The open and engaging way in which FinTechs attract customers and their razor sharp focus on customer experience presents an exciting opportunity to build-in and enhance the concept of deterrence as an effective and efficient part of their financial crime risk management.

The act of deterrence has become a common sight on the streets of many european capital cities, where armed police now patrol in response to the terrorist threat. Their very presence is designed to inhibit the confidence of a terrorist to physically act or target the venue where they are present. The presence of the police officer is both a physical control but also creates a perception of security. This is similar to airport screening, where the signs on approach to the screening points are designed to increase the perceived pressure on those seeking to breach the screening process, before they even get to X-ray machine. How many of you now spend the time in the airport queue tapping your pockets checking that you have no metal present as you don't want to be delayed for a few minutes? Imagine the feeling of stress that an individual would be feeling if they actually were trying to by-pass the screening process. Not only does this deter some uncommitted actors, it also presents additional opportunities to detect the activity.

In financial crime risk management terms deterrence is often discussed in the context of controls, where they physically stop illicit actors gaining access to an account, and this is a critical component; however, a credible and efficient deterrence process can and should be applied well before your customers start to interact with a physical control. If you think about it in purely operational and monetary terms, reducing the attempts of illicit actors that come into contact with your physical controls by 10%, say, results in potentially 10% fewer KYC matches or anomalies that need to be reviewed at cost, a percentage fewer transaction monitoring alerts that need to be investigated, and a reduction in the chances of a potential regulatory breach.

If we refer back to our analogy of the armed police officer standing outside a museum - do you need to physically interact with the officer to know he means business? Generally the answer would be no - you get a perception that he is there to do a job. This same theory can be applied to the perception you build of your company's financial crime controls and your corporate position when it comes to managing and dealing with financial crime.

Criminals are equally vulnerable to human emotions and will avoid firms where they feel the risk reward is not balanced in their favour. In some cases, they won't even try and test or breach your actual controls - turning their attention on those services they feel are more vulnerable. As with the analogy of the armed police officer, perceived deterrence is not enough and must be backed up by sound protection, detection and disruption activities/controls but perceived deterrence can be a hugely powerful and have tangible benefits.

Application of this key concept does not mean that you need to have big scary signs (digital or physical) that turn-off your customers and impact customer experience, in fact quite the opposite. Intelligent and credible deterrence can be integrated seamlessly into the open and engaging way new financial services are interacting with their actual or prospective customers while also reinforcing the point that FinTech businesses take the protection of the their customers and corporate responsibility seriously. For example, engaging your customer and user base through considered content is not only an open and transparent way to communicate exciting progress but it also presents the opportunity to get a strong deterrence message into the public domain. That messaging is then front and centre when the illicit actors are researching and scoping opportunities. 

It goes without saying that you do not want to compromise the effectiveness of your actual controls by disclosing sensitive features such as specific KYC conditions or transaction monitoring methodology but this should not inhibit the use of the deterrence concept as part of an effective layered financial crime framework, where its use can maximise efficiency, improve operational performance and also positively reinforce your customer engagement and protection objectives.

The team at FINTRAIL work with FinTech and regulated businesses to implement intelligent and risk-focused financial crime controls. Please contact the team at FINTRAIL for further information.

Why Adopting a Threat-Focused and Intelligent Approach to Financial Crime Will Help Drive Fintech Success.

The 21st century has been characterized by an interconnectedness that impacts every aspect of business and society. This level of connection itself is not new, especially in business, where there have always been long, connected chains of actors, actions, and goods. Two key forces have increased this global interconnectedness in recent years: the globalization of business and society in all forms – including friendships, cultural influence, criminality, and terrorism – and the rapid development of information and communication technology.

A new set of assumptions is emerging about operating in this technology-enabled, interconnected financial services environment. Actions and relationships are expected to be fast (if not instantaneous), and they should be rendered both transparent and permanent by the information and communications technology that enable them. Moreover, regulators’ expectations of what one needs to know about the connections within any given financial system have also increased.

