Moving to a single, client-centric view of risk

Convergence of monitoring across client behaviour and risk domains

The following article explores the changes to financial crime (FC) client monitoring that are needed to move beyond traditional transaction monitoring (TM) to a more effective, single client-centric risk approach. Traditional TM is fragmented, creates a large volume of false positives, and often fails to connect the risks when it really matters. To address this, financial institutions need to combine a range of risk indicators for expected and actual client activity, including FC indicators such as fraud, cyber (for example the location of activity, devices used, etc.) and sanctions.

Key factors driving the need for change

1.     Market and regulatory changes, including highlighting the failure to link risks to controls in detection, increased regulator knowledge and increasing expectations of system and control effectiveness;

2.     Industry factors, including new, faster, cross-border payment channels and new payment providers;

3.     High levels of duplication and inefficiency, with alerts relating to customers reviewed multiple times; and

4.     Advances in technology, including emerging ways to consolidate data and using machine learning (ML) and artificial intelligence (AI) to detect complex patterns of behaviour.

Together, these factors are increasing the risks, complexity, and pressure on traditional monitoring approaches, and also creating opportunities to change the way technology is utilised. To keep up with new and evolving FC threats, financial institutions need to integrate internal and external intelligence sources, consolidate monitoring, and ensure the control environment is able to respond rapidly to changes in risk.

Challenges of existing TM solutions

On top of the above change factors, there are well-known and documented challenges with the ability of existing TM solutions to identify suspicious and potentially criminal activity. These include:

·       Large number of false positive alerts (often 90%+) that typically lead to a low conversion ratio of investigations to suspicion and actionable intelligence for the financial institution(s) and/or law enforcement partners;

·       Solutions are expensive to implement (including data integration costs), test / tune, operate and upgrade;

·       Majority of client monitoring is still conducted at the transaction or account level. The inherent complexity of some relationships, which have multiple touch points with the financial institution (e.g., larger SMEs, corporates, markets customers, trade finance, etc.), means risks cannot be easily drawn together with existing solutions;

·       Large operations teams, using manual processes, have an inherently high risk of human error, due to the large volume of alerts and repetitive nature of tasks; and,

·       Difficulty linking the expected behaviour of the client - from client due diligence (DD) - to the client’s actual behaviour, due to the siloed nature of risk domains (see Figure 1 below), difficulties bringing data points together, coupled with poor quality and outdated client DD data.

The result is significant ongoing cost to achieve regulatory compliance, with only poor outcomes - if measured in terms of criminals detected and disrupted - relative to the effort.

Transitioning to a single, client centric view of risk

We believe that considering the change factors and the challenges with traditional TM, a transition to a single, client-centric view of all the relevant risks is required. An outline of how this could work is set out in Figure 2 below.

To make this single, client-centric view of risk a reality that would require:

·       Consolidation of available risk domains from expected and actual behaviour, including fraud, sanctions and cyber;

·       Introduction of a single, converged client risk score that is tracked over time to maintain a more holistic picture of the client risk - in the same way an individual’s credit score is established and updated over time based on a variety of their attributes and behaviour – rather than a discrete static rating (e.g., low, medium, and high);

·       Use of dynamic client segmentation so that anomaly detection techniques (including ML / AI), can be used to reduce false positives;

·       Identifying a set of descriptive rules to support client segmentation, which provide coverage for prioritised risks, where there are known problems with anomaly detection (e.g., with human trafficking and Ponzi schemes); and,

·       Creating feedback loops from scoring changes and investigation outcomes, directly linked back into client scoring and risk assessment, to improve monitoring over time.

Key benefits of single, client-centric risk monitoring

A number of strategic choices will need to be evaluated, tested, and aligned as part of this transition to a single, client-centric risk monitoring approach. Once executed successfully, we believe this transition will result in three key benefits:

1.     Enhanced monitoring effectiveness

Combining the risk indicators will be a powerful tool for improving the understanding of customer risks and detecting complex and higher risk patterns earlier and more effectively. Working with data at this higher level of aggregation, such as at the client or client group level, will help to identify the most important risk areas and enable a focus of key resources on those risks that matter the most.

2.     Reduction in regulatory risk

In some recent enforcement actions in Europe and the UK, the findings have drawn attention to the fact that a number of red flags were identified through client due diligence and / or monitoring but were not connected or acted upon by the financial institution. To tackle these concerns and support a more effective risk assessment process, the EBA₁ recommends taking a holistic, risk-based approach for all money-laundering / terrorist financing risks both on an individual, customer level and at a business-wide level. Similarly, within the UK in their recent ‘Dear CEO letter’, the FCA highlighted failures in firms’ customer risk assessments and ongoing monitoring controls and observed that ‘CRAs should enable firms to take a holistic view of the risk associated with the relationship, considering all relevant risk factors’. By taking this approach and monitoring the client risk score over time and in a more comprehensive way, there is a better opportunity to identify increased risks and outliers.

3.     Reduction in operating costs

Whilst cases would likely need to be more in-depth due to the increased risk insight, the time taken per case would be more than offset by the reduction in volume of client due diligence re-fresh and monitoring investigations.

Leading the way to a more integrated and effective approach to FC

When integrated with an intelligence-led risk assessment and a more dynamic approach to client due diligence, the move to a single client-centric view of risk outlined here will enable a more integrated, efficient, and effective approach to FC. This will in turn allow for a transformed operations capability as well as better and more timely information sharing internally, peer to peer, and with public sector bodies (police, law enforcement agencies and financial intelligence units).

[1] EBA Guidelines on customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions (‘The ML/TF Risk Factors Guidelines’) under Articles 17 and 18(4) of Directive (EU) 2015/849