The importance of RegTech in financial crime risk management
How RegTech & financial crime risk management technologies can benefit your business and society
As the impact of financial crime continues to grow, both on businesses and society in general, more and more organisations are recognising the importance of adopting RegTech within their risk mitigation strategies.
The cost of implementing regulatory technologies, or RegTech, to better-manage financial crime risk management obligations pales in comparison to the broader implications of failing to act. The cost of RegTech is a fraction of the of the hefty regulatory fines which can be issued for non-compliance. Along with fines, failing to guard against financial crime can result in lost data and significant financial losses, compounded by long-term reputational damage.
While businesses are recognising the importance of adopting technology within their financial crime risk management strategies, take-up can still lag behind what is required to protect the business – as seen by the many high-profile breaches reported in the media. The cost of economic crime and fraud reportedly reached US$42 billion globally over the last 24 months, according to PwC’s Global Economic Crime and Fraud Survey 2020.
In the UK, 54% of organisations reported losing more than $1 million as a result of each incident.[1]
Of course, there is also a human element to these financial crimes; they are not just statistics. The social impacts are not always immediately evident to the business, which can nurture an environment with lack of ownership. According to the World Economic Forum, financial crime is a trillion dollar industry with an immense human cost – from human trafficking to prostitution and child labour. [2]
RegTech helps combat the hidden cot of financial crimes in terms of the personal devastation to victims, and the significant impact on the most financially vulnerable members of society. Firms must act on the guidance of the FATF and ensure that an enterprise risk assessment be at the heart.
Which entities and jurisdictions are at high risk?
Australia is a member of the Financial Action Task Force (FATF), an inter-governmental body that sets AML/CTF standards, monitors the progress of members and identifies vulnerabilities which could expose the international financial system to misuse.
According to FATF, the high-risk groups of reporting entities include:[3]
| Domestic banks | Stock brokers |
| Foreign and investment banks | Alternative remittance dealers (including affiliates) |
| Non-bank lenders and financiers | Trustees of managed investment schemes |
| Financial services intermediaries | Pubs and clubs |
| Superannuation fund trustees | Custodians |
As part of an organisation’s AML/CTF program and reporting obligations, it also important to be aware of which countries, regions and groups may pose a high risk of money laundering or terrorism financing. Currently, two countries are listed as High-Risk Jurisdictions subject to a Call for Action, and two as Jurisdictions under Increased Monitoring.[1]
According to the Australian Transaction Reports and Analysis Centre (AUSTRAC), countries and regions may be considered high-risk if they are:
- Deemed a high-risk or non-cooperative jurisdiction by the FATF.
- Prescribed foreign countries.
- Subject to sanctions.
- Known tax havens.
- Known to provide support to terrorist organisations.
AUSTRAC recommends organisations use the FATF statements to guide their AML/CTF programs. It stresses the importance of the risk assessment and how it underpins the AML program. When dealing with high-risk countries and regions, AUSTRAC says businesses may need to:
- Apply enhanced customer due diligence procedures,
- Take the risk into account when monitoring transactions, and
- Make suspicious matter reports.
The impact of COVID-19 on financial crime risk management
The social and economic fallout of the COVID-19 pandemic has impacted every aspect of society. Criminals have been quick to exploit this through various financial crime attack vectors.
Working from home, outside the protections of the traditional office network, can leave staff less equipped to manage the risks of financial crime. Relying on remote access can present challenges when it comes to ensuring controls are still working as intended and not being inadvertently bypassed.
Staff may lack the access required to handle some situations, such as the ability to tweak rules on a transaction monitoring system to address a shift in behaviour and interactions.
The disruption to both local and offshore workforces presents significant challenges when it comes to financial crime risk management. Despite these disruptions, there are continued expectations from regulators that anti-money laundering and know your customer compliance must be maintained. This comes amid a growing volume of alerts flagging potential issues, due to changing economic conditions and customer behaviour.
Why adopt RegTech for financial crime risk management?
To combat financial crime, it is vital that organisations have the capabilities to identify, assess and mitigate the business vulnerabilities which these types of criminal activity exploit. They need comprehensive and repeatable processes for enterprise risk assessment, audit and assurance programs.
Reliance on spreadsheets and manual processes for financial crime risk management leaves the business vulnerable and creates significant risk. Now is not the time to be complacent or overlook compliance obligations, as financial criminals are finding new avenues to launder funds and expand their operations – while also taking advantage of the extra challenges which the COVID-19 pandemic presents to business.
Traditional approaches to financial crime risk management obligations can be flawed in a number of ways. They are often very manual processes and workflows, lacking clear documentation on how they work. This makes it difficult to consolidate and audit track data, as well as navigate to a source of truth. Such Excel-driven regulatory compliance models are flawed in that employees spend time data-crunching, which could be better spent adding value elsewhere.
Worse yet, compliance reports can be written in Word or PowerPoint, which is not only an inefficient re-keying of data with the potential for errors, but can also lack standardisation and leave the business with a fragmented assortment of unstructured data which is extremely difficult to manage, collate and analyse.
A lack of standardisation as to how assessments and reviews should be approached, and how often they should be undertaken, creates less accountability. Regulated entities need to have confidence in their risk assessments and AML/CTF programs, especially when explaining them to boards and defending them to regulators.
