Time to Escape the Compliance Merry-Go-Round

Rob Horton, Head of Financial Crime Solutions at BAE Systems 

Money launderers will always be inventive and indiscriminate. And they’re always on the lookout for new ways to inject dirty money into the financial system. One route is to jump on otherwise positive changes and innovations in the market, and that means that financial crime compliance departments need to keep up with change, adjusting risk controls and advising their business as they go.

Financial institutions are innovating like no tomorrow. Digital banking, the use of Blockchain for ledgers, and roboadvisors are all signs of a healthy level of competition.

New channels, in the form of mobile, social and more, are making it easier and faster for people to do their banking, and these new routes play to the strengths of new market entrants.

Fresh regulation like PSD2 is at the heart of a lot of these changes, lowering the barriers to entry and opening up new areas of competition for established institutions. For example, telecommunications giant Orange is aiming to sign up two million customers^[1] for its mobile-only bank, capitalising on both PSD2 and its position as a mobile operator.

All of this innovation in banking – new products, services, channels and all of their underpinnings – also means compliance departments need to constantly re-evaluate how to assess risk as money launderers and fraudsters race to find the next loophole.  Innovations that make it easy for customers to transfer money via a third-party app will also make it easier for a criminal to move funds quickly and mask the flow of transactions.

The roles of the compliance department and regulators are shifting as well. There’s something of a new dynamic.

It’s no secret that compliance departments often have to react to new pressures, requests or measures from regulators. While the amount of regulatory change has increased in recent years, the drumbeat of legislation remains slow when compared with the speed at which criminals adjust their tactics. In pursuit of agility, regulatory guidance can often shift focus to specific areas. Wire stripping, for example, became an area of renewed interest in recent years. This approach does allow regulators and law enforcement to direct compliance efforts towards new tactics or methods employed by bad people. But it can also make for an unsettling and reactive environment for even the most ambitious teams.

This pressure is accelerated as new channels and products multiply the routes by which launderers seek to infiltrate and layer illicit funds.

All of which has created a further problem over the last two decades. The need to react, the adoption of new tactics or new routes by criminals and unceasing demands have meant that legacy software, point solutions to problems and tactics adjusted on the fly have created a significant set of problems for compliance departments, something that’s often answered with what is seemingly the only possible fix: throw more people, more process and more money at the problem.

This isn’t how it was supposed to be. Compliance departments would prefer to be able to manage risk on behalf of their business in a more effective way while simultaneously equipping it to meet its growth objectives. A key step forward is to enable accurate, fast decision making on the financial crime risks involved in doing business with a potential customer. Achieving that requires advanced data analytics running in real-time, but this investment unlocks all kinds of possibilities for a business focused on an efficient customer journey.

So there’s certainly a desire to improve the situation amongst the people within the industry. The good news is that technology is now at a stage where this aspiration is both possible and achievable. Modern financial crime detection uses big data processing, network analytics, real-time analytics, Machine Learning and Artificial Intelligence, often hosted in the cloud to take advantage of that medium’s scalability and security features.

So, how can a compliance department move towards this?

The first immediate step is to relentlessly pursue optimisation of existing systems. One of the problems of both existing technology and piles of legacy solutions bought in time of need is that they create a horde of alerts which colleagues must sort through. In its recent Compliance Transformation Survey^[2], KPMG found that, while 69 per cent of Chief Compliance Officers said their organisation used technology to support its compliance initiatives, only 47 per cent used data analytics and other technologies to conduct root cause and trending analysis.

Secondly, intelligence sharing within organisations is often patchy, ad hoc or technologically tricky. Putting this on a firmer footing helps reduce the siloes that all kinds of criminals love to exploit, helping to reduce fraud as well as deliver better compliance results. Returning to the theme of innovation in banking, financial crime staff must keep their knowledge up-to-date with regular training on not only the latest banking products and channels, but also the cyber techniques that criminals use to exploit them. A number of jurisdictions now recommend or require the inclusion of cyber data in SARs, for example this will be a requirement in FinCEN’s SAR filings from January 2019.

Finally, investing in modern systems that use advanced analytics to detect suspicious behaviour more accurately has the benefit of freeing up human beings for more rewarding tasks leaving the repetitive, time-consuming jobs to the robots. These colleagues can then be directed to tasks that require human insight and are more satisfying, rewarding and productive. Augmenting the capabilities of your human investigators with the technological tools to further cut through huge volumes of data is the way to go once what currently exists is optimised and working at peak efficiency. The compliance professionals I talk to are dying to break away from reactive patches and constant hiring; there’s a real possibility that, over the next couple of years, this will become a possibility for more and more of us.