In 2016, a large-scale leak of client data from Panamanian law firm Mossack Fonseca revealed details of offshore companies and transactions, some of which were alleged by investigative journalists to involve criminality in various forms. The response from global government bodies was to request information from financial institutions almost indiscriminately – even the governments themselves did not know which actors and activities were illicit or licit. Financial institutions faced a choice: investigate every actor and transaction with a potential link to Mossack Fonseca, or explain to government institutions what they knew about their exposure to Mossack Fonseca and their understanding of the financial crime risk associated with that exposure.

Though the latter choice was manifestly less labor intensive, it required companies to know, in detail, who their clients were at any given point in time. This was the only way they could state with confidence whether their business with various clients fell within or exceeded the company’s desired level of risk. In other words, companies needed to know who their clients were, what they were doing, and what they were expected to be doing – they needed good intelligence.

Academic debate on the definition of intelligence continues to rage, but for the purposes of this article, we regard it as the ongoing process of gathering requirements (a need for information, a need for a service), collecting information pertinent to those requirements (market data, customer profiles), and analyzing and assessing that information to draw out conclusions. This, in turn, drives the next set of actions (product development) or requirements (more research). Intelligence in practice is a constant iterative cycle of activity that matures as a company learns and gathers more information.

The concept of applying an intelligence process is not new for fintech or financial services companies on the product side of business. An examination of how successful firms build and iterate their products is enough to illustrate that the ability to generate good intelligence already exists within the core DNA of how fintech companies operate. The methods they apply to product development are a great example. Fintech companies identify a market opportunity or process that is prime for disruption before collecting supporting data, planning a method or solution, producing a product, issuing it to customers, and then learning from their feedback. They are continuously iterating at pace. In fact, many good fintech CEOs state that they value the feedback loop with users most, as this feedback allows them to identify areas for improvement and focus on the things customers really want and are willing to pay for.

Donald Gillies, CEO of PassFort, a rapidly growing technology firm that provides anti-money laundering (AML) and know your customer (KYC) solutions for regulated business, elaborated on this: “For companies that are truly innovating, there is no more valuable commodity than engagement and feedback from customers. It’s more valuable than revenue. More valuable than funding. It’s feedback and, more specifically, the learning that results from it that allows you to deliver excellence. Minimizing the time between feedback being given by a customer, that feedback being understood and evaluated by the product team, and evolving [that feedback] into tangible product outcomes enhances process credibility. Enhanced process credibility increases customers’ willingness to devote time and resources to contribute more feedback. In such a set up, more feedback leads to better product outcomes.”

Gillies goes on to state that “excellence itself is where such efficiency and desirable outcomes are achieved repeatedly. This ability to repeatedly deliver excellent outcomes is what enables businesses to scale quickly and efficiently – no matter what line of business they operate in.”

It is this innate mindset and thirst for knowledge and feedback that positions fintech firms to have an exciting opportunity to build the same intelligence-led concepts and associated excellence into the financial crime controls they develop. There is huge potential commercial benefit as these companies build proportionate, progressive controls that foster trust across customers, partners, and regulators while also addressing the complexity of interconnected, diversified, and evolving global financial crime risks.

In February 2002, then US Secretary of State for Defense, Donald Rumsfeld, stated the now globally recognized words: “There are known knowns. There are things we know that we know. There are known unknowns. That is to say, there are things that we now know we don’t know.” This phrase has become synonymous with the often explored and debated issues around intelligence and analysis, but its sentiment also rings very true in the battle against financial crime. The application of a very static, compliance-only financial crime risk-management methodology will always enable a company to identify and deal with the known knowns. However, in most cases it is not the known knowns that cause debilitating consequences. These come more often from the left field of known unknowns. However, our work with fintech firms has brought an interesting trend to our attention: an increasing appetite for and ability to look for known unknowns.