The use of a common platform for managing regulatory obligations – as part of a wider effort to digitise, standardise and optimise internal processes – is more important than ever. For large enterprises with multiple business lines or functions, utilising a solution which allows them to easily adopt the same methodologies across the board helps provide a broader organisational view when observing risk and compliance across the entire business.
The situation is exacerbated as more employees are forced to work from home due to the COVID-19 pandemic, leaving this valuable business data distributed across a wide range of devices in a wide range of locations.
Methodologies may exist however often the process itself may lack smart workflows and standardisation. Plus, they lack a field-level audit trail. The lack of a centralised system for financial crime risk management matters makes it harder for the business to harness the power of the data and to implement cross-industry benchmarking to see how they are tracking.
How can RegTech assist with financial crime risk management?
Continuing growth in data volumes, increasing regulation and pressure from reform regulators means that organisations of all sizes must evaluate implementing RegTech to undertake risk management and compliance functions. RegTech innovations can serve to augment and enhance compliance in a range of areas including:
| Know your customer | Regulatory reporting |
| Know your employee | Risk assessment |
| Anti-money laundering | Compliance training |
| Transaction monitoring |
A key benefit of implementing RegTech is solutions which are fully tracked and auditable. Purpose-built risk assessment solutions are available which allow organisations to configure their own anti-money laundering and other policies, perform enterprise risk analytics and controls testing and generate board-level reporting. These can be generated as an organisation builds and completes assessments.
Regulatory compliance is not a one-off ‘set-and-forget’ task. With less reliance on manual processes, the right RegTech solution allows organisations to increase the frequency of risk assessments when risk levels change. Adopting this technology confirms the risk factors being assessed are in line with the latest guidance from regulators, ensuring issues are detected and rectified sooner rather than later.
The human element and social impact of many financial crimes is often hidden from sight, which can inadvertently nurture an environment with a lack of ownership when it comes to tackling these issues. RegTech implementation can assist with driving this cultural change within an organisation by helping raise awareness of issues such as the funding of terrorism and money laundering, as part of a social responsibility framework.
This requires not only appreciating the regulatory implications of such breaches for the business but also the impact on end victims and society as a whole. This includes the wider potential for social harm, such as the implications of financial crimes aiding money laundering which can finance human trafficking, slavery, drug trafficking and terrorism.
A robust anti-money laundering risk management framework includes:
- Assessing country-specific AML laws
- Undertaking a money laundering and terrorism financing risk assessment
- Understanding your ‘know your customer’ collection and verification requirements
- Introducing enterprise risk analytics across the organisation.
- Establishing a full audit trail across the entire AML risk management process
- Receiving ongoing notifications of AML regulatory changes
Organisations are adopting financial crime risk management technology to comply with the risk-based approach of legislation, to help them identify, assess, mitigate and manage risks for money laundering, bribery, fraud, cyber and other risk domains. This allows them to better understand their risk profile and ensure the most effective controls are applied to reduce the organisation’s risk exposure.
These measures are crucial when boards are obligated to demonstrate that their compliance programs are fit-for-purpose and effective in managing their risks. Assessing this involves:
- Mapping policies/procedures to compliance obligations.
- Performing control testing.
- Documenting key observations/recommendations in reports.
- Using data analytics to derive actionable business intelligence on compliance data.
How can Arctic Intelligence help?
Arctic Intelligence’s business is centred around democratising the financial crime management process. It guides organisations to compliance by providing a technology solution which helps them to strengthen their defences against financial crime. These solutions help organisations seamlessly manage the regulatory compliance cycle by identifying, assessing, managing and mitigating risks to achieve their compliance obligations.
Arctic’s Intelligence’s risk assessment is tailored to more than 30 different industry sectors, with AML program templates based on country-specific AML laws. It offers a full audit trail across the entire AML risk management process, which includes:
- Action and issue tracking to help manage improvements.
- Ongoing notifications of AML regulatory changes.
- Enterprise risk analytics across your organisation.
- Full hosting in a secure cloud environment, supported by AML risk experts.
When it comes to governance, Arctic Intelligence’s AML Accelerate and Risk Assessment enterprise solutions help regulated businesses and consultants assess their risks, develop a financial crime risk management program and establish a manual of controls.
In terms of review, Arctic Intelligence’s Health Check solution helps regulated businesses assess the design and operational effectiveness of their financial crime compliance programs.
To book a demo, please click here.
References
[1] PwC, “Global Economic Crime and Fraud Survey: Australian Findings”, https://www.pwc.com.au/consulting/assets/pwc-gecs-2020-au-report.pdf
[2] World Economic Forum, “Why We Need to Talk About Financial Crime”, https://www.weforum.org/agenda/2018/01/we-need-to-talk-about-financial-crime/
[3] FATF, “Anti-money laundering and counter-terrorist financing measures – Australia”, https://www.fatf-gafi.org/media/fatf/documents/reports/mer4/6-Supervision-Mutual-Evaluation-Australia-2015.pdf
[4] FATF, “High-risk and other monitored jurisdictions”, http://www.fatf-gafi.org/publications/high-riskandnon-cooperativejurisdictions/?hf=10&b=0&s=desc(fatf_releasedate)
Follow us on LinkedIn and Twitter for a daily dose of financial crime news across the globe.
