A new report from LexisNexis on Future Financial Crime Risks (September 2017) highlights the stress felt by UK banks around financial crime compliance. According to the report, “The financial crime professionals interviewed mentioned terms such as ‘unclear’, ‘tense’, ‘confused’, and ‘complex’ when asked their opinion on the financial crime compliance landscape during 2016.”
Given the rapid change in financial compliance regulations, it’s easy to see why the 170 financial crime professionals surveyed felt overwhelmed. We asked Frank Holzenthal and Claudia Haberland of our TONBELLER team to address some of the issues raised by this survey, from a technical and operational perspective.
The pressure on compliance professionals to understand and act on all of the existing, new and constantly changing regulations is leaving many compliance departments overwhelmed. What can be done to alleviate some of the stress they are experiencing?
Claudia Haberland: One important aspect to reduce the workload of compliance departments is the elimination of too many manual processes. Much compliance work is still done using spreadsheets, manual calendar reminders for review dates and physical passing of folders from one person to the next, with only limited follow up. This results in missed review dates, customer identification document renewals and missing documents.
Frank Holzenthal: To solve this from a technical standpoint, using a workflow management tool designed for exactly this kind of work means consistent audit trails, complete documentation, automatic reminders and follow ups, as well as automatic reassignment of responsibilities when staff are out sick, on vacation or changing employers. This alone does a lot to manage workloads and stress levels in compliance departments.
The uncertainty and anxiety resulting from the regulatory complexity often results in more stringent compliance checks, over-reporting and micro-management. Do you have any advice?
Claudia Haberland: When processes are unclear, workloads too high and compliance staff trying to understand what impact new regulations have, while juggling the daily workload, they tend to want to be on the safe side. Unfortunately, this means that instead of working as a business partner with the customer and sales departments, they become the “business prevention unit”. In times of low interest rates and increased competition from new market entrants, this can severely hurt the financial organization.
Frank Holzenthal: Time to market is key these days and a clear risk-based approach defined by the management in cooperation with risk and compliance means clear processes and risk criteria can be applied to new products and services. Also, over-reporting results in swamping FIUs with potential red herrings, which waste their time and resources, and risks real alerts being missed. If the application of the regulation and the risk exposure are clearly defined, this tends to lower the over-reporting.
Often, compliance officers’ frustration is in part a direct result of the institution’s legacy technology, which creates a barrier to keeping pace with financial crime and managing the cost of compliance effectively. How do you address problems of that scale, clearly outside the compliance department’s responsibility?
Claudia Haberland: While many of the well-established financial institutions have an array of legacy software, hardware and niche solutions (often self-developed), it is important to be realistic here. Of course upgrading to “next-gen” is always desirable, but the costs can be very high and the risks of taking components out of this complicated, interdependent environment are often hard to determine.
Frank Holzenthal: Therefore, it is important to choose a solution suite that has a smart architecture design, which can run alongside the legacy applications. It should also offer the option to utilize the cloud and come with generic data interfaces, which allow the organization to grow with its strategy challenges, regulatory and customer demands. This is the most sensible, long-term, low-risk and cost-effective approach.
How can compliance officers keep pace with the change in regulations and new criminal methods, which is complicated by new products, services and channels being adopted by their organizations? How can issues of cost and time be addressed, both in short supply at financial institutions that are already under pressure on their profitability?
Claudia Haberland: Standardization. Most of the complexity comes when varying interpretations or requirements or compliance practices are introduced. If you look at it from a global perspective it actually becomes clearer; there are minimum standards of compliance when it comes to customer acceptance, transaction monitoring, sanction compliance and how to ensure you identify risks within your customer groups. All you need to manage then are the local and product- or service-specific regulations. If you take the minimum requirements as your baseline for standardization, it makes it easier to manage a multi-site compliance regime, roll out new processes and procedures, and even audit them.
Frank Holzenthal: Another important aspect is dealing with many of the compliance issues at the first line of defense, putting automated controls in place when the customer or transaction enters the organization; be it physically at a branch or virtually via online banking. That frees up compliance staff and workloads and speeds up time to compliance. Licensing models shouldn’t be determined by the number of users — actually, the more users you have the lower the workload.
When talking about compliance and fighting financial crime, you can’t leave out sanctions and embargos. Some of the largest fines ever issued resulted from sanction violations. How can compliance staff ensure they don’t miss a change?
Frank Holzenthal: Automation. List content changes so frequently that it requires constant attention, and there are many lists that need to be monitored. To ensure nothing is missed, you should make sure that your AML & KYC platform has built-in connectors to reputable data providers, which screen your customer base on a regular basis and screen transactions in real time.
A new culture of greater trust between banks, regulators and law enforcement has enabled greater collaboration and information sharing. How can we make sure that the Suspicious Activity Reports (SARs) deliver pertinent information, thereby strengthening the fight against financial crime and enabling best use of resources – and don’t end up being a box-ticking exercise, swamping FIUs with unactionable information?
Frank Holzenthal: What banks need here is stronger integration of their transaction monitoring solution with the SAR filing component and delivery to the FIUs. Many FIUs use standard software to receive SARs, such as goAML from UNDOC. A really good AML solution, like Siron® Anti-Financial Crime Solution, comes with an adaptor to connect to goAML. That allows the bank to have a closed loop with the FIU.
We hear a lot about vast amounts of data being collected and sharing of information. What benefits could compliance derive from this?
Frank Holzenthal: Our paradigm is “Be compliant. Be competitive. Be successful.” The more data your organization has available to analyze, the easier it is to recognize trends in money laundering, fraud or terrorist financing.
Claudia Haberland: If you then look at consortium models, the ability to spot new connections and trends increases dramatically. Criminals are working globally, and what may have been detected in one region often still works in another region – unfortunately, even in the same organization. Therefore, sharing of data to improve analysis and reduce risks is essential.
However, there are two challenges here: First, data is often stored in silos. Second, data quality may be lacking, leading to a “garbage in, garbage out” scenario. That’s why it is important to work with expert firms with a lot of experience in data analytics, from data extraction and hygiene to analysis.