Digital Transformation

Case Study: Digitisation Support

Designing Financial Crime Compliance Programme for Africa-Focused Digital Product

A case study of how FINTRAIL helped an international banking group launch a new digital product, by designing an innovative, tech-focused financial crime compliance programme.

See how FINTRAIL designed bespoke policies and procedures, processes for customer onboarding and ongoing monitoring, to ensure full regulatory compliance, effective risk mitigation, and great customer experience.

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch with the team at: contact@fintrail.co.uk

COVID-19 and the rush to Digital Onboarding

By Jessica Cath (Senior Consultant, FINTRAIL)

In July 2020, FINTRAIL wrote about the hot topic of digital onboarding and how to use Compliance as an enabler to necessary digital transformation.  With much of the world living life from their sofas and managing their day-to-day financial needs from home, COVID-19 had kickstarted a rush for digital onboarding. 

Three months later, as we settle into the new normal, we have an opportunity to reflect on the potential risks of implementing new technologies in challenging circumstances, as well as the opportunity to refine the digital journey going forward.

Successful digital implementation in the long term depends on fully understanding the technology and the associated risks – and how these risks fit within your risk assessment and existing control frameworks.

FIRST IMPRESSIONS MATTER

A streamlined onboarding process is vital for both customers and firms. 

Onboarding is the first opportunity to showcase quality relationship management, build trust with new customers, and demonstrate both efficiency and technological prowess. Onboarding is also expensive and scattered with regulatory requirements, so it is vital for firms to get it right first time and in a short timeframe. 

Digital onboarding can offer solutions. Replacing or refining traditional and often paper-based onboarding channels can speed up the process, improve user experience, reduce costs and - if implemented correctly - enhance compliance with regulatory requirements.

COVID-19 AS AN ACCELERATOR

The arrival of COVID-19 meant that digital onboarding capabilities became a matter of priority. Lock down measures restricted face-to-face interactions and any paper-based onboarding was effectively halted. 

Today, despite the relaxation of restrictions, we still see fewer customers at physical locations and fewer face-to-face interactions. 

We have also seen more customers proactively choosing to use digital channels. Digital experiences during lock down have increased confidence in technology channels and most customers now expect fast, seamless and digital onboarding.

THE RISK OF RUSHING

Despite many benefits of digital onboarding, rushing into new technology can expose the firm to risks – particularly if new technology is implemented in haste.

Given the challenging circumstances of remote operations and the need to adopt technology at speed, these risks are heightened.

Network and data risks 

Risks to data and network security are particularly high. The pressure to maintain business continuity during COVID-19 may mean that compromises were made. New technology may have been implemented with quick-fix workarounds outside of the fundamental security principles. With limited time for comprehensive proof-of-concept testing or securing systems-by-design, new technology or its integration may have vulnerabilities and leave the firm exposed.

Financial crime risk 

Risk of exposure to financial crime is also high. COVID-19 has proven to be a fertile ground for fraud and cyber-enabled crime. Confusion, misinformation and fear make customers and firms more vulnerable to fraudsters. Any new onboarding technology must be properly configured to the firm’s specific client base in order to effectively mitigate new fraud risks. 

TIPS FOR SUCCESSFUL DIGITAL IMPLEMENTATION

To overcome these challenges, there are several considerations and top tips for successful digital implementation. Ideally these steps would be taken prior to implementation but also offer areas for reflection and refinement if the digital solution is already in place.

1. Understand the technology you are implementing

Fully understand the technology, data flows, security, configurations and the third-party provider themselves. 

The technology should be assessed and reviewed before implementation, with careful consideration given to secure, seamless integration. If workarounds are implemented to enable integration, these should be properly documented with appropriate debate, governance and oversight. Any workaround should also be reviewed periodically and re-assessed with a view to achieving a more permanent solution.

The third-party provider should also be assessed and subject to checks and screening in line with internal policy requirements. These checks should be documented with appropriate sign-off. If any of these checks were fast tracked during the lockdown period, now is the time to review and verify.

2. Ensure the technology fits within your risk appetite 

To ensure long-term success (not just to meet the needs of COVID-19 lock down), the technology should fit within the firm’s existing risk appetite and wider technology strategy. 

Despite the unprecedented circumstances, the Financial Conduct Authority (‘FCA’) made it clear that firms should not divert from established risk appetite. In their May 2020 publication on financial crime systems and controls, the FCA stated ‘firms should not seek to address operational issues by changing their risk appetite’. The functionality within any new onboarding solution should be reviewed in line with risk appetite, and any risk decisioning should be documented with appropriate governance and oversight. 

Any new digital solutions should also map against the firm’s digital journey in the long-term, instead of being implemented as a quick-fix solution. If there are discrepancies, these should be documented and addressed in the next iteration of the strategy to ensure alignment.

3. Update risk assessments and controls 

Similarly, risk assessments and control frameworks should be updated to reflect the use of new technology. 

Enterprise-wide risk assessments should be reviewed in light of COVID-19 and changing risk scenarios, as well as the implementation of digital solutions. New onboarding solutions may address some of the risk scenarios created by COVID-19 but can also create new risks that may need to be mitigated through other control measures.

For instance, new controls may need to be added to test the platform itself. As part of a digital onboarding solution, a new screening tool may have been integrated for faster sanctions, PEPs and adverse media screening of new customers. The firm must periodically test the screening platform – to verify the outputs and ensure it continues to work as expected, in line with parameters set by the firm’s risk appetite.

4. Ensure proper integration with infrastructure and process

Finally, to get the best out of new digital solutions in the long term, ensure it is fully integrated with both current infrastructure and streamlined processes.

