What’s on my mind? Rebecca reflects on some of her recent industry engagements
In recent weeks I’ve had the pleasure of spending time with fellow practitioners sharing insights, different perspectives and practical solutions to common financial crime (FC) challenges. Particular highlights have been the Association of Foreign Banks Financial Crime conference and the International Compliance Association’s webinar on lessons from recent regulatory enforcements.
The discussions demonstrated that fundamental challenges haven’t changed much over the last few years, but the environment has become more complex. FC typologies continue to evolve, and budgets have tightened. When you throw consumer duty in the mix it can feel ever-more like walking a tight rope balancing treating customers fairly and managing FC risks effectively.
I wanted to share three areas which particularly struck me:
1. Firms are concerned about making the ‘wrong’ risk-based decisions.
Whether this relates to onboarding, maintaining high-risk customers or exiting out of appetite relationships – firms are grappling with making the ‘right’ decision. Media attention relating to the exit of a well-known political figure, has brought this to the fore and many of our clients have been assessing the effectiveness of their exit processes and challenging themselves on the objectivity of their risk-based decisions. This can often cause delays in decision-making processes and sometimes dilute accountability by involving too many stakeholders. If this resonates, ask yourself:
Is your financial crime risk appetite clearly articulated and considered in decision-making processes? How do you demonstrate this? If done correctly, this should act as guiding principles which will make decision making easier.
Do the controls you have in place actually identify the risks? Of course, some controls are there to prevent risk – but does your framework have the mechanisms to provide insight into events and trends?
Are roles and responsibilities relating to those decision-making processes (including those which are delegated) documented and consistently understood?
Is fair customer treatment central to those decision-making processes? Do you have a consistent view of what “fair” means?
Do you clearly document the rationale for your decisions, and would you be comfortable for it to be made publicly available? Could your records stand up to regulatory challenge two years from now?
2. Will trigger-based (or event-driven) reviews replace cyclical periodic reviews?
There’s no one-size fits all response to this question. There’s a regulatory requirement to keep customer information up-to-date and accurate, but the risk-based methodology for doing so is down to the Firm to define. We’ve been working with Firms attempting to transition from cyclical to event-driven reviews and perpetual KYC models. There’s a couple of key dependencies, firstly the risk profile of the firm and secondly, the maturity of the control framework:
Is your customer risk assessment model delivering appropriate outcomes? To conduct meaningful ongoing monitoring we need to adequately understand the risks – not just the risk rating.
Are you confident with the quality of KYC information you currently hold for clients or have you identified issues which create limitations on your ability to carry out downstream controls, such as transaction monitoring? A solid foundation is crucial.
Do you have clearly defined processes in place to identify triggers which may indicate material changes to a customer’s profile? To what extent can automation support identification of changes to a customer’s profile?
3. Data is key.
The FCA seek to be data-led – using intelligence from data science and advanced analytics to inform their decision-making and provide insights. This data driven approach, if used well, can be a powerful tool that can help firms embrace the risk-based approach and provide genuine insight to identify real financial crime risks and emerging typologies. We’ve seen recent examples of data being used to inform remediation approaches and develop insightful risk assessment tools.
How do you currently harness the data you hold to identify and proactively target areas of higher risk – e.g. through customer behaviour and attributes?
How do you bring data together from siloed systems to get a good picture of the customer profile and how does this support ongoing monitoring?
Do you leverage your data to produce quality MI and make this available to key stakeholders, highlighting key risks, issues and trends which can be used in those decision-making processes?
Simply put, it comes down to getting the basics right - a clearly documented framework and governance model. It is easier said than done – but we’re having some great joy working with a range of clients on all of these specific points. Get in touch if you require assistance.