Today, companies are expected to have a holistic view of financial crime risk. They must consider the entire ecosystem of their counterparty relationships including suppliers, vendors, employees, and customers. Failure to do so can result in organisations breaching regulatory requirements, leading to fines and reputational damage. Assessing complex ownership structures, expanding overseas operations, and managing increasing amounts of data places strain on limited resources and capabilities.
Many businesses grapple with multiple systems housing different data and information. Without an integrated view or calculation of risk or the ability to dynamically obtain data to update risk ratings, compliance and onboarding teams are operating ineffectively. What obstacles do businesses face in reaching a comprehensive view of their risk exposure? And how can technological advances help companies take a more proactive approach to financial crime risk management?
The changing face of risk
The last decade has seen a notable shift in how companies are expected to understand and manage risk. Traditionally, the focus was on performing due diligence on new customers during onboarding and at discrete intervals over the customer lifecycle. Today, companies are expected to adopt a more comprehensive perspective and take into account their entire network of counterparty relationships. This includes assessing extended relationships, encompassing customers, beneficial owners, customer’s customers, suppliers, employees, and other stakeholders. This includes distributors and other counterparties.
It also entails understanding the nature of the geographies reached, the products and services used, and from whom they send and receive funds. For example, a community bank might have domestic customers with clear backgrounds but are exposed to indirect sanctions and money laundering risks through the customers’ supplier or vendor relationships based on sanctioned geographies or beneficial owners.
Organisations must monitor sanctions and suspicious activity risk for direct and indirect client relationships. Failure to do so can result in large financial penalties. As seen in the high-profile examples of companies receiving fines for having customer or vendor relationships in sanctioned jurisdictions, and from overall weaknesses in their AML controls. However, the larger issue, from a risk perspective, especially in the context of geo-political changes and complex ownership structures, is even beyond AML and sanctions that bleeds over to reputational risk, i.e., who you are doing business with.
Companies need to develop their financial crimes analysis and risk assessment processes across all risk monitoring systems. They need to make sure they identify all the parties down to the level necessary to determine the compliance risk of doing business. Such an analysis “future proofs” the organisation from undue reputational damage. It also keeps them proactively compliant with sanctions and AML failures.
Process and technology challenges
From a technological standpoint, AML and sanctions risk from customers, vendors, employees, and supply chains are typically distributed across multiple processes. These include onboarding, due diligence, screening, and monitoring, which use different systems that are not integrated. This makes it difficult to get a holistic overview of the risk exposure.
Furthermore, many models are not sufficiently robust and fail to consider the relevant elements at the appropriate times. Most due diligence is performed at the point of onboarding. This presents a snapshot in time but does not accommodate dynamic updates such as alerts to situational changes, potentially impacting a customer’s risk score. There may be periodic Know Your Customer (KYC) updates or event-driven triggers, which influence the risk rating. However, these are typically retrospective, driven by customer interactions, and prioritised by the current rating. As such, low-risk customers who start displaying high-risk activity, which is not part of the trigger events, would not even be subject to an updated review based on that activity. Rather, they would only be reviewed at the next scheduled update for that batch of low-risk customers. This could be some years after they were first onboarded or last reviewed.
Consequently, risk ratings may misclassify customers, pushing up operating costs. A study from McKinsey & Co found that banks changing approaches to reviewing low-risk customers based on trigger events, rather than a schedule, reduced KYC operating costs by 20 percent.
Adopting an integrated and dynamic approach
As the understanding and expectations surrounding risk change, so does the technology supporting risk scoring. Integrated risk scoring dynamically calculates a score from all critical source systems used by compliance and business functions. These include external sources such as news outlets and social media. This provides a robust approach more valuable for financial institutions as it uncovers scenarios not driven by interactions with the customer. This also has an impact, perhaps a more significant one, on a customer risk rating. Adverse media or changes in beneficial ownership, for example, will not necessarily be items brought to the financial institution by the customer. But these can impact the nature of the ongoing customer relationship.
Artificial intelligence (AI) and machine learning (ML) are also likely to play an increasingly important role. As regulators become more open to innovative approaches and technologies, AI and ML will be used to enable real-time checks, such as integrated adverse media or identification checks. However, caution must be exercised regarding explainability, and the decision-making process must be understandable to human operators. Organisations must maintain clear documentation of how AI models work and the criteria they use for risk scoring. They must also monitor for and mitigate any biases in the AI models. They must enusre deployment doesn’t lead to unfair treatment of any ethnic or racial groups. Ultimately, new technology should realise a net reduction in residual risk.
Facilitating a proactive approach to risk
Companies are faced with an increasingly complex risk landscape. Today, they are expected to have a detailed understanding of their business relationships and assess the risks these relationships present. With geopolitical turmoil increasing, a wave of new sanctions, and the resulting implications for AML checks, companies need to ensure they have robust profiling processes and systems. To enable this, businesses should look for integrated solutions that bring together the various indicators and allow for dynamic updates of risk profiles.
FinScan offers advanced Anti-Money Laundering (AML) compliance technology and consulting solutions. Built on decades of experience in data management and proprietary matching technologies, FinScan provides a data-first, risk-based approach to ensure unparalleled accuracy and efficiency in identifying and reducing risk, accelerating AML compliance workflows, and optimising team productivity.
- Cybersecurity in FinTech