Rob Horton, Head of Financial Crime Solutions at BAE Systems 

Money launderers will always be inventive and indiscriminate. And they’re always on the lookout for new ways to inject dirty money into the financial system. One route is to jump on otherwise positive changes and innovations in the market, and that means that financial crime compliance departments need to keep up with change, adjusting risk controls and advising their business as they go.

Financial institutions are innovating like no tomorrow. Digital banking, the use of Blockchain for ledgers, and roboadvisors are all signs of a healthy level of competition.

New channels, in the form of mobile, social and more, are making it easier and faster for people to do their banking, and these new routes play to the strengths of new market entrants.

Fresh regulation like PSD2 is at the heart of a lot of these changes, lowering the barriers to entry and opening up new areas of competition for established institutions. For example, telecommunications giant Orange is aiming to sign up two million customers^[1] for its mobile-only bank, capitalising on both PSD2 and its position as a mobile operator.

All of this innovation in banking – new products, services, channels and all of their underpinnings – also means compliance departments need to constantly re-evaluate how to assess risk as money launderers and fraudsters race to find the next loophole.  Innovations that make it easy for customers to transfer money via a third-party app will also make it easier for a criminal to move funds quickly and mask the flow of transactions.

The roles of the compliance department and regulators are shifting as well. There’s something of a new dynamic.

It’s no secret that compliance departments often have to react to new pressures, requests or measures from regulators. While the amount of regulatory change has increased in recent years, the drumbeat of legislation remains slow when compared with the speed at which criminals adjust their tactics. In pursuit of agility, regulatory guidance can often shift focus to specific areas. Wire stripping, for example, became an area of renewed interest in recent years. This approach does allow regulators and law enforcement to direct compliance efforts towards new tactics or methods employed by bad people. But it can also make for an unsettling and reactive environment for even the most ambitious teams.

This pressure is accelerated as new channels and products multiply the routes by which launderers seek to infiltrate and layer illicit funds.

All of which has created a further problem over the last two decades. The need to react, the adoption of new tactics or new routes by criminals and unceasing demands have meant that legacy software, point solutions to problems and tactics adjusted on the fly have created a significant set of problems for compliance departments, something that’s often answered with what is seemingly the only possible fix: throw more people, more process and more money at the problem.

This isn’t how it was supposed to be. Compliance departments would prefer to be able to manage risk on behalf of their business in a more effective way while simultaneously equipping it to meet its growth objectives. A key step forward is to enable accurate, fast decision making on the financial crime risks involved in doing business with a potential customer. Achieving that requires advanced data analytics running in real-time, but this investment unlocks all kinds of possibilities for a business focused on an efficient customer journey.

So there’s certainly a desire to improve the situation amongst the people within the industry. The good news is that technology is now at a stage where this aspiration is both possible and achievable. Modern financial crime detection uses big data processing, network analytics, real-time analytics, Machine Learning and Artificial Intelligence, often hosted in the cloud to take advantage of that medium’s scalability and security features.

So, how can a compliance department move towards this?

The first immediate step is to relentlessly pursue optimisation of existing systems. One of the problems of both existing technology and piles of legacy solutions bought in time of need is that they create a horde of alerts which colleagues must sort through. In its recent Compliance Transformation Survey^[2], KPMG found that, while 69 per cent of Chief Compliance Officers said their organisation used technology to support its compliance initiatives, only 47 per cent used data analytics and other technologies to conduct root cause and trending analysis.

Secondly, intelligence sharing within organisations is often patchy, ad hoc or technologically tricky. Putting this on a firmer footing helps reduce the siloes that all kinds of criminals love to exploit, helping to reduce fraud as well as deliver better compliance results. Returning to the theme of innovation in banking, financial crime staff must keep their knowledge up-to-date with regular training on not only the latest banking products and channels, but also the cyber techniques that criminals use to exploit them. A number of jurisdictions now recommend or require the inclusion of cyber data in SARs, for example this will be a requirement in FinCEN’s SAR filings from January 2019.

Finally, investing in modern systems that use advanced analytics to detect suspicious behaviour more accurately has the benefit of freeing up human beings for more rewarding tasks leaving the repetitive, time-consuming jobs to the robots. These colleagues can then be directed to tasks that require human insight and are more satisfying, rewarding and productive. Augmenting the capabilities of your human investigators with the technological tools to further cut through huge volumes of data is the way to go once what currently exists is optimised and working at peak efficiency. The compliance professionals I talk to are dying to break away from reactive patches and constant hiring; there’s a real possibility that, over the next couple of years, this will become a possibility for more and more of us.