Financial crime risk: Time for a rethink
21 November 2016
By Andrew Clark
It’s an indication of how seriously international governments and regulators take the fight against financial crime that most of the risks are known by the legislation that’s intended to fight them, rather than by the crime itself. So, rather than talk about fraud, identity theft and criminal financing we talk about anti-bribery, anti-money laundering, tax transparency and Know-Your-Customer (KYC).
Arguably, many of the current risks associated with financial crime (as opposed to cyber crime, the digital form of financial crime) emanate from the legislation designed to address them, rather than from the crime itself. Financial institutions see the risks of financial crime predominantly in terms of regulatory risk and the risk of not being compliant with the many legislative requirements. You only have to look at the $bn settlements made by some of the larger banks over sanctions violations to see the potential impact.
The world of financial crime is extremely active, innovative and dynamic. A threat can come from anywhere – within or outside your organisation. And by definition, the people behind the crimes don’t play by the rules – they just try something and see if it works.
It’s hardly surprising, then, that governments have thrown legislation at the problem. But in many cases this has created more problems than it has solved. Banks have made endless changes to their systems to make sure they’re compliant with the huge range of legislative requirements, sometimes losing sight in the process of what their systems are meant to do. Furthermore, regulations directed at financial crime have led banks to adopt a de-risking agenda – withdrawing some products and stopping their activities in some markets and jurisdictions. This could have a serious long-term impact on not just the financial sector, but also world trade.
The problem is that the huge amount of time, effort and money spent on financial crime controls has made only the smallest dent in levels of actual financial crime, if any at all. So if we’re going to successfully manage financial crime risk in the future, we all – institutions, governments and regulators – need to move to a world that looks beyond mere compliance.
The technology and resources required to effectively combat financial crime are certainly there, but we also need a new way of looking at the problem. At the moment, for example, every financial institution will ask its customers for a remarkably similar set of data and documents to meet KYC requirements. Why not provide them, just once, to a single KYC utility? KYC utilities already exist that are expert at carrying out this work to an excellent standard but the concept is not yet being embraced by the industry. Similarly, banks could explore how to share the burden of monitoring transactions for suspicious patterns, or undertaking surveillance of the trading environment.
The regulatory environment, though, has to move with the times; regulators need to show that they support innovation by the banks. Banks, too, have work to do. They can only make a strong case for regulatory reform when they can show that they’re fully compliant with existing regulations – and many aren’t. They also need to win over the hearts and minds of their customers in the fight against financial crime, explaining more clearly why they’re asking their customers to do what they do, and what they’re doing to protect them. Only then can we all move on from regulatory risk, and better manage the real risks of financial crime.
I will be talking more about this at RiskMinds on 7 December 2016 in Amsterdam. At the conference, I will also launch a point of view on the future of customer onboarding, looking at the role it plays in reducing firms’ exposure to financial crime risk. Please get in touch if you’d like to find our more or comment below and let me know your views.