The FinCrime Files: top challenges for financial institutions
2020 saw many challenges for all. For financial institutions (and organisations across various industries tackling financial crime) the rise in cyber crime for financial institutions during a global pandemic became worryingly commonplace.
With financial crime and AML processes being front-of-mind more than ever, interviewees from our FinCrime Files series have described their top three challenges in fighting the threat to banks, challenger banks, payment platforms, funds houses and more, with some light shed on how these can be tackled in 2021 and beyond.
What do you consider to be the current top 3 challenges in relation to fighting financial crime?
Linda Baskett, Financial Crime Director at Aon UK
Proceeds of crime – I think we’ve recognised that in the GI and Reinsurance space, the risk of money laundering is low. The products have never really lent themselves to being used for laundering money. However, we do need to consider that the assets we cover and the premium we handle may be the proceeds of criminal activity.
Bribery and corruption – Aon is a broker/intermediary firm in GI/Reinsurance. We are also a consultant in the retirement/investment and health space. We are in the business of being the middle man, which brings with it a higher risk of bribery and corruption.
Sanctions – I have now worked for two US listed firms and the current US Administration’s use of sanctions presents challenges in terms of how quickly sanctions are implemented and the reasoning behind them.
Matthew Tataryn, Head of Financial Crime at Tide
Man vs machine – Right now technology is a huge talking point, and finding the right balance between machine learning and good old fashioned investigation can be difficult. New technologies are reducing the cost of investigation, which is a great benefit but the regulator is still very fond of human-made decisions.
GDPR and all of the red tape – At Tide the security of our members’ data is at the forefront of all things we do and support. Data sharing would make life so much easier in financial crime, but the time and effort required to do this just doesn’t bring the desired benefit. By the time you’ve got to assess the information connected to the first account, the money is already in the fifth account.
The size of the crime and the lack of responsibility we all feel – Financial crime is ever-changing and to stay ahead of criminals we have to think smarter. I believe that to tackle the wider problem we need to be more focused on key areas and finding solutions that combat specific typologies and patterns. One area I feel needs a large amount of work is education into what actually causes financial crime. People don’t think that a bag of weed they’ve bought from their “friend” on a Friday actually leads to potentially funding terrorist activity. But guess what? It almost certainly does.
Caroline Kennedy, Head of Financial Crime Control Operations at Santander UK
Data – Banks have tremendous amounts of data regarding customers, accounts and transactions. However, this data can only be effectively used if it is correctly recorded, structured and maintained. A lot of investment is underway to ensure that data is remediated and maintained in excellent order in future.
Innovation – In the past, firms were able to quickly introduce new products or changes to processes that did not necessarily have an impact on Compliance controls. However, as more sophisticated controls are applied, using advanced and integrated technical solutions, the impact of new products and processes has increased and needs to be considered carefully before these changes are applied.
Complex regulatory requirements – As compliance regulations are not consistently applied in multiple jurisdictions, it is a challenge for firms to implement globally consistent policies and frameworks in an efficient manner, but this is key to the deployment of effective controls and to protect the financial services industry from the increasing threat of financial crime.
Renata Hoes, Chief Compliance Officer at MFEX Luxembourg
Regulations – Regulators around the world are all trying to solve similar issues. However, they all tackle them in different ways, with different rules. This means that, for global entities such as MFEX with operations in multiple jurisdictions, we have to determine which rules apply to each transaction. As an example, for sanctions screening, each jurisdiction issues its own lists of sanctioned entities, so checking each transaction in real time to ensure sanctions controls are being properly followed requires several different black lists to be maintained, updated and used. We have to be pragmatic and assess the different cases depending on the initial risk assessment.
Cyber-crime – We have seen a significant increase in fraud during Covid-19. Financial institutions need to introduce much stronger cyber protection both externally as well as internally. When we can demonstrate strong security and cyber protection as a company, client loyalty can increase, and market perception improves. Recent research has shown that protection of client assets is amongst the highest priority issue for clients when selecting a financial provider.
Operational silos – A key question to ask yourself is how do we fight against terrorist funding and prevent money laundering? One answer to this is to begin breaking down the operational silos. This will allow us to see patterns emerge and help prevent potential additional fraud. In addition, financial crime now includes financial fraud, money laundering and bribery, as well as a lot of new cybercrimes, which are even more difficult to monitor and prevent. The key message here is that Compliance needs to step out of their silos and begin communicating with legal, operations and their company’s sales team. This does not mean we are stepping out of our “2nd line of defence” role, we are merely putting on our compliance advisory hat and assisting our colleagues to do what is best for the company.
