Buyer beware: Managing financial crime risk takes more than tech

As automated solutions to help prevent financial crime are becoming more sophisticated and effective, they are inevitably becoming more widely used. And as managing financial crime risk becomes more complex, manual processes no longer make sense. But RegTech is not a silver bullet. Recent enforcement actions serve as a reminder that tech solutions can add to your risks as well as helping to manage them.

With financial crime systems becoming more sophisticated, so too are criminals, adapting to the landscape from which they plunder. From the complex concealment of ultimate beneficial ownership to the anonymity of crypto transactions, the need for technology such as AI and machine learning to keep abreast of emerging financial crime typologies has never been greater.

And regulatory compliance in the financial crime space does not stop at the onboarding of new customers. Through reducing dependence on manual processes, tech solutions have become instrumental in ensuring firms are conducting necessary due diligence checks on an ongoing basis. This allows for risk variables being evaluated to be kept up-to-date, making sure any concerns identified are addressed promptly throughout the customer lifecycle.

The RegTech industry now offers a huge range of solutions to firms who want to automate their financial crime processes. In the transaction monitoring (TM) space, machine learning has proven to be an effective tool in automating false positive alert dispositioning whilst also identifying suspicious activity that has not triggered an alert based on a particular rule set. Similarly, Know Your Client (KYC) tools such as the automation of requests for information (RFI) from customers through in-app questionnaires, and using machine learning to automate anomaly spotting in transaction patterns has proven to offer effective alternatives to manual due diligence processes.

But in spite of the obvious benefits, new technologies bring with them a number of risks. Ineffective tech risk management, for example, can arise from the implementation of inflexible workflow software which is not necessarily compatible with existing IT systems used to manage financial crime risks. Likewise, at all stages of the customer life cycle, it’s important to ensure that digital identification and verification (ID&V) solutions are configured in a way that appropriately identifies fraudulent impersonation attempts. This is perhaps best illustrated through developments in biometric ID&V solutions, where there is a growing need to manage the risks associated with biometric fraud, such as from masks and avatars used to deceive facial ID recognition, and pre-recorded voices used to bypass voice recognition software.

Technology risk management can be particularly challenging when implementing complex Customer Risk Assessment (CRA) and TM systems, a topic which touches on some of the key AML failings noted in the Guaranty Trust Bank (UK) Limited fine publicised earlier this year.

Firms should make sure that they understand fully the effects a financial crime technology change will have on both upstream and downstream processes. The financial crime controls space doesn’t lend itself to changes made in the live environment before testing, as you end up storing extra risks if the changes do not work as intended. Instead, modelling the effects of the change and running these in a test environment using customer data will help mitigate some of the risks that change can bring.

Ultimately, the accountability for financial crime failures resulting from poor tech management lies with the regulated firm itself. Firms must not be blindsided by the often-veneered benefits of automation, and tread with caution when engaging with the RegTech vendor selection process.

RegTech is driving the change towards automated financial crime prevention. But if tech solutions are not implemented within an appropriately controlled environment, these cost-saving tactics can exacerbate the risk that firms attempted to mitigate.

How we can help

We work with firms to make their financial crime frameworks more effective and efficient by using the latest technology to augment onboarding and monitoring processes.

We have real life experience of tuning monitoring systems, investigating financial crime at scale and transforming compliance functions to produce better outcomes.

We provide managed monitoring and client due diligence collection and assessment services that can flex with your business or provide consistently staffed solutions.

Want more insights like this?

Join our mailing list