A trillion dollar issue
Impact of Financial crime on your organisation
The impact of financial crime on an organisation’s brand, reputation, goodwill, and revenue is significant, with money laundering alone estimated at USD $2 trillion each year.
As well as the risk of losses from financial crime itself,companies also face spiraling costs in related areas. Compliance with increasing regulation, internal investigations of potential wrongdoing, external enforcement actions and any associated fines and penal¬ties, class action lawsuits and other litigation, all drive up costs and the risks associated with financial crime.
Perhaps the largest potential cost of financial crime is of lost reputation. A 2013 global Forbes Deloitte survey discovers that more than 94 per cent of the world’s top organisations have changed their approach to managing risk over the past three years driven due to sophisticated digitisation and the significant risk of reputational loss.
This article was first published in Australian Banking & Finance.
According to corporate officers there is a perfect storm of pressure. Bribery, fraud, and cybercrime keep getting more sophisticated. Regulatory agencies expect and demand more accountability as the world is rapidly embracing the digital age. And as business embraces globalisation, it encounters nuanced and new cultural, operational and legal challenges.
Companies are managing the risks associated with financial crime in a variety of ways.
Compliance-based approaches addressing particular risks in a siloed or piecemeal fashion are giving way to holistic approaches that look at many types of financial crime risk across the organisation
While regulators see a risk-based approach as a given, they are now wanting to see accountability at a senior level for a holistic compliance strategy
Regulators are requesting a chief compliance officer, chief risk officer or chief legal officer to have over-arching responsibility.
Why now, what has changed?
Why do companies’ compliance, anti-fraud, anti-money laundering, and similar programs fail?
Failure to prevent or detect issues is often not because the programs or controls themselves are
lacking. More often, it’s a failure of culture and a lack of effective change management. For example, senior leaders may not be setting a strong or consistent “tone at the top” about acceptable and unacceptable behaviours.
This often manifests through fiscal or scope constraints on financial crime projects, dictating an unsustainable bare minimum approach. Or perhaps there isn’t enough attention by all key stakeholders across the entire institution to adopt and execute on the new policies or processes.
In our experience staff training and awareness efforts are always under resourced. The infrastructure to prevent financial crime may be sound, but its effectiveness still depends on execution, on individuals doing the right thing at the right time — culture is what enables and drives those appropriate behaviours.
So what isn’t working?
Set the strategy
To move at the speed of threat you need an agile strategy supported by design. To effectively detect,assess, prevent, and respond to financial crime, organisations needs to design a strategy that takes a holistic view of risk management. A static approach will be exposed in the short term, as will a purely reactive one. A fragmented approach isn’t enough – too often we see the fraud team doing one thing, the anti-money laundering team doing another, the market abuse and cyber security teams doing something different again and the sales, marketing and customer teams doing a thing that takes the financial crime risk to a whole new level. Silos are dangerous – these types of crimes are usually inter-connected.
Institutions need to iterate their financial crime management strategy with the same commitment and effort as they would their corporate or customer strategy. They need to know where they are going to focus their efforts and how they will be successful in mitigating financial crime as a result of those efforts. Only then will it become clear what capabilities and systems they will require. These are key questions to be answered.
It’s clear that technology plays a critical part in combating financial crime. Technology tools can give an organisation a more holistic view of their data, highlight potential areas of risk and let it be more focused and targeted in its efforts to combat financial crime. While technology is essential, the design, build and execution of this technology must be aligned to the strategy. The technology question should only be answered after the strategy is set.
Advanced analytics will help companies predict and identify trends and patterns in financial crime risk that are not otherwise easily discernable. Overall, the emphasis must be on prevention and early detection; leveraging technology and analytics to proactively identify issues or potential issues before they turn into front-page news. Analytics based on streaming data, flows of data and not pools of data will be the key in the future as the data in financial institutions starts to get BIG. Simply put speed and flexibility of the analytics platform to deliver insight is critical to response and intervention. Institutions need to implement platform solutions that are next generational and most importantly cheaper.
Analytics, particularly in the context of knowing the customer, must be consistent and holistic across credit, financial crime risk, marketing and sales. It is not only imperative from a financial crime management perspective but also from an efficiency perspective. It doesn’t make sense for institutions not to have a single understanding of a customer’s risk to reward trade off.
Change the culture
Accomplishing this transition typically involves a focused change management effort for the organisation.Executives and directors of financial services companies can no longer support a “bare minimum” approach to compliance; it is just too risky for the corporation and personally. Corporate collapses and regulatory actions have proven “bare minimum” approaches have and will certainly fail into the future. Financial institutions are simply too exposed as they now collect and have access to all the information they require to mitigate financial crime risk proactively.
What should you do?