Delivering effective AML-CTF risk management is a complex and resource-intense task that requires institutional focus and resilience. The regulatory requirements of obliged institutions are progressively more complex, expansive, and volatile, requiring additional operational agility and capacity. Faced with additional workload, institutions can find it difficult to maintain control frameworks, even with significant increases in technology and FTE budgets. Finding an approach to delivering effective compliance – that is also sustainable – is critical.
Pragmatic and tactical capability – but limited strategic potential
The roll-out of an enterprise-wide platform with the flexibility and capacity to manage risks across jurisdictions, lines of business and products is a goal for many financial institutions. In reality, despite considerable progress, AML-CFT controls are still often based on complex frameworks with multiple points of evolution. Instead of centralised platforms with holistic reporting and governance controls, many institutions use an array of different core Reg-Tech platforms and point solutions. Such scenarios are typically the outcome of a series of pragmatic decisions designed to meet critical and immediate challenges. However, the result is difficult and expensive to scale to new risks. It is also difficult for institutions to standardise a consistent approach to compliance across all areas of a large business. Furthermore, the complexity of these arrays often leads to a very conservative approach to technology innovation – driven by the fear that change could cause unintended consequences. Whilst enabling short-term compliance, this tactical approach impedes the development of a comprehensive FCRM technology and operations strategy that can respond – effectively and efficiently – to risks and obligations over the long-term.
Risks evolve – but has technology kept pace?
The definition, scope and not least the risks of money laundering and terrorism financing have evolved significantly since the times when financial institutions first started addressing these issues as a legal responsibility. However, much compliance technology infrastructure is still based on cores that were built to respond to challenges as they existed 10-20 years ago. For example, sanctions screening technology often has a direct lineage to the first generation of OFAC screening tools. Similarly, some screening products are based on simple extensions of sanction filters. These pedigrees have some advantages, such as longevity, stability, and resilience. However, these attributes also make it harder to scale capabilities, to deploy with agility and to enable transparent decisioning. In parallel, the evolution of banking and financial institutions – from digitisation, payments standards, open banking, and new products – can lead to a gap between the original design purpose of screening technology and today’s requirements.
Inertia versus the cost of change
Deploying new generation FCRM technology platforms in place of legacy arrays offers many advantages, most tangibly in the form of improved compliance effectiveness and operational efficiency. A new approach can also provide clear lines of sight that enable insightful operational and regulatory reporting, enterprise-wide standards of governance and compliance consistency across all areas of a complex organisation. Despite these advantages, institutions might defer replacing older incumbent systems due to the perceived cost of change. The complexity and effort required to migrate and engineer new tools should not be under-estimated. However, cost-of-change should not be an impediment to implementing a strategic plan for FCRM controls. Maintaining the status quo has an intrinsic expense that grows as older technology becomes more difficult to support. However, the greatest potential cost is that older tools are progressively less capable of responding to new risks and regulatory requirements. Sweating FCRM technology to the limit of efficacy or utility raises the risk of a control failure. In this context, the cost of organisational inertia is far greater than the cost of technology change.