Francisco Mainez, Head of Business Financial Crime, Risk Data & Analytics, HSBC
Data – Banks are really good at gathering data from customers and processes but not so when it comes to storing, structuring and making it available to users. New machine learning / artificial intelligence solutions can be rolled out but if they are not fed with good data, they won’t be able to provide the solutions we design and implement them for.
Integration – We’re pretty good at creating and managing AML or Fraud teams but they tend to operate in silos and work like a ship’s watertight compartments. Financial Criminals are not bound or constrained by organizational structures or hierarchies. I believe the future of Financial Crime goes through the progressive integration of “classic” Financial Crime (AML, Sanctions, CTF, Anti-Bribery & Corruption) with Fraud and also with Cyber Risk.
Culture – When I started working in Intelligence, we used to work under strict “need to know” rules. The 9/11 attacks changed everything, as the post-mortem investigation concluded how the attackers had left a trail of data but since there was no integrated analysis framework, they were able to operate without raising much suspicion. During the subsequent years, the Intelligence Community oversaw a cultural change where “need to share” progressively became the prevalent approach. We still had to be very careful in protecting data and sources but sharing data became crucial to analyse and neutralize threats.
Andrew Jackson, Head of Financial Crime Compliance at Alpha Bank
Financial sanctions compliance – We’re seeing increasing complexity, sectoral sanctions, more focus on types of transaction, and increasingly jurisdictions that are almost competing with one another. Individual jurisdictions are addressing specific issues that concern them by issuing sanctions regimes. I think that then puts financial institutions in the middle of all of that and it’s becoming increasingly complex. Therefore, the approach of simply screening against sanctions lists may no longer be an effective approach.
Automated transaction monitoring – What we’ve seen is an increasing number of money laundering typologies and a broad range of financial crimes and emerging issues. One of those is “Green Crime”; the illegal wildlife trade, illegal mining and logging, illegal or unpermitted fishing are just a few examples. That means that the kind of tried and tested approach of applying rules, thresholds and parameters using automated transaction monitoring becomes less effective and operationally inefficient. I think the way forward is through intelligence-led monitoring and link analysis.
Cyber-crime – Cyber-enabled money laundering remains a priority both certainly for the regulators and for the industry. The challenge is identifying the interfaces between the traditional financial systems and cryptocurrency exchanges and that can be very difficult. Also, identifying which clients might be drawn into that type of activity.
Gregory Dellas, Chief Compliance & Innovation Officer at ECOMMBX
Keeping up with regulations – Regulations keep increasing in volume and complexity. It seems that every time we feel we are on top of complying with one set of regulations, another regulation comes in, more complex and more demanding. I am not against regulation as I believe it is there not to punish financial institutions but, rather, to protect them from misuse. But the challenge here is to ensure you are aware of the changes on time and keep compliant without draining your resources. After all, we want the good clients to be able to perform their legitimate business through our institution and do it smoothly and efficiently.
Keeping up with criminals that are evolving faster than we are – Technology seems to be helping anti-financial crime professionals, but it is also helping criminals find new ways of misusing the financial system for their criminal activities. You need to be alert, vigilant and, sometimes even, think like a criminal in order to keep up! There is a lot of information out there and the challenge here is to be able to quickly filter the good information from the noise.
Keeping up with changes in technology – Technology cannot yet take decisions for us, but it can do a lot to provide us with the time to think, focus our attention on the real risks and allow us to take time to exercise judgment and take decisions. One challenge I see is how compliance officers today need to be aware of changes in legislation, need to think of ways to remain compliant but at the same time need to understand the evolution in technology to be able to appreciate how they can put it to good use. Compliance officers are asked to understand data modelling, thresholds, data management and structuring, statistical and business analysis and sometimes even computer programming!
Rebecca Schauer Robertson, Atlantic Union Bank
All things COVID, especially the Payment Protection Program and the opportunities fraudsters have acted upon with a program that was created to help opposed to harm.
Virtual currency or real-time transfer of money and the lack of transparency and resources within the tradition financial industry to appropriately monitor and mitigate risks has definitely been challenging and created the need for considerations of new, move innovative ways to tackle the space.
Regulatory requirements related to BSA compliance that create an environment of “checking boxes” instead of more focus on resources – money, time, people – to achieve what the BSA was created to do, identify and report meaningful information related to potential suspicious activity continues to be a challenge.
These interviews are all part of our ongoing FinCrime Files series. If you are an AML/KYC professional and are open to an interview with us about fighting financial crime, please get in touch.