Resilient Risk Management for the FinCrime Professional in Today’s New Normal
Financial crime has increased substantially since the outbreak of the pandemic. Regulated firms are being attacked on all fronts and criminals are getting more sophisticated, with an increase in criminal scams and laundering activity associated with this crisis. As if they weren’t already, compliance teams face challenging times ahead. In this blog, we discuss how FinCrime professionals can build resilient risk management processes in whatever passes for today’s new normal.
Firms report being exposed to a wave of financial crime methodologies during the last 12 months. These include the use of money mules; criminal use of third parties such as estate agents, law and accountancy firms; trade-based money laundering schemes; the proceeds of trafficking; the abuse of corporate structure; and the misuse of digital currencies and prepaid cards (source).
Added to this we are seeing a continually sharp rise in identity fraud. Back In 2017, Cifas announced that UK identity fraud had reached “epidemic levels” with incidents occurring at a rate of 500 per day. According to their Fraudscape annual report, things are only getting worse, with over 223,000 cases of identity theft reported in 2019, 18% up on 2018 and accounts for 61% of all cases of fraud reported to the NFD (source).
Navigating the risk and compliance processes alongside today’s new challenges won’t be easy. As budgets tighten, throwing more people at the financial crime challenge is not an option for many organisations. Instead, financial crime-fighting professionals will need to accelerate the digital transformation of their compliance functions and invest in technology to automate and simplify processes.
Delivering resilient risk management
Invest in better onboarding
The problems with KYC programmes begin with weak underlying onboarding processes. The issues here include: inadequate methods of obtaining and/or maintaining records; and multiple poor-quality data-capture systems. An investment in robust client due diligence processes from the very outset, can avoid large-scale future remediation projects and identify bad actors in real-time.
Digital-first software packages are an efficient solution, whilst remote onboarding processes that combine Facial Recognition, Identity Document Verification (IDV) and Genuine Presence Assurance (GPA), are the most effective. GPA provides regulated businesses with the assurance that each individual is the right person, a real person and that they are genuinely present right now.
Secure cloud solutions
Using legacy systems and outdated manual processes not only provides a haven for bad actors to take advantage of any gaps in your compliance processes but also dramatically increases the risk of human error (due to insufficient resources) and overall KYC costs (due to increased resource costs).
By digitally transforming your compliance functions, using scalable and secure cloud solutions, you can facilitate expanded financial crime-fighting projects, seamlessly handling increasing volumes of client documentation and data, into a single view of the relevant data and sources.
Beneficial ownership visualisation
Illicit funding is only able to enter the financial system by money launderers using corporate vehicles disguised as legitimate businesses. Criminals are now actively targeting firms that they perceive to have weak Beneficial Owner identification and verification.
Compliance professionals need to invest in technology that can easily visualise corporate structures and identify beneficial owners. The ability to identify beneficial owners in a few clicks, not only helps fast-track the standard onboarding process, but frees up staff to focus on more complex investigations. So, by introducing this data visualization software, compliance professionals can make real-time data-driven decisions on who to onboard.
One of the results of the pandemic, is that your clients’ risk status is changing at an unparalleled speed. It is no longer sufficient to re-check your client data when the regulator calls for a spot check, (not that it was ever a great idea!), or to wait for the next remediation project. Client risk is changing rapidly, and your business must show the regulator that it has processes and protocols in place to identify and remediate client data to reduce the threat of ongoing fraud. This is even more important with 6AMLD looming as the definition of crimes and criminals is widening and ignorance is no longer a defence.
Such rapid changes in the market mean businesses need to invest in ongoing client monitoring tools so they can receive real-time alerts on relevant changes to clients’ risk status. Receiving alerts of changes in company structure, beneficial ownership, directorships, and customers and their financial stability, through an agile cloud solution can significantly reduce your business (and personal) risk as well as operational overheads.
Better Amber Management
One of the key issues for businesses and compliance teams is the sheer volume of customer data that they have to monitor and remediate. One solution is Amber Management.
Whilst the FCA and other regulatory bodies recommend a Risk Based Approach (RBA), this only categorises individual records as Low, Medium or High risk, it doesn’t change the volume of records. Anyone using a RBA should have bought into the suggested remediation protocol, i.e:
· Every year for High Risk
· Every 1-2 years for Medium Risk
· Every 2-3 years for Low Risk
This goes some way to improve the volume problem, but Amber Management goes further.
The concept of Amber Management is to categorize records using a RAG (Red, Amber Green) process, which identifies the level of risk based on a number of issues, including level of exposure, likelihood of risk, available data, etc. In this scenario, you should not do business with anyone flagged as Red, due to the underlying risk and/or the data you have on them. Instead, they need to be dropped from your data and potentially reported to either the relevant regulator or law enforcement agency. Green, on the other hand, are those that you are fully confident in dealing with, at least until any future flags are raised. In both cases, there should be swift and efficient processes to deal with them and ‘get them off your desk’ quickly and efficiently.
That leaves the Ambers, which are those for whom you either don’t have enough confirmed data to be fully confident of, or those who have had flags raised against them in your continuous monitoring. In both instances, further investigation is needed and the compliance team can concentrate their efforts on resolving them – either as Greens, or Reds – with the pursuant action. Hence the term Amber Management – its all about identifying and understanding the ambers.
Fighting financial crime, and keeping your business safe, has never been more complicated and is unlikely to get any easier. In fact, all the indications are that it is going to get increasingly more difficult and complicated, for a great part because the resources and funds being ploughed into it, from the bad actors, shows no sign of reducing. Indeed, quite the opposite.
For these reasons, digitising your KYC onboarding, monitoring and remediation is the only foreseeable solution for most financial companies. The good news is that there are plenty of support options out there with the Reg Tech industry moving apace to create technology solutions to stay ahead of the criminals.
If you are in need of any advice on digital solutions for onboarding, ongoing client monitoring, remediation or the introduction of Amber Management protocols, NorthRow is able to provide you with a range of solutions that can ease your way through the minefield.