The financial crime technology stacks within banks, investment firms and insurers are struggling to meet today’s regulatory expectations. Although many financial services firms are working hard to meet their compliance obligations, out-dated software is now holding them back from realising the best compliance outcomes.
Growing regulatory sophistication around financial crime takes many forms. To begin with, regulators are much savvier about technology and data. For example, the UK Financial Conduct Authority (FCA) has access to cutting edge financial crime and anti-money laundering technology through its Regulatory Sandbox, Digital Sandbox, and FCA Innovation Hub programmes. Over the past two years, the regulator has also brought in key technology talent, including a new CIO, and a director – intelligence and digital. Jessica Rusu, chief data, information, and intelligence officer, established a new division – Data Technology and Innovation – after she joined in June 2021. Recent new rules, such as the Consumer Duty, contain informed data and technology expectations – a supervisory approach that is also being applied in some areas of financial crime, such as trade surveillance.
The FCA is also making its expectations clear in what it is saying at industry events. For example, in a September 2022 speech, Sarah Pritchard, executive director of supervision, policy and competition – markets at the FCA said, “Embed your financial crime checks in your systems from day one but keep evolving as the threats evolve. Use the power of data and tech and stay alert for situations in which you may need to recalibrate your defences and alerts.” The regulator is not standing still when it comes to data and technology, and it doesn’t expect firms to, either. It wants to see compliance agility within firms.
As well, the UK FCA is using enforcement actions to make its messages around financial crime processes – including data and technology – heard. For example:
- In mid-July 2022, a firm was fined more than £2 million for inadequate financial crime systems and controls, pushing the firm into liquidation.
- In late June 2022, a branch of a bank was fined more than £5 million for failing to have the right policies and procedures in place, having inadequate enhanced due diligence, and having inadequate enhanced ongoing monitoring.
- In December 2021, a large international bank was fined nearly £70 million because its policies and procedures for two of its key automated transaction monitoring systems were not appropriate or sufficiently risk- sensitive, and the bank did not ensure the policies that managed and monitored those systems were adequately followed.
So, while the regulator is encouraging firms to raise their game around financial crime data and technology, it is also inflicting significant punishment on those which don’t meet the required standard.
Regulators want to see improved use of data and technology to meet financial crime compliance requirements within firms. They want to know why firms have the solution in place that they do, what their processes are, and how they manage the data. They are looking at the suitability of the firm’s controls and the effectiveness of those controls.
In short, regulators are demanding more explainability of processes and outcomes. Much of current financial crime technology is a “black box”, and financial firms do not understand what is going on inside. Regulators are pointing out that this means that these firms do not have a sufficient grasp of key elements of their overall financial crime programme – the data and the technology – and this can lead to suboptimal outcomes.
Firms should seek a financial crime solution that delivers an open-box approach, providing transparency of the logic behind every risk decision, and an audit trail of decision-making. Also, the solution should enable the compliance team to model and test the impact of new screening requirements – to improve speed to compliance – and provide specialised support for all major commercial watchlists. A cloud-based solution delivers more agility, which gives regulators confidence that the firm is capable of complying with future regulatory change.
For many firms, now is the time to upgrade the data and technology that supports their financial crime processes. New approaches to financial crime processes deliver on regulatory demands, while at the same time enhancing the ability of firms to detect and prevent financial crime taking place within their organisations.