Mitigating Financial Crime Risk: Challenges, Mistakes and Best Practices
With an ever-changing regulatory landscape and unpresented fines issued by regulators, it’s never been more pressing for businesses to find the right KYC solution.
In their latest report on global fines, Fenergo stated: ‘Since the financial crash in 2008, an estimated $46.6 billion in enforcement actions has been levied against financial institutions and individuals for non-compliance with AML, sanctions, data privacy and MiFID obligations’. Goldman Sachs alone has been fined $6.821 billion by nine regulators in five countries. This can, of course be avoided; implementing an effective and scrupulous KYC process can save banks up to $10 million each year.
According to Yves Laffont, Head of Risk, Regulation and Compliance: “The financial crimes functions across many organisations have become that one place where all organisational issues congregate, on the forefront of global operational transformation. Failing to comply can result not only in financial collapse, but also reputational ruin.”
Key challenges organisations face
The complexity and scale of remediation programmes coupled with inefficient processes can make mitigating financial risk an insurmountable challenge. Remediation programs of work can take anywhere from 18 months to four years to complete, so lack of time resource is often a significant challenge. In many cases, in the time it takes an organisation to get to grips with their KYC remediation requirements and determine the best strategy to address them, the problem has already worsened. Other common challenges include:
Cost of performing remediation
The cost of carrying out KYC remediation work is continuing to increase year on year. Hundreds of millions are allocated annually by UK firms to KYC and this is set to rise. Worrying still, is the added cost companies face if they get it wrong and have to pay out for external firms to come in and remedy the mistakes - or worse, are fined by the regulator for failing to put adequate measures in place.
Lack of dedicated resource
When issued with a remediation order, many firms will move resource from other areas of the business to work on their KYC strategy in lieu of dedicated KYC experts, which can cause disruption and losses in other areas of the business. This is a common issue that is widely shared across the sector. In a recent poll conducted by FDM, senior figures in the finance industry named ‘Resource Constraints’ as their main challenge when it comes to adhering to regulatory requirements.
Shortage of internal Subject Matter Experts
Many firms are finding that their organisation lacks the specialist skills required to transform their regulatory process and keep pace with rapid technology development and regulatory changes.
The skills shortage in this area means that many feel the best option is to engage the services of the ‘Big Four’ to address their anti-money laundering requirements. However, this is not the only route available; there are complementary approaches that provide a longer term, more sustainable solution.
Working with an alternative provider ensures that the work is delivered in a more integrated way and helps to establish a repeatable and sustainable process for identifying and solutionizing similar issues in future.
What are the biggest mistakes that companies make?
Alongside the numerous challenges companies face, there are also common mistakes that many fall victim to. Some of the most prevalent among finance firms include:
Avoiding the problem
Many organisations wait too long to address potential issues when they first occur, which results in the problem worsening until it’s possible to manage. Others may be unaware of any potential compliance problems until they face a regulatory audit. Poor communication and failure to review and improve internal procedures are often how companies end up in this situation.
Half resolving the issue or just paying for the problem to go away
Organisations often make the mistake of focusing on one area where they know there is a problem (or paying a third party to do this on their behalf) and neglecting the fact that there is a wider issue at play. Companies need to adopt a rigorous analysis of all KYC processes and policies if they are going to mitigate their financial crime risk in a meaningful way.
Not following their own policy
Many companies have comprehensive KYC policies but fail to ensure that operations are following them which means their risk level remains high. Without strict adherence to KYC policies across all relevant departments, it becomes largely redundant.
Failing to keep on top of regulatory changes or adapt their policies to meet the requirements of international regulatory bodies
Lack of regular monitoring of the regulatory landscape can result in crucial changes in legislation to be missed, which means that organisations can become non-compliant without even realising. It is fundamental that finance companies have a monitoring capability in place to keep track of new compliance rules and legislation to keep their AML risk low. The same applies for global markets. Without regulatory resource dedicated to understanding the regulatory demands and legislation of different countries, companies risk substantial fines and legal penalties when operating in international markets.
Best Practices for Effective Financial Crime Mitigation
1. Understand current state of play
This is crucial for determining what is working and what is not. Companies should undertake a full audit of all internal processes, technology, stored and third-party data and coordination between departments. This will help to determine the weak spots within the current KYC setup and prioritise actions.
2. Categorise your key issues and find appropriate solutions to address each.
According to Richard Kayley, Financial Crime Delivery Manager for Legal & General, it is important to understand where the bulk of the issues lie; is it strategy, policy or technology and data?
- Strategy: Companies must ensure that they have a robust strategy for mitigating financial crime risk. If this is something an organisation doesn’t have, or doesn’t have the resources to implement, enlisting the services of external KYC specialists is beneficial.
- Policy: Fine-tuning internal policies on a regular basis is important to ensure compliance with new legislation and ensure they are embedded at every level of the business. Again, introducing external experts can be valuable here, so long as it’s in collaboration with internal teams and stakeholders.
- Technology: In a report by Deloitte, ‘48% of banks and FIs said that insufficient or outdated AML compliance technology was one of their biggest compliance challenges.’. Organisations should evaluate their current technology stack to understand if it is using outdated or ineffective technology. They should consider whether they can utilise their current technology further, or whether investing in updates or seeking alternative providers is necessary.
- Data: Stale or inaccurate third-party data are a common cause of non-compliance. Reviewing third party data sources, data collection and cleansing methods on a regular basis can help to reduce risk, eradicate false positives and improve the accuracy of KYC decision-making.
3. Ensure your KYC and AML framework is fit for purpose, especially if scaling into global markets
The next stage is to build out robust policies, processes and AML framework. It’s critical that this includes regular monitoring of new legislation and regulatory guidance and companies should aim to automate this process wherever possible to improve efficiency.
To keep costs at a minimum and ensure remediation is achieved in a timely manner, financial firms should seek a KYC partner who can provide the necessary skills and guidance to assist with operational effectiveness while maintaining their risk management level.
Financial Risk Mitigation with FDM
Since 2015, the team at FDM have been working on a dedicated programme to help customers address their anti-laundering requirements. We work with organisations as partners to help them be one step ahead when it comes to navigating this complex regulatory landscape.
We embed a team of skilled professionals who carry out analysis of the problem and execute the solution. Unlike the many consultancy firms, FDM operates under the client’s control to provide insights and learnings on a problem, and collaborate on finding the best solution.
Contact us to find out more about how FDM can help your business with financial crime prevention and speak to one of our expert team.