By Jessica Cath (Senior Consultant, FINTRAIL)

In July 2020, FINTRAIL wrote about the hot topic of digital onboarding and how to use Compliance as an enabler to necessary digital transformation.  With much of the world living life from their sofas and managing their day-to-day financial needs from home, COVID-19 had kickstarted a rush for digital onboarding. 

Three months later, as we settle into the new normal, we have an opportunity to reflect on the potential risks of implementing new technologies in challenging circumstances, as well as the opportunity to refine the digital journey going forward.

Successful digital implementation in the long term depends on fully understanding the technology and the associated risks – and how these risks fit within your risk assessment and existing control frameworks.

FIRST IMPRESSIONS MATTER

A streamlined onboarding process is vital for both customers and firms. 

Onboarding is the first opportunity to showcase quality relationship management, build trust with new customers, and demonstrate both efficiency and technological prowess. Onboarding is also expensive and scattered with regulatory requirements, so it is vital for firms to get it right first time and in a short timeframe. 

Digital onboarding can offer solutions. Replacing or refining traditional and often paper-based onboarding channels can speed up the process, improve user experience, reduce costs and - if implemented correctly - enhance compliance with regulatory requirements.

COVID-19 AS AN ACCELERATOR

The arrival of COVID-19 meant that digital onboarding capabilities became a matter of priority. Lock down measures restricted face-to-face interactions and any paper-based onboarding was effectively halted. 

Today, despite the relaxation of restrictions, we still see fewer customers at physical locations and fewer face-to-face interactions. 

We have also seen more customers proactively choosing to use digital channels. Digital experiences during lock down have increased confidence in technology channels and most customers now expect fast, seamless and digital onboarding.

THE RISK OF RUSHING

Despite many benefits of digital onboarding, rushing into new technology can expose the firm to risks – particularly if new technology is implemented in haste.

Given the challenging circumstances of remote operations and the need to adopt technology at speed, these risks are heightened.

Network and data risks 

Risks to data and network security are particularly high. The pressure to maintain business continuity during COVID-19 may mean that compromises were made. New technology may have been implemented with quick-fix workarounds outside of the fundamental security principles. With limited time for comprehensive proof-of-concept testing or securing systems-by-design, new technology or its integration may have vulnerabilities and leave the firm exposed.

Financial crime risk 

Risk of exposure to financial crime is also high. COVID-19 has proven to be a fertile ground for fraud and cyber-enabled crime. Confusion, misinformation and fear make customers and firms more vulnerable to fraudsters. Any new onboarding technology must be properly configured to the firm’s specific client base in order to effectively mitigate new fraud risks. 

TIPS FOR SUCCESSFUL DIGITAL IMPLEMENTATION

To overcome these challenges, there are several considerations and top tips for successful digital implementation. Ideally these steps would be taken prior to implementation but also offer areas for reflection and refinement if the digital solution is already in place.

1. Understand the technology you are implementing

Fully understand the technology, data flows, security, configurations and the third-party provider themselves. 

The technology should be assessed and reviewed before implementation, with careful consideration given to secure, seamless integration. If workarounds are implemented to enable integration, these should be properly documented with appropriate debate, governance and oversight. Any workaround should also be reviewed periodically and re-assessed with a view to achieving a more permanent solution.

The third-party provider should also be assessed and subject to checks and screening in line with internal policy requirements. These checks should be documented with appropriate sign-off. If any of these checks were fast tracked during the lockdown period, now is the time to review and verify.

2. Ensure the technology fits within your risk appetite 

To ensure long-term success (not just to meet the needs of COVID-19 lock down), the technology should fit within the firm’s existing risk appetite and wider technology strategy. 

Despite the unprecedented circumstances, the Financial Conduct Authority (‘FCA’) made it clear that firms should not divert from established risk appetite. In their May 2020 publication on financial crime systems and controls, the FCA stated ‘firms should not seek to address operational issues by changing their risk appetite’. The functionality within any new onboarding solution should be reviewed in line with risk appetite, and any risk decisioning should be documented with appropriate governance and oversight. 

Any new digital solutions should also map against the firm’s digital journey in the long-term, instead of being implemented as a quick-fix solution. If there are discrepancies, these should be documented and addressed in the next iteration of the strategy to ensure alignment.

3. Update risk assessments and controls 

Similarly, risk assessments and control frameworks should be updated to reflect the use of new technology. 

Enterprise-wide risk assessments should be reviewed in light of COVID-19 and changing risk scenarios, as well as the implementation of digital solutions. New onboarding solutions may address some of the risk scenarios created by COVID-19 but can also create new risks that may need to be mitigated through other control measures.

For instance, new controls may need to be added to test the platform itself. As part of a digital onboarding solution, a new screening tool may have been integrated for faster sanctions, PEPs and adverse media screening of new customers. The firm must periodically test the screening platform – to verify the outputs and ensure it continues to work as expected, in line with parameters set by the firm’s risk appetite.

4. Ensure proper integration with infrastructure and process

Finally, to get the best out of new digital solutions in the long term, ensure it is fully integrated with both current infrastructure and streamlined processes.

Fully streamlined integration with existing infrastructure often requires comprehensive proof-of-concept testing. With limited time for testing during the COVID-19 lock down period, there may now be opportunities for refinement – both from an operational and security standpoint.

Firms should also take time to review operational processes sitting alongside the use of onboarding technology, to prevent duplication of process steps or error. New digital onboarding solutions offer opportunities for speed and efficiency, but only if old processes are adjusted and refined.

KEY TAKEAWAYS

• Digital onboarding solutions can benefit user experience, process streamlining and regulatory compliance, but can also expose the firm to further risks

• Successful implementation depends on fully understanding new technology and the associated risks - and how these sit within established risk appetite

• Existing risk assessments, control frameworks and processes should be updated to reflect the implementation of new digital solutions

• If any technology was implemented in haste for COVID-19 lockdown, now is the time to review and close any gaps!

If you are interested in speaking to the FINTRAIL team about this or any other financial crime topic please get in touch at: contact@fintrail.co.uk