“It’s like déjà vu all over again,” is one of my favorite Yogi Berra-isms, and as I look across the domain spaces served by FICO to write my 2020 predictions, it’s definitely déjà vu all over again. Specifically:
- Cybersecurity risk awareness is on another expansion wave, as a best-practice component of third-party risk management (TPRM).
- At long last, fraud and compliance infrastructures are starting to converge.
- In the US, the use of artificial intelligence and machine learning in compliance is set to expand dramatically, per directives from the Financial Crimes Enforcement Network (FinCEN).
Let’s dive in.
TPRM Takes Off
Over the last decade, organizations have become increasingly aware of their own cybersecurity risk. With tools like the FICO® Cyber Risk Score, they can effectively gauge their own risk and importantly, that of their third-party business partners.
In 2019 FICO teamed up with the U.S. Chamber of Commerce to spread the word about our joint Assessment of Business Cybersecurity, hosting a Cyber Event series around the country. As a benchmark, the ABC has driven much awareness of the Cyber Risk Score and tools like it, and served to start a large-scale dialog about data breach risk.
As a result of this dialog, nearly 1,000 organizations have discovered their FICO Cyber Risk Score (now available on Amazon Web Services), driving even more conversation about cyber risk, including cyber risk as a critical component of TPRM. In 2020 I expect that growth to continue, from a combination of FICO’s efforts with the Chamber, efforts of others in the industry, and the regulatory intensification we’ve seen on companies’ culpability for data breaches stemming from third parties.
This regulatory pressure is happening in other regions as well. For example, in Europe under GDPR, companies with insufficient data protection practices leading to breaches can be fined up to €20 million, or 4% of the company’s global annual turnover of the previous financial year.
I’m not the only one who foresees big growth in TPRM. Industry forecasts project the global TPRM market to grow from $3.2 billion in 2019 to $6.8 billion in 2024, at a CAGR of 15.9%.
Relative to that, I also predict continued strong growth for the cyber insurance market, as cyber risk underwriting continues its transition from art to science. With only about 5% of all businesses in the US covered by cyber insurance, the uptake of analytics tools for underwriting is set to blast off.
Fraud and Compliance Infrastructures Converge
I’ll start with an important distinction — from a process standpoint, the financial industry has been talking about the convergence of fraud and compliance for almost a decade. However, to achieve process convergence — and maximize gains along both a cost efficiency axis and an efficacy axis — fraud and compliance must be integrated at an infrastructure level.
I predict that in 2020, fraud and compliance functions will converge at many large banking institutions. The stage is already set; at FICO World 2019 in New York City, we learned that the capabilities of fraud and anti-money laundering (AML) systems have about an 80% overlap. This convergence is being pushed forward by a FinCEN directive, with consultants such as McKinsey & Co. noting the “incredible windfall when institutions switch from legacy ad-hoc financial crime compliance collaboration to full counter-crime team integration – a move that comes with a variety of intelligence, risk and resource benefits.”
Use of AI and ML in Compliance Will Expand
Hand in hand with converged infrastructure, various government entities in the US, including FinCEN, “encourage banks to consider, evaluate, and, where appropriate, responsibly implement innovative approaches to meet their Bank Secrecy Act/anti-money laundering (BSA/AML) compliance obligations, in order to further strengthen the financial system against illicit financial activity.” Artificial intelligence is specifically mentioned in the Joint Statement; in the real world, “innovative approaches” also includes machine learning (ML) and other advanced analytics technology.
As a result, in 2020 I believe we’ll see two trends: more institutions will put a toe in the water from a converged infrastructure standpoint, even if they’re not converging their processes yet. Still, they’re getting into a position where they can converge processes more easily in the future. The second trend, which my FICO colleague Frank Holzenthal also predicts, will be that more banks will be adopting AI and ML into what have traditionally been rules-driven processes.
Best wishes for 2020, and remember, when you come to a fork in the road, take it. For more trends on cybersecurity, TPRM, fraud and compliance, check out the recent interview with SafetyDetectives and my recent podcast with American Banker, or follow me on Twitter @dougoclare.