This development is probably being driven by the personality type of those working in fast-paced fintech firms in combination with increases in access to data and technical knowledge. This new trend is exciting and has the potential not only to effect positive change in how the financial services industry addresses financial crime, but also to delineate additional areas of competitive advantage for fintech. Developing intelligent processes and working to fill the void of information created by known unknowns will drive excellence across all fronts: it will enable competitors to disrupt existing structures, processes, and services; it will allow them to see opportunity in risk and manage it proactively and intelligently; and, crucially for startups in the financial services space, it will allow them to drive customer trust through their effective and frictionless financial crime risk management practices. In the context of globalization and interconnectedness, intelligence and excellence are a powerful combination. This combination can rebalance the complex equation behind the efficient management of financial crime without hindering the exciting commercial and social potential of disruptive financial services. Fintech can lead that charge, as they already have the inbuilt personality traits, data, and technical capabilities to think intelligently about financial crime controls. And, in this sense, intelligence leads to excellence.

The team at FINTRAIL work with FinTech and regulated businesses to implement intelligent and risk-focused financial crime controls. Please contact the team at FINTRAIL for further information.

To read this article on the fantastic MISC website please visit - https://miscmagazine.com/intelligence-delivers-excellence/

Image Credit: The Digital Way

At FINTRAIL, we were really excited to present at the recent ACAMS seminar, KYC/CDD for the 21st Century. It was an excellent day, with some great presentations and speakers.

The theme for the day focused on applying a risk based approach to KYC and CDD and examined developing trends in the industry, with an audience drawn from across the financial services spectrum. FINTRAIL provided the audience with a simple methodology for conducting risk based due diligence on a FinTech business, examining some of the challenges, but also the opportunities the sector and approach may bring.

Delegates worked through a case study, which showed that although there are risks, the entrepreneurial spirit that defines FinTech can often be appropriately harnessed to improve financial crime controls such as onboarding and KYC. In turn this can result in more efficient and effective processes - reducing the perceived risks a FinTech may pose to issuing banks and Partners.

There is no denying that accessing banking facilities remains a significant challenge for payments providers and FinTech, driven by the continuing fall-out associated with de-risking/risk-off appetite and a general perception that the FinTech sector is of higher risk from financial crime. This session highlighted that a risk based approach to both the onboarding and ongoing due diligence of a FinTech business presents an opportunity to build a strong relationship between the provider and client, where the perceived or actual risks are understood, appropriately managed and the parties are then empowered to collectively capitalise on exciting commercial opportunities the sector is creating.

Our thanks again to ACAMS and Samantha Sheen for organising such a great event.

Please feel free to contact the team at FINTRAIL if you would like further information.

We are living in an increasingly connected and digital world and one where the delivery and consumption of financial services is moving online. This is driving a hugely positive and rapid evolution in financial services, offering customers more choice and a generally more convenient and focused experience. However this positive evolution has potential to be undermined by a break down in trust for companies, their partners, customers and regulators driven by failures to protect against cyber enabled crime. This is even more important in fledgling financial service businesses such as FinTech where hard won customers can be quickly lost via a breakdown in trust.

There is a complex dictionary that accompanies cyber security, complimented by huge numbers of confusing and expensive systems hitting the market that claim to combat the risk of cyber enabled crime. For those who do not have the depth of experience in cyber and data security it can be daunting to get your head around, never mind simplistically understand what you should be doing to better protect your customers and business. We are often asked by our clients and contacts to help them simplify the discussion around cyber and data security - so that is what we are going to do over the next few months. FINTRAIL are going to strip it back to the fundamental basics, in a language that everyone can understand and provide some useful pointers that should help readers think logically about the risks they face. Where we do use a technical term, you will find it hyper-linked to its definition.

Understand the scale of the problem

The aims of the cyber criminal will determine a business’s attractiveness as a potential target. As a general rule any business could be a target of ransomware style attack as this tends to be a volume approach - infect everyone and see who pays up. However, the nature and construct of a particular business model or system will have characteristics that make it potentially more or less attractive to cyber criminals. For example, do you provide customer accounts or facilitate value transfer? Do you collect and store lots of data on customers? Do you integrate with or have partners accessing your network/system? Answering yes to any of these may, at face value, make you more attractive to cyber criminals as the dividend or reward for them is higher than that of an individual.

