At Sibos 2019 I was pleased to be invited to participate in a panel discussion about financial crime and in particular how to utilise industry experiences, technology and modern business practices to design compliance in the future. It was very interesting to hear the views of my fellow panel members: the FCA's Clive Gordon, Deutsche Bank's Lee Hale, and Standard Chartered's Heidi Toribio, and so I thought I'd share some insights - grouped under the areas of data, industry maturity, collaboration and technology...
- When large institutions are screening tens of millions of transactions every month (Lee mentioned Deutsche Bank screens 70-80 million monthly), just managing the data in the various systems is extremely challenging. The data also has to be processed correctly and the systems maintained and enhanced to ensure genuine financial crime issues are identified.
- Data stored and accessed in silos can be problematic. For example, the linking of a customer's UK and Swiss accounts within the same financial institution is often difficult: it is even more complex when the customer has different accounts with different group companies in different geographies.
- Data sharing is critical to ongoing improvements in monitoring - not only within organisations but also between organisations, law enforcement and regulatory bodies. And all of course while complying with data privacy laws.
- Many firms are still conducting a huge amount of transaction monitoring using generic rule sets not suitably tailored to their business (for example, running retail rules over a commercial or investment banking book) which wastes time and resource as the rules are not always relevant, generating huge numbers of false positives to be investigated.
- Some institutions have successfully created their own risk-based approach to regulatory interpretation which is tailored to their business. However, a number of firms still get the basics wrong.
- In many cases, KYC processes remain too fragmented.. Firms who meet industry good practice tend to be those where the business lines recognise they own customer financial crime risk.
- The industry has been on a journey around regulatory enforcement, which has built resilience and a high level of understanding and appreciation for the seriousness of these issues and the wider impact on society.
- Public-private partnerships between regulators and financial institutions are something government, regulators and the industry plan to continue developing.
- Collaboration inside the business is also vital - particularly between the business, compliance and legal. Compliance officers need to facilitate collaboration by bringing these skillsets together.
- That said, compliance officers need to ensure they understand the skills available across the organisation. For example, having data scientists is great but there is a need to help them to understand what indicators and red flags they should be looking for.
- Front-line staff are now increasingly part of the financial crime risk management framework, as they're equipped with better management information, including risk dashboards, which can be integrated with information from the Customer Due Diligence (CDD) process.
- In Lee’s view, compliance officers need to think about their control framework 'front to back': so the first and second lines are working together to ensure information flows through from initial KYC to ongoing compliance throughout the client lifecycle.
- Collaboration can still be improved and is key to increasing the effectiveness in the fight against financial crime.
- The cost of compliance continues to be a challenge (Lee mentioned that 70% of banks are reducing their spend on financial crime compliance) and we're seeing the use of robotics and data aggregation systems to make it easier to identify issues.
- Technological advancement can cause issues though. Changes to systems can have unintended consequences elsewhere when it comes to compliance.
- It's important to ensure the integration of other controls like cyber, financial monitoring, sanctions, fraud etc. into systems so that the inherent risks can be understood and resources prioritised. Apply robotics, AI and natural language processing over streamlined and integrated controls, will deliver much improved efficiency.
Plenty to ponder and what's certain is the demands on a compliance officer are only getting greater.