Please enter your email to subscribe. By doing so, you are opting-in to receive news from Guidepost Solutions LLC.
Financial crimes, and the people who commit them, continue to evolve with the digital age. Traditional methods for combatting these crimes can no longer be expected to work. Innovative, technology-based solutions to fight financial crime are now almost just “table stakes.”
As with most tech innovation, implementation is the key. And when it comes to tech solutions that combat financial crime, and therefore doing what’s necessary to become compliant, implementation isn’t easy to achieve. It requires a high level of collaboration within an organization, and must also be driven by a process that can be validated by regulators and consistent with a company’s legal requirements.
The growing pervasiveness of financial crime is clear and present. In Refinitiv’s 2018 global financial crime survey “nearly half (47 percent) of respondents confirm[ed]that their organization had been the victim of at least one form of financial crime in the last 12 months.”
A 2018 survey conducted by PwC found that the types of financial fraud have also diversified over time.
According to PwC, 48% of organizations experienced asset misappropriation and 49% experienced cybercrime in 2018 in the US. Those numbers are significantly higher than other types of financial crime in their survey, such as bribery and corruption, that were prevalent in the years prior to the tech boom.
The regulatory requirements governing financial crime compliance are a patchwork that has to be understood. For example, the U.S. Department of Treasury enforces its regulations under the umbrella of the Financial Crime Enforcement Network (FinCEN), which, Treasury states, is a “government-wide, multi-source intelligence and analytical network to support the detection, investigation, and prosecution of domestic and international money laundering and other financial crimes.” Treasury also has the primary authority to enforce the Bank Secrecy Act (BSA) and the USA Patriot Act.
Many other law enforcement and regulatory agencies play an increasingly large role in battling financial crime. Homeland Security and the Federal Bureau of Investigation frequently spearhead criminal investigations relating to financial compliance. The Securities and Exchange Commission (SEC) also has a role in BSA enforcement, as the Securities Exchange Act requires broker-dealers to comply with certain rules adopted under the BSA.
There are also specialized regulators that play a role in financial crime compliance, including the Financial Industry Regulatory Authority (FINRA), the Office of the Comptroller of the Currency (OCC), the Federal Reserve, and others. In addition, states may have additional requirements for regulated entities. The New York State Department of Financial Services has requirements for certification relating to transaction monitoring and filtering programs.
There’s a lot more to achieving compliance than simply understanding the respective government entity requirements and expectations. When considering financial crime technology solutions, an important starting point is ensuring that the organization has a top-down, affirmative commitment to a culture of compliance. This commitment involves management focus and budget discipline around compliance efforts. Without this commitment, the task of adapting to new technology is likely to fail.
In addition to embedding compliance within a company’s culture, compliance with these laws and regulatory requirements starts with building risk-focused, compliant and commercially intelligent anti-financial crime frameworks. There must be a clear understanding of any existing weaknesses or gaps in the framework supporting a company’s compliance program. Gaps may include deficiencies in a company’s monitoring, control systems and training. Those gaps are ideal places to deploy new technology or solutions.
The deployment of new technology into a compliance program that does not have sufficient internal support, resources, or integration creates confusion and underutilization. Or, worse yet, the new solutions could generate financial crime findings and trends that the company then ignores—purposefully or accidentally—and fails to sufficiently remediate.
While no single solution fits all financial crimes, there are specific overarching considerations for companies looking to implement financial crime technology to protect themselves and by extension their customers/clients and business partners.
First, make sure that tools the company is considering have a proven testing ground. Are any of the company’s peers using these tools? Who is investing in and fostering the development of the technology, and is that backer have a history of reputable technological investments? While many technology enhancements have the potential to substantially improve a company’s efforts to fight financial fraud, some of the potential may be unproven. One way many companies are reducing this risk is by demanding the availability of technology “sandboxes”, or designated areas for technology testing and experimentation.
Second, if a company wants to utilize a technology enhancement that is disruptive or attacks the financial crime problem differently than some historical approaches, the company should consider meeting with its regulators and informing them about their approach and the benefit of the new tool. The regulator may have a perspective on the tool that is beneficial to the company, and the company may benefit from providing education about the scope, protections, and value of the tool. Relatedly, a company should also understand upfront how much customization is available to ensure that the financial crime tool maps to the company’s unique business and financial crime needs.
Third, companies should always carefully detail in their contractual agreements what will happen if it decides to stop using a specific technology solution. Some technology options will not be sustainable or productive for the long term and it is important that a company can easily “off-ramp” to ensure that its data is available, protected, and able to be transitioned to a new approach.