In this edition we are going to focus on the logical and most simplistic place to start and forms our basic step number 1 - understand the risks and scale of the problem.

We have been watching with interest over the last few years as the boundaries between physical and digital crime have become increasingly blurred. If you read the news in any given week there are usually a number of cyber related stories hitting the headlines, whether it be well-sourced and detailed allegations of state-sponsored interference with National elections, cyber fraud targeting retail banking customers or institutional banking systems targeted. It can make for daunting and at times confusing reading but it is really important to set this issue within the context of your business. 

The 2016 UK National Crime Agency (NCA) Cyber Crime Assessment made a number of interesting observations:

• The accelerating pace of technology and criminal cyber capability development currently outpaces the collective response to cyber crime. This ‘cyber arms race’ is likely to be an enduring challenge, and an effective response requires collaborative action from government, law enforcement, industry regulators and, critically, business leaders.

• The NCA assesses that the most advanced and serious cyber crime threat is the direct or indirect result of activity by a few hundred international cyber criminals, typically operating in organised groups, who target businesses to commit highly profitable malware- facilitated fraud.

• Although the most serious threat comes, directly or indirectly, from international crime groups, the majority of cyber criminals have relatively low technical capability. Their attacks are increasingly enabled by the growing online criminal marketplace, which provides easy access to sophisticated and bespoke tools and expertise, allowing these less skilled cyber criminals to exploit a wide range of vulnerabilities. 

•  A ‘compliance approach’ that aims to meet minimum standards does not adequately deal with intelligent and evolving adversaries, as threats are evolving faster than most defensive technologies and security practices. 

As the NCA assessment above highlights, cyber criminals will often need to expend effort and resources to target a business effectively. Much of this is now achieved via relatively old vulnerability 'exploits' that are cheap and easy to come by and can be deployed at scale by the criminals. The newer exploits are becoming cost prohibitive for anything but the most sophisticated and well-funded cyber criminals.

Criminals have made a large pivot recently from using technical system exploits that require minimal user interaction to an old approach that focuses on applying social engineering tactics (Any act that influences a person to take an action that may or may not be in their best interest) to convince victims to click or run infected documents. These techniques date back to the mid-90’s but are really easy to scale.

The growth in the online criminal marketplace has now enabled cyber criminals to focus on niche areas of expertise, buying in the skills or access they need. The marketplace also helps them to scale up quickly – with tools such as exploit packs designed to automatically find the best possible web exploit for a target, packaging tools much like commercial SaaS solutions. They even use the terms ‘conversion rates’ when advertising the solutions to the criminal customers!

By taking some time to understand what is happening in the industry and how it applies to your business model, you will be able to contextualise developments and understand their significance. In our next post we are going to focus on the need to complete a risk assessment to structure and formalise some of the thinking about data and cyber security. Turning it into a user friendly and simple format that can help you make decisions and build a responsive and proportionate plan to mitigate the risks.

FINTRAIL’s cyber experts offer practical advice and commercially focused guidance to businesses looking to address the risk of cyber-crime. If you would like to discuss your cyber or data protection needs further, get in touch with the team at FINTRAIL. www.fintrail.co.uk

The past century has seen a huge shift in the financial services landscape – from the growth of retail banking (as we know it) in the late 1800s; to Diners Club developing the first credit card in 1950; and the elusive Satoshi Nakamoto’s invention of Bitcoin, the world’s first fully virtual currency, in 2008. The evolution in financial services has been complemented by the rapid development of enabling technology, the internet, a huge growth in connectivity, and the successful emergence of mobile and flexible payment channels. Collectively, these exciting developments are opening up financial services to new markets and users, as well as offering customers better value and more choice. With such developments – which are often rapid and occasionally chaotic – the risks and opportunities for both legitimate consumers and financial criminals have evolved and expanded. This article produced by the team at FINTRAIL explores the future of financial crime, its evolution and likely impact on the financial services industry as we move towards 2020.