Fully streamlined integration with existing infrastructure often requires comprehensive proof-of-concept testing. With limited time for testing during the COVID-19 lock down period, there may now be opportunities for refinement – both from an operational and security standpoint.

Firms should also take time to review operational processes sitting alongside the use of onboarding technology, to prevent duplication of process steps or error. New digital onboarding solutions offer opportunities for speed and efficiency, but only if old processes are adjusted and refined.

KEY TAKEAWAYS

  • Digital onboarding solutions can benefit user experience, process streamlining and regulatory compliance, but can also expose the firm to further risks

  • Successful implementation depends on fully understanding new technology and the associated risks - and how these sit within established risk appetite

  • Existing risk assessments, control frameworks and processes should be updated to reflect the implementation of new digital solutions

  • If any technology was implemented in haste for COVID-19 lockdown, now is the time to review and close any gaps!


If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch at: contact@fintrail.co.uk

How to use Compliance as an enabler in Digital Transformation

Digital transformation for onboarding is a hot topic at the moment, given that much of the world is currently living their life from their sofas and managing their day-to-day financial needs from home. Having worked on transformation projects before with traditional FI’s, alongside assisting various FinTechs in the creation of new digital offerings, we at FINTRAIL thought it would be a good opportunity to move the spotlight onto compliance, and fly the financial crime flag by discussing some of the common misconceptions.

 

Front end change is just the tip of the iceberg

The ‘tip of the iceberg’ cliche has never been more appropriate when it comes to describing common misconceptions towards digital transformation. The main message is that a good user experience isn’t solely dependent on a minimal field registration journey, and that there are other components that need to be considered which the customer can’t see. Getting these components implemented effectively are equally as important and the focal point is our good friend - ‘a risk-based approach’. Having a robust risk-based approach can be the key for a slick user experience and dictate your approach to CDD, custom screening and risk management, enabling you to target your controls on your highest risk areas.

Image of front end change is the tip of the iceberg. Registration depicted above water, while the rest of the compliance processes depicted underwater as the main body of the iceberg

Less is more

It would be logical to assume that the less information you collect from your customer the better, and that allowing a customer to sign up by just inserting an email and password will drive your Trustpilot reviews through the roof. Ignoring the fact that this probably doesn’t actually meet your ID&V requirements, we would like to suggest that less isn’t always more. By creating a shortened registration process you may well get more sign ups, but if you subsequently need to perform downstream due diligence to address gaps, you could be creating a poor user experience further down the line, perhaps even in a critical situation when dealing with a vulnerable customer whose account has been frozen and they need urgent access to funds.  We don’t necessarily mean your registration process should be 100 fields deep across 10 pages but there is certainly a happy medium. 


Business enabling Anti-Financial Crime (AFC)

A common misconception is that financial crime compliance can be the blocker when it comes to innovation in these projects. It probably comes as no surprise that we at FINTRAIL would offer a healthy challenge to those naysayers. 

So, you are 6 months into your digital transformation project, it’s all on JIRA (other platforms are available) or you have a lovely Gantt chart. You have lined up all your sprints and it suddenly occurs to you that you should speak to your compliance team. After 45 minutes debriefing your compliance team, they have a bunch of questions and recommendations before you can move the project forward, resulting in you putting a big red “Stuck” against it. While you may have translated this into a no, these recommendations do not necessarily mean no, and even if it is a no, is that really surprising considering you have only introduced them as stakeholders so late on? Obviously we are focusing on the negatives here to emphasise our point and the above is certainly not a reflection on most businesses’ these days.

Some of the most successful projects we have been part of are the ones where AFC stakeholders have been included as part of the journey rather than just at sign off. There is a new breed of financial crime professionals who want to be viewed as business enablers and able to offer a great user experience as much as the next product owner.

A RACI (responsible, accountable, consulted, informed) matrix is often used in project delivery to divvy up people’s roles. With that in mind your approach may have been previously to assign compliance a consulted duty, but we would encourage you to increase their involvement in order to reduce blockers downstream and increase compliant innovation.

RACI project management chart with Compliance/financial crime function moved from consulted to responsible/accountable

Being a Compliance Champion

Equally it is not just the business that needs to take ownership of transformation, it can also be the fincrime function itself. Embracing change has never been more important in a digital enabled world and as fincrime professionals we should be just as excited by these new developments. Whether it is the implementation of a new due diligence process or screening programme, don’t be afraid to rip up the policy and start again. There is no reason why the financial crime team cannot be the driver for change.

Build, Buy or Both?

Like the ‘tip of the iceberg’, ‘build or buy’ is also becoming a bit of a cliche. What we do know is that you will likely need to partner with some technology providers in order to achieve your future state goals. Equally, even if you partner with someone, there will be an element of building that goes hand in hand. There are a variety of great providers available with a range of capabilities but we would like to reposition the ‘build or buy’ question. No single provider will solve all of your needs, and equally, to build everything in house isn’t logical when there are specialist systems available. This potentially means that the ‘build or buy’ question is a goose chase and in fact an amalgamation of the two is the best approach to adopt. 

Takeaways

Here are our top takeaways to be a compliance champion when it comes to digital transformation:

  • User experience does not stop on the physical registration page; it continues throughout the customer lifecycle

  • Less is not always more when it comes to identification programmes

  • Treat your compliance/ fincrime team as business enablers, engaging them in discussions earlier

  • Answer your build, buy or both question

  • A risk-based approach marries itself perfectly with transformation projects

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch at: contact@fintrail.co.uk