2021 Financial crime Outlook series
Senior management and boards are increasingly acknowledging the threat of financial crime as a critical risk to their business that must be addressed. This has been exacerbated in the last 12 months through the impact of the pandemic as well as rising domestic and international tensions. Our financial crime compliance specialists, located in the UK, US, Canada, Australia and Asia, are looking ahead to 2021 to identify the incoming legislative changes, growing role of technology and the need for an effective regulatory response. This forms part of a seven part series which will assess amongst other things the expansion of virtual currencies, the growth of the role of the money laundering reporting officer, the changing world of sanctions regimes, and how the Biden Presidency could shape financial crime compliance into the future.
Part 5: The increasing emphasis of RegTech and FinTech in combatting financial crime
Regulators across the globe are increasingly expecting and welcoming the use of technology to combat financial crime. Arguably, it’s imperative that firms invest in compliance tech solutions to not only maintain compliant, but also keep pace with the ever-increasing sophistication of criminals seeking to subvert the law.
The term financial technology (“FinTech”) has become prevalent over the last decade to refer to technological solutions employed by financial services firms to enhance the use and delivery of their products/services to customers. Regulatory technology (“RegTech”) is a subset of FinTech referring to when technology is used to optimise compliance and regulatory-related activities.
The digital revolution has paved the way for a wide range of RegTech players to make waves in the anti-financial crime space, and many have become embedded within business-as-usual processes. For example, a number of institutions now use facial recognition to enable users to access their online banking services, and tech to enable remote customer onboarding (whereby a customer’s identity can be validated using a selfie augmented with uploaded photos of their passport or driving license) are now commonplace.
However, the RegTech landscape continues to evolve at pace, and it’s vital for financial crime compliance teams as well as senior management to remain aware of what’s out there to proactively identify and resolve their unique compliance challenges in relation to their specific business operating model and footprint.
The up-and-coming RegTech use cases
There are a wealth of technology solutions which are geared up to address a number of financial crime compliance challenges.
Many, such as artificial intelligence-led transaction monitoring alert hibernation and e-Know Your Customer tools (eKYC) are already playing a critical role in control environments at various institutions. However, some examples of more on-the-horizon technologies include:
- Machine learning for sanctions name screening: sanctions name screening generates a high proportion of alerts which need to be dispositioned and, more often than not are closed as false positives. Machine learning can be used to review large historical decision-making which led to determination of false positives by human analysts to “learn” patterns and trends in order to apply similar logic for future dispositions. This is called supervised machine learning, whereby the user defines what is being looked for, and then the machine seeks to find “the needle in the haystack”.
- Artificial intelligence in anti-money laundering (AML) transaction monitoring: whilst supervised machine learning is good, often criminals deliberately make transactions appear legitimate. Therefore, the industry is moving towards unsupervised machine learning in the world of AML transaction monitoring to seek to uncover deliberately hidden behaviours (finding “the hay in the haystack”) through overlaying large historic datasets with probability analysis and analytics.
- Enhanced workflow platforms for dynamic know your customer (KYC): whilst periodic reviews are to an extent effective in assessing a customer’s risk profile on an ongoing basis, a better target state is dynamic KYC which updates following every customer transaction. This is currently being piloted in simpler retail banking populations in some firms, with business banking set to follow in the short-term future and wholesale banking further down the track.
There are also a range of resources which can be leveraged to better understand AML technology use cases, such as those included in SAS’s recent white paper on the topic of next generation AML.
Identifying the right solution to fit your needs and planning for implementation
With so many options now available from a RegTech perspective, deciding what solution is right for your institution can be a challenge.
We recommend considering the following when determining which RegTech solution to invest in:
- What problem(s) do you need to address?
Starting with a use case and finding a solution to resolve that specific challenge is more beneficial than identifying a preferred technological solution and trying to reverse engineer it to fit the problem. This may mean that you need multiple technology solutions to address multiple challenges or pain points
- How will the solution integrate into your existing technology (and data) framework?
Any new RegTech solution risks becoming obsolete if it doesn’t fit within your existing workflow. During the planning and implementation phase it is therefore crucial to conduct robust systems integration testing to help ensure optimal integration.
- What is the quality of your data that will feed the tech solution?
The performance of any RegTech solution is likely to be only be as good as its input(s). Therefore, you may need to consider whether a data overhaul/uplift is required prior to implementing a tech solution, such as standardising the way in which Know Your Customer (KYC) or transactional information is captured in the first place and inputted through your solution.
- To what extent does the tech solution need to be calibrated to your specific operating environment?
Many tech houses provide “out of box” or “off the shelf” solutions which often hold the allure of a lower price point. However, if your solution isn’t tailored to your specific business and risk profile, you could risk generating output which is misleading. This could leave you (inadvertently) exposed to facilitating criminal behaviour.
Once you have concluded which technology solution(s) to implement, a pragmatic approach to implementation would be to start small. Following a risk-based approach, it would be most prudent to pilot your solution on lower risk perhaps more static populations. This will help to streamline the process of resolving teething issues and refining calibrations whilst keeping unnecessary additional risk exposure to a minimum.
Sustaining the change
It’s vital that you can explain the outcomes generated by your tech solution. Whilst regulators don’t expect every role in the firm to be able to talk to algorithms and data mining, there is an expectation that senior management display a level of tech savvy-ness. Buying a black box and blindly replying on the output which it generates would not be considered acceptable. This may require consideration for whether you and/or your compliance team need additional training and upskilling in order to be able to talk tech to your own Board, to other staff and to external regulators.
Finally, like with any anti-financial crime control, it’s crucial to continually monitor the effectiveness of your RegTech solution to gain comfort that it generates anticipated outcomes and materially contributes to a reduction in residual risk. This will likely require close collaboration with your chosen RegTech partner to gain a mutual understanding of your business strategy, risk exposure and compliance needs to tailor your technological solution accordingly.
Seismic evolution in the capability and availability of technology has certainly led to a distinct uplift in adoption of RegTech solutions. This has been supported by regulators globally demonstrating support for tools which both optimise efficiency as well as drive effective financial crime risk management. New use cases and solutions continue to develop, and confidence in the right technology has arguably elevated from both a regulator and financial institution perspective.
The use of technological solutions for financial crime compliance is anticipated to continue to grow, and therefore firms need to be actively assessing where their pain points lie and what solution(s) can be explored to resolve these. A key takeaway is that one size does not fit all and there is a strong expectation for any tech solution implemented to be reflective of the size, nature and risk exposure of the firm.