Sucre, the virtual trade currency set up to facilitate transactions between Venezuela, Ecuador, Cuba, Bolivia and Nicaragua, and subject to a 2014 investigation by the Ecuadorian authorities amid allegations of serious abuse and money laundering control issues, is still a relevant use case that demonstrates the importance of implementing the proper financial crime and network risk management controls to ensure that what was in essence a perfect solution to a commercial challenge is not undermined by involvement – albeit inadvert – in financial crime.

Background

Sucre, an invention of Hugo Chávez in 2010, stands for the Unified System of Regional Compensation (in Spanish) and is also the last name of the 19th century Venezuelan leader, Antonio José de Sucre y Alcalá. It is primarily a trading currency managed by a board of central bankers, which is used by importers and exporters to make and receive payments in their local currencies. As The Wall Street Journal points out, “Sucre’s appeal lies in its implicit payment guarantee…In a typical sucre transaction, a company in Ecuador sends the Venezuelan importer an invoice denominated in U.S. dollars, which is Ecuador’s national currency. The Venezuelan company then sends that invoice to the Venezuelan central bank, handing over bolívares. The Venezuelan central bank converts the bolívares to sucre and transfers the sucre to Ecuador’s central bank. There, it is converted into U.S. dollars, Ecuador’s national currency, and the exporting company receives its payments.”

Criminal opportunity

In 2014 a joint investigation between the Ecuadorian and Venezuelan authorities was launched into abuses of Sucre transactions, primarily focussed on the use of so-called “ghost companies” which over-invoiced for goods received and took advantage of favourable exchange rates, a common tactic used in money laundering. Ecuadorian newspaper El Universo and the Miami daily El Nuevo Herald reviewed and highlighted schemes involving various transactions carried out with Sucre currency. The investigation found that Sucre served as a platform for at least 60 Venezuelan companies and 30 Ecuadorian firms to carry out multi-million dollar operations involving fictitious exports and ghost companies — as well as bank accounts in Panama, the Bahamas, and Anguilla. Reporting indicates that at the time up to 5% of Sucre transactions were suspicious in nature – which FINTRAIL assess to be very high by current bank standards.

This is further compounded by allegations in the public domain that senior figures in the Ecuadorian and Venezuelan governments were privy to some of the money laundering schemes, specifically a company called Fonglocons (Global Construction Fund), which was incorporated just four days before the bilateral agreements between Venezuela and Ecuador were signed and which was created with the specific purpose of trading between the two countries. None of the allegations against Fonglocons has yet been proven, however.

On face value the potential attractiveness and vulnerability of the Sucre scheme to money launderers was clearly not fully considered in the strategy and planning mechanisms around the currency and its deployment, leaving it open to relatively easy misuse by criminal or otherwise corrupt enterprises, sullying its reputation as a reliable virtual trade currency and undermining its otherwise strong utility in markets trying to reduce their reliance on the US dollar. Appropriate network risk management through a comprehensive understanding of the threats facing a virtual currency such as Sucre and the implementation of a clear control infrastructure to mitigate particular vulnerabilities would likely have prevented such infractions.

As the global FinTech sector continues to grow – KPMG and CB Insights show the surge of investment continuing to a multi-year high of USD13.8 billion in 2015 – so are the instances of financial crimes at FinTech firms.  The examples of Trustbuddy, Mt. Gox, Ripple Labs and Ezubo (to name but a few) – which have been hit by financial crime scandals ranging from internal misconduct, money laundering, fraud and embezzlement – demonstrate this trend all too neatly, and underscore the need for FinTech firms, and their investors to ensure that the right financial crime risk management controls are in place, to protect their brands and their investments respectively.

Peer to peer (P2P) lending, mobile payments, virtual currency trading and crowdfunding platforms all offer an alternative and potentially more attractive solution to traditional banking. However, you only need to dig a little deeper to find examples of poor financial crime risk management, which if replicated across the FinTech industry have the potential to cause significant damage to the investment attractiveness of such firms and reputation of the industry.

