Chris Collins, Risk & Regulations at CGI

Managing financial crime, anti-money laundering and operational risk – working together

Today's digital world of multi-dimensional organized criminal threats ruthlessly exposes the weak points in any financial institutions Anti-FinancialCrime (AFC) defences. Criminals are long gone usually before you even realize you are a victim.  The challenge is how to more proactively defend against these new threats.

What can be done short of throwing billions of dollars at the problem? The answer is layered defence. As financial services organizations are learning, defences against financial crime must be joined up and layered, bringing together both operational and intelligence resources. Defence is no longer just an IT security issue. People, operating models, data and technology all play an equally important a role in the battle against financial crime.

The operational and regulatory risks of financial crime are manifold, not only due to increasing criminal threats, but also the following:

• Impact of digitization and the move to real time everything
• Customer experience (balancing against risk)
• Cyber threats (at an international level with state-sponsored crime growing)
• Identity theft  
• Lack of employee training and awareness
• Management’s personal liabilities
• Differing regulatory standards and increased regulatory burdens
• Geo-political changes

In addition to these factors are the usual elements of AFC, which are complex and evolving—anti-money laundering, know your customer, sanctions screening, fraud detection, deterrence, risk appetite, culture, training, and the very real cost of failure, etc. When you combine all of these factors and elements together, it’s easy to see why financial crime is one of the top risks and costs, facing financial services firms today.

How to build a layered defence approach

AFC is not new. Most firms have a number of defensive measures and technologies in place. But, as criminals increase their use of enhanced tactics for financial crime, how do you ensure your AFC defences keep pace?

In addition to optimizing existing legacy systems, building a layered defence to AFC that is fit for purpose will help. Here is a list of areas to use in this layered approach:

• Technology enablement
• Updated “three lines of defence” model (AFC is everyone’s responsibility)
• Realistic risk appetite and controls
• Education and attitude (in terms of regulatory compliance and encouraging whistle blowers)
• Changes to organizational design, skill sets, roles and responsibilities
• Automation and intelligent self-learning
• Know your customer capabilities (for stronger identity management)
• Workflow and case management
• Predictive data analytics and data management
• Transparency and near real-time reporting
• Agile approach to implementing change (e.g., cloud)
• Joined-up, holistic defences (inter- and intra-department)
• Innovation (e.g., block chain technology)

Intelligence (or data) also is now a key focus.  Until relatively recently, big data and data management were regarded as too big and too difficult to handle.  For both effective AFC and near real time know your customer, the chief data officer has become a key member of this intelligence community.  The Chief Data Officer’s top challenges include:

1. Data quality and governance
2. Alternative data sources (e.g., social media)
3. Predictive (as opposed to reactive) analytics
4. Visualization

Unfortunately, many financial institutions are challenged in securing what’s needed for a layered AFC defence approach due to legacy IT environments, sorely in need of modernization. Eroding cost margins also remain an ongoing challenge. Innovation and investment are required to address these hindrances before a layered AFC defence approach can be successfully implemented.

The benefits to be gained

Apart from the obvious operational, regulatory and legal benefits of an effective AFC defence approach, how can firms enhance their business through investment in AFC?

The first and most obvious benefit is an enhanced customer experience. Joined-up anti-money laundering and know your customer defences, for example, happen in near real time, allowing firms to more quickly interact with their customers while, at the same time, reducing operational risks.

Reputation is another key benefit. Strong reputations are built not only through an effective customer experience but through the public’s perception that a bank will protect customer assets, as well as through regulators who view good AFC defences as an indicator of a well-run firm. And, of course, recognized and capable AFC systems will act as a deterrent against criminals who will look for easier targets.

Another benefit that comes from a layered approach is true business intelligence driven by strong know your customer capabilities. This adds business value through cross-selling opportunities (as opposed to miss-selling), as well as shareholder value through demonstrable security.

Reducing the cost of AFC defences while at the same time enhancing their performance must be the desirable win-win for any firm. Adopting a joined-up, layered approach is the only way both outcomes can be realized, while, at the same time, achieving all of the other benefits of effective AFC defence.