The ten-year anniversary of the Global Financial Crisis provides a fitting moment to reflect on what has changed in financial services and what still needs to improve. Surprisingly little, however, has focused on the topic of financial crime controls.
There is no doubt about the economic damage and business harm of financial crime. Money laundering alone costs the global economy up to $2 trillion per year – as much as Italy’s entire GDP. Danske Bank is facing fines of up to $8bn over its spiralling money laundering scandal, and the fallout could go far further.
Regulators across the globe are making the fight against financial crime a core priority, not least because of the recent run of scandals. In the UK, the Treasury Select committee last week continued its fact-finding into Economic Crime, while the European Commission proposed plans to give the European Banking Authority (EBA), the EU’s banking regulator, greater enforcement powers and more resources to investigate the activities of banks involved in illicit financing.
These events have got me thinking about what has changed in the last decade related to financial crime controls. Are we in a better position to safeguard financial institutions and consumers from financial crime? So here is my summary of the top 5 areas of progress and the top 5 areas where I think progress has been slow.
Top 5 areas of progress
- Culture: In many firms there has been a significant improvement in culture related to financial crime compliance over the last decade. There is room for improvement but senior management support, and awareness, of financial crime has increased over the last decade. This has been helped along by large fines and the FCA’s Senior Managers & Certification Regime.
- Risk Assessments Firm-wide financial crime risk assessments have grown (and grown) over the last decade. What started as a regulatory expectation for firms to be able to implement a risk-based approach has now become a regulatory requirement in 2017. The challenge continues to improve the quality of the data inputs and ensuring the output of the risk assessment is pragmatic and useful in driving firm resources and attention.
- Customer screening: Screening customers, and their related parties, against watchlists and adverse media has moved from being often manual and infrequent to more commonly on demand or overnight. This is a key control to identify connections to potential sanction targets, politically exposed persons and to provide risk indicators.
- Investigations and intelligence: Specialised intelligence and investigations teams have increasing been established within larger firms. These teams are typically focused on event-based investigations often spanning borders or business lines and have increased in importance in the fight against money laundering. They are also key in firms moving from a reactive AML programme to a proactive programme. There is much still to do in terms of harnessing the available data and using it intelligently, including greater sharing of intelligence, and I’m sure it is an area that will continue to evolve.
- Quality controls – Across all three lines of defence there has been a significant improvement in quality assurance and testing. In addition, the specialisation of the third and first line of defence controls functions continues to increase. Internal audit teams have significantly upgraded their awareness of financial crime and teams have had to become more specialised, either within their own teams or bringing in specialists, to ensure that the internal audit is effective and increasingly able to utilise more technology.
Top 5 areas to improve
- Know your customer (KYC): KYC is where I first started working in financial crime. It’s also an area that has promised huge changed over the last decade but is a long way from delivering. KYC remediations have continued for much more than a decade and they are still challenging, expensive and fraught with heffalump traps. KYC files have typically moved onto systems and there are more data points collected, but real change seems to have stagnated.
- Data quality: Customer data is the key input into most financial crime controls. Controls impacted by poor data quality include customer screening, management information and transaction monitoring. Legacy systems and poor data quality are still common and the periodic review cycles, designed to keep customer information up to date, have often failed to be sustainable for anything but high-risk clients. The answer for many is the new emerging technologies and moving to event-driven refresh which should deliver some improvements.
- Transaction monitoring: Transaction monitoring is critical to understanding a firm’s customers and the AML risks they pose. Monitoring systems and processes are often still not integrated with other controls and do not sufficiently leverage the information available in a KYC file. This is an area which has been slow to transform, and systems can often be installed and then left to stagnate with insufficient oversight and governance.
- Management information (MI): Good MI is not just about good data and reliable numbers (although that really helps). To manage risk effectively you need to use the numbers to understand trends and emerging risks and the right narrative to give it context. MI is still an area that all too often ends up with lots of numbers in monthly PowerPoint decks but with limited risk management achieved.
- Risk Management: There have been significant improvements in the last decade across the three lines of defence in quality and compliance, however there is still a lack of risk management. There needs to be a shift from managing regulatory risk and compliance to true risk management which is often more of an art than a science and there is a long way to go as evidenced by the recent headlines.
Financial institutions are still facing record fines for financial crime compliance weaknesses however these fines are not because the firm did not deploy the latest emerging technology. Fines are for fundamental flaws in the control framework or a failure to ensure the governance and the controls in place are effective.
So, while it’s important to look forward and see what technology can enable in the fight against financial crime it is also critical to get back to basics and ensure that the building blocks of a financial crime framework are in place and are ready to be enhanced by technology.
For more information contact:
Phone: +44 (0) 207 100 7575