Ezubo – where did all the money go?

Chinese courts last year handled 1.4 million cases involving P2P lending worth a total of CNY821 billion. As an example, just a few months ago, Chinese authorities pressed charges against Ezubo Ltd for defrauding investors out of CNY50bn through a Ponzi scheme. It is alleged that Ezubo sold fake investment products to nearly 1m investors, with promises of annual returns of up to 15 per cent.

The irony of Trustbuddy

Financial crime’s tainting of the P2P model is not confined to those markets with loose or limited regulation. Sweden-based Trustbuddy had a SEK 44 million discrepancy between the amount owed to lenders and the available balance of client bank accounts. This was discovered by the company’s new CEO, and just as he was hired, Trustbuddy filed for bankruptcy, with reports that internal misconduct had taken place since operations began in 2009.

Mt. Gox – on the rocks

In Japan, Mt. Gox, one of the world’s first BitCoin exchanges and at one point handling around 80% of the world’s bitcoin trades, filed for bankruptcy in 2014. The then-CEO Mark Karpeles was accused of manipulating trade volumes and taking JPY321 million from the company to fund personal projects. Interestingly Mark Karpeles had reportedly been sentenced to a year in custody on fraud accusations prior to founding Mt. Gox.

Ripple Labs – making waves for all the wrong reasons

In the US, Ripple Labs was subject to the first civil enforcement action brought against a digital currency exchange. The company reached a settlement with the US Department of Justice and Department of Treasury in excess of USD1.1 million, and admitted to not having an effective AML programme in place. In the Financial Crimes Enforcement Network (FinCEN’s) ‘Statement of Facts and Violations’ report, it was noted inadequate KYC checks lead to a USD250,000 transaction taking place with an individual who had a previous federal felony conviction for dealing in, mailing, and storing explosive devices.

Crowdfunding – necesSARy notifications

According to FinCEN, there has been a 171% increase in Suspicious Activity Reports (SARs) filed between January 2015 and May 2015 for rewards-based crowdfunding, compared to those filed in the whole of 2013. Analysis indicates various forms of potential illicit use of platforms, including money laundering, fraud schemes, possible terrorist financing, and other criminal activities. It is important to stress that in the grand scheme of FinCEN SAR data the overall numbers of SARs associated with Crowdfunding are still relatively small.  The increase in SAR activity is likely driven by greater awareness of SAR reporting requirements, as well as the growing popularity of the product for ordinary customers as well as those with illicit intent.

The European Securities and Markets Authority (ESMA) has explicitly said:

“Investment-based Crowdfunding carries a risk of misuse for terrorist financing, particularly where platforms carry out limited or no due diligence on project owners and their projects. Project owners could use investment-based Crowdfunding platforms to raise funds for terrorist financing, either overtly or secretly.” 

So What?

There is significant opportunity for strong financial performance within FinTech and its various facets, but these examples demonstrate the risks as well as rewards that apply to founders, investors and customers of these firms. Understanding and mitigating the potential financial crime risks ensures the protection of investments and the regulatory and reputational longevity of a firm.

https://flic.kr/p/Cgp24k | Flickr Creative Commons Waves | The stormy seas crashing on the rocks by Chris Dine

FinTech should take advantage of the lessons learnt the hard way by established correspondent banking institutions, avoid repeating history and emerge stronger.

Established financial organisations have been battling the challenges of financial crime risks within correspondent banking for years, but in the last three to four that focus and complexity has increased as international regulators have rightly raised the level of oversight and enforcement. Collectively the fines have run into billions of dollars and have severely affected a number of international household banking names.

