.
Legacy financial crime prevention models are also slow to understand and incorporate new risks – a problem at the best of times, but a disaster in a world in which the environment, and bad actors, are adapting constantly. To use an overused term – the speed of change we are living with is unprecedented: no organization ever expected to have to move to an almost exclusively WFH model within the space of a few days, but they did. And needless to say, there were criminals ready and willing to take advantage of this shift with ransomware, malware and phishing attacks immediately surging in March and April 2020. Firms also saw a surge in the use of private or unmonitored communication devices for work-related activities, and a corresponding increase in risk from faulty communications monitoring.
While the seismic shift of an entire industry completely changing its work practices is unusual, any change, even if it’s smaller or slower such as a new product type, an updated regulation or a change in process can all open the door to new risks. Bad actors are always there, always watching, and always ready to exploit opportunities.
Shiny new tools
Firms have long realized that strategic and clever use of technology is the closest they’re going to get to a silver bullet for financial crime mitigation. PWC agrees, noting recently that “properly deployed technology can reduce the overall cost of compliance by as much as 30-50%”. The use of tools such as AI, ML and cloud, all have the potential to support a more robust, integrated financial crime control framework and compliance management system.
The use of technology supports better data collection, management and analysis, which in turn drives both efficiencies and accuracy. As data consistency and quality improves, the insights that can be derived from sophisticated analytics across diverse datasets goes up too. Naturally, where data can be integrated across teams, business functions and tools, the effect is multiplied.
These technologies also facilitate the development of vastly improved work-flow management processes, with a corresponding increase in a firm’s ability to monitor, identify and action risks. This is boosted by the firm seeing a collapse in the number of false positives that are generated, reducing the need for manual intervention allowing both 1st and 2nd line defense teams to focus on and manage genuine risks.
It’s not all sunshine and roses
Financial institutions might be convinced of the need for smarter, better technology, but implementing it brings its own challenges. Not least, as always, is the cost. Compliance teams need to be able to justify the expense and demonstrate the savings that will result – in absolute terms or in financial losses that won’t happen because financial crime will be prevented.
What will this mean for legacy systems? Can they be integrated or are the years of effort and millions of dollars spent to be discarded? Similarly, if a firm’s data and processes are disparate and diverse, can the new technology overcome this in order to realize the theoretical benefits?
In light of this cost and effort, another absolutely key question is “how can this tech evolve and expand as the business, the market and the conditions change.” In the context of financial compliance and monitoring, this is even more important because it’s such a rapidly evolving environment. Regulators change their requirements, new data sources need to be added, bad actors identify new opportunities.
At the very least, a new financial compliance system, whether it’s focused on one area such as communications monitoring or be used more widely across the business should be future proofed with the use of AI and ML. The volumes of data being added almost daily mean that only AI and ML systems have any hope of being scalable to manage this over the longer term.
In addition, flexibility is absolutely essential. Any system that is not designed to flex from the moment it’s brought on board is one that has a limited shelf life. Workflows change, languages need to be added, new outputs are required or additional sources of data enrichment need to be added. Your solution must be able to manage for these and other changes.
Currently, it’s also true that implementing a smart solution for your transaction monitoring might require a different solution or vendor than for your AML processes and again for your communication monitoring. Identifying solutions that can work together, sharing data and learnings across datasets and functions needs to be an important consideration and should be integral to any discussions with vendors.
At Shield, we’ve found that our customers are most likely to benefit from our solutions when we can integrate them with existing technologies and services in other parts of their business. For example, by linking communications to specific trading activity in a way that generates better insight and a more direct view of cause and effect, including, where necessary, fraudulent or inappropriate actions.
Technology is the answer, just ensure it’s the right one
There’s no doubt that technology is a game changer in monitoring for and managing financial crime risks. But in a rapidly evolving market place, firms must consider the life cycle of their new solutions, taking the need for future proofing into account. As bad actors evolve at speed, so must your compliance monitoring systems.