Image courtesy: Rawpixel on Freepik
How Can Banks Take The Next Leap To Improve Financial Crimes Compliance?
Survival and success for banks, especially in the new normal, demand they operate with intelligence, agility and speed to keep pace with evolving customer preferences and technologies. Meanwhile, there’s a remarkable spike in customer interactions and financial transactions (online and mobile payments, customer onboarding and account opening) going digital.
While digital provides an opportunity for innovative services, they also pose new challenges, including stress on back office operations and increased regulatory scrutiny. Automated interactions generate more data to analyze, demand higher volumes of sample testing, and make the compliance burden heavier. Imperative therefore for back office functions to keep pace to deliver a frictionless customer experience.
From a regulatory point of view, prevention requirements are stringent. With the exponential increase in regulatory demands over time, banks today have a wide spectrum of compliance priorities to deal with.
At most banks, legacy compliance processes built to combat financial crimes have grown so complex that they have become unwieldy and almost unmanageable. Multiple iterations, multiple handovers and several manually controlled processes prevent banks from achieving compliance efficiency. Excessive complexity has also led to higher operational risks and enormous regulatory penalties.
Why the conundrum?
1. Processes. There’s a lack of an end-to-end vision of compliance with respect to financial crimes regulation. Most processes continue to have high levels of manual efforts for screening, alerts processing and other activities. For example, staff at many banks copy and attach computer screenshots to protocols. Each manual step is not quite efficient and error-prone. A related problem is the fragmented, siloed nature of most compliance processes, with frequent manual interventions and delays. Also, communication between the onboarding teams, commercial due diligence analysts and transaction monitoring teams is sporadic.
Commercial due diligence at most banks contains other flaws, namely that the set of questions often are not aligned with the regulatory objectives, or enable a seamless and coherent customer experience, or linked to a system that provides a better understanding of the client. Example: an address on Arab Street, Singapore could trigger an alarm in the first instance, but subsequently the bank’s process should learn that this is not a threat.
2. Data. Low-quality and unstructured data resides within most banks without being fully integrated. This leads to challenges with client reference data and documentation sharing, as well as data extraction or aggregation from voluminous and flawed databases. While some third-party products have been useful, certain popular databases lack essential customer data. Example: a large volume of accounts with customers’ date of birth or ultimate beneficial owner missing.
3. Model. When data quality suffers, so does the quality of the model. Hard-coded or static transaction monitoring algorithms makes it difficult to adjust for policy changes or client behaviours. This increases the volume of investigations and results in unusually high false positive rates, often exceeding 90%.
4. People. If banks staff transaction monitoring processes with inexperienced employees, especially when offshoring, the quantum of investigation efforts will only increase. Lacking expertise, they will either tend to highlight risk reduction over efficiency, or vice versa. They may not gauge the nuances and intricacies involved and may overlook the risks. They may also tend to solve process issues instead of understanding the root causes of problems. And when there’s no probability-tuned risk assessment, using inexperienced staff results in high escalation rates.
Several banks are yet to solve these challenges. Oversized teams, slow onboarding processes, high false positives (even high false negatives in some cases) have all been impacting existing models. Measures to improve financial crime compliance processes have been reactive and tactical at best. Example: hiring hordes of people, pairing them with external contractors and applying multiple technology solutions further raising complexities.
However, a few progressive banks have been taking action in response to these challenges. After initially cautiously approaching technology-based solutions, regulatory compliance functions in banks have begun adopting technology to drive regulatory compliance.
Leveraging technology for regulatory requirements is not new, but the immediacy has become more evident given the current circumstances. Levels of regulation are increasing for banks and to address this, they must adopt smarter regtech solutions to automate reporting and information management to address regulatory requirements.
RegTech enables managing the cost of regulatory compliance, as it grows in tandem with the bank’s overall data strategy.
How Banks Can Shine in Financial Crimes Compliance?
Executing compliance flawlessly is a must-do for any bank, besides also to avoid unnecessary fines and penalties. Banks with below-par regulatory compliance risk management operations have suffered reputational damage, with mixed rates of recovery.
Banks are also stressed with higher costs, M&As and more competitive environments. They are challenged to deliver better returns to their shareholders and therefore require exceptionally superior productivity and efficiency across all critical functions, including regulatory compliance. Regtech can help change the way banks perform compliance.
A resilient financial crimes compliance strategy will require some type of partnership with specialist regtech firms that have invested in and developed expertise that most banks would find expensive or time-consuming to develop themselves.
Regtechs range from KYC specialists, enterprise financial crime management specialists and AML specialists, to customer onboarding and workflow process firms, to major technology firms. There are also utilities firms, that function as intermediaries or data providers to other companies. Many banks outsource certain activities to regtechs, while some banks have bought out regtechs to acquire a specific competency.
There are also banks that partner with other banks to buy an equity stake or build a new regtech firm. After a bank has redesigned its end-to-end financial crimes compliance process, transitioning to a successful regtech partnership requires focus on certain fronts.
1. Mindset. Banks will have to shun the traditional mindset of building systems themselves, and instead explore how to work with regtech firms that are smaller, but more proficient in their area of expertise.
2. Operations. Most regtechs are proficient in using agile methodologies. To collaborate effectively with them, banks will have to become nimbler as well – with fewer handoffs, fewer workarounds and clear metrics for each milestone in the process.
3. IT. Banks will need to adapt their core system interfaces to work seamlessly with multiple plug-and-play applications. As testing cycles accelerate, the risk of fraud could rise; IT teams should focus on system stability and security.
4. Project management. Given that regtechs use agile methods, banks’ IT and operations teams will have to adopt a similar mindset and greater level of flexibility. When a regtech proposes an innovative solution or approach, banks must avoid taking an inordinately long time for internal approvals.
5. Legal and regulatory compliance. Securing the confidence of regulators may be essential for certain partnership strategies in some geographies. Regulators require to be convinced that a bank can outsource certain activities without hampering reliability and quality. So regtechs must prove that their business and operating models are sound, and that customers’ data will be kept confidential.
Even as regulators step up their scrutiny of bank compliance, fraud and money-laundering schemes are getting more and more sophisticated. Banks therefore have no choice but to elevate their crime-detection and crime-fighting capabilities. Defence mechanisms will increasingly include more powerful analytical models, AI and the aid of financial crime regtech specialists. Banks that eventually achieve financial crimes compliance excellence will be those that adopt newer, more efficient approaches, with an optimum balance of people and technology, for a seamless, streamlined compliance function end-to-end.