We would not be the first people to say FinTech and new payments technology are the new kids on-the-block with the ability to disrupt the status quo, improve financial inclusion and drive efficiency but there is also a need to learn the hard lessons of their forefathers in correspondent banking. Here are a few areas for consideration:

1. Understand the financial crime threats your business faces – and we mean genuinely understand them! Are sanctions a concern because of the type of products you offer, or the markets you cover?  Or is money-laundering the primary concern because you’re operating in markets with limited transparency and weak legislation in the anti-money laundering arena? Understanding threats, and the risk they pose (the likelihood and impact of those threats materialising) is crucial to determining the next steps you take and should, in all truth, influence your overall strategy.

2. Define and understand your risk appetite – once you’ve understood the threat landscape, define what and how much financial crime risk you can realistically manage and what will you do if it is exceeded. This will help shape and refine your strategy.

3. Clearly understand your business strategy – use your knowledge of financial crime risks and overall risk appetite to set a cohesive strategy and monitor that it is working. You can’t blindly onboard or target new sectors, customers or markets without considering the impacts on your risk profile. Go into those decisions with your eyes open.

4. Understand your network and its constituent parts – who are you doing business with, who provides you with services or facilitates your business, do you use exchanges, what financial crime controls are they applying and does your network pose any risk to you, your concept, product or reputation. Understand the core components of your internal (affiliated) and external network and the risks they pose.

5. Identify and monitor the high risk parts of your network – once you understand your network and its components, identify those areas that are likely to present or incur financial crime risk and monitor them.

6. Don’t just trust what people say – make sure your have due diligence and assurance processes in place to identify when things in your network start to go wrong and standards are not being adhered to.

7. KYC, KYC, KYC – know your customer and understand what they should and actually are doing. Is it your customer or a customer’s customer? Do you know what KYC they have done? Effectively monitoring transactions, payments, transfers or associated deviations requires knowledge of the expected to recognise the abnormal. We don’t want to be too regulatory focused here but you really need to think carefully about what it is is you need to know about your customers.

8. Understand what is normal and monitor for any deviation – do you expect to see a high volume of transfers or payments to high risk jurisdictions, locations or customer groups?  Has there been any increase or significant decrease in flow volume or value? You would be surprised at how rarely this is done effectively but can be one of the best indicators that something is going wrong.

Some of the points above seem obvious but the background for each is based on actual organisational failings evidenced in multiple publicly available documents such as the various Deferred Prosecution Agreements against international banks. There are hugely exciting opportunities to leverage developments in the FinTech and payments space to solve critical financial inclusion, transparency, efficiency and sustainability issues, but without learning from past experiences, and getting a grip on risk management early on, none of these opportunities for true disruption will be realised.

Photo by jarmoluk (Pixabay)

Is solely complying with regulations really managing financial crime risk? FinTech and start-ups have the opportunity to carve a new path in risk management strategy

Over the years the term and structural title of Compliance has become associated with a perception of a tick box nature, obeying the rules or guidelines of regulation with little room for dynamism and flexibility.

Is that what the industry and regulators want? What does it conjure in your mind when you think of the word Compliance?  This is what the dictionary says:

“The state or fact of according with or meeting rules or standards”

It is not exactly inspirational and equally, in the rapidly evolving world of financial crime risk management it is not particularly accurate or effective. Do you want to meet rules or standards or do you want to manage risk? Do criminals operate within a framework of regulatory guidelines? No. They are far more agile in their ability to exploit vulnerabilities.

Adopting a tick box mentality can be hugely detrimental to the success of an organisation to manage and adapt to rapidly changing financial crime typologies. You need to be using innovation and working collaboratively across teams to hit the desired effect. Yes, the lines of defence model is there for a reason and you absolutely must comply with regulations as they apply to you but more importantly you must understand why you are applying them and how you may need to adapt the concepts and even go beyond in a dynamic way. As the situation dictates you may need to go beyond the regulatory guidelines in order to meet the risks head on. It is a dichotomy that large financial organisations have been battling for years.

Would it not be refreshing to hear more about the financial crime and regulatory professions empowering business strategy, on the front foot, going beyond the norms of regulation to add maximum value to the business they support.

We think part of the problem is in the title – Compliance.  Let’s talk about risk management strategy instead.