Money laundering, bribery and corruption are still a pressing issue within financial institutions, but the best way to combat this is through solid operational risk management sponsored from the top.
The sheer scale of the risks financial institutions face from illicit players is immense. It is estimated money laundering costs the UK over £100bn a year, according to data from the National Crime Agency. This is just a small part of the criminal activity that plagues the financial sector. Diligence, surveillance and a host of other methods are used to combat this, but Ideagen head of product Gordon McKeown said, “operational risk is the heart of it.”
If a firm wants to ensure they are well safeguarded, it is by leveraging technology to implement an operational risk management process, with appropriate structures and oversight. . He said, “The starting point to really prevent money laundering and put the right kind of control barriers in place, is through a risk based approach.” This means having a process for identifying and categorising risks, establishing preventive and mitigating controls and then actively managing these controls, and all of this made visible as MI via dashboards. . Some of these controls will of course be the aforesaid AML, KYC, CFT and such solutions.
Patchy or absent risk management has been a cause for the frequency of financial crime the market is still seeing. In 2019, the UK’s Financial Conduct Authority issued a total of £392m in fines. The biggest financial penalty was issued to Standard Chartered Bank, totalling £102m, which it received for breaches to money laundering regulations. Despite the amount of regulation and money spent on fighting illicit activity within financial institutions, these fines are a common sight. Boards and Execs in FS firms don’t want to break the law, the problem is they don’t know what is going on in their own organisations because they often have surprisingly poor processes and systems for managing the respective risks.
McKeown stated that negative events slip through the cracks when compliance management is not risk-based. “Without risk-basis, you just have a focus on providing information to a regulator, not strengthening the golden thread of governance and assurance. In the context of financial crime and fraud, without risk-basis you never truly tackle the hazard: the moral hazard presented by large amounts of money.”
Since the global financial crisis, regulators have increased their efforts to curb malfeasance and this is helping to build more risk maturity within financial services. “Before 2009, governance in financial services was relatively chaotic. It was under-regulated and was a little bit wild-west. That under-regulation and lack of supervision allowed the moral hazard to run rampant. I often compare it to the laissez-faire behaviours of the oil industry in the 1970’s before a series of awful disasters led to the modern safety culture
Since then, the industry has had a dramatic shift. Regulators have moved into an inspection culture to try and weed out wrongdoings. “There’s now a zero tolerance of that in our society.” McKeown said. “No one wants to work for dirty companies. People don’t want to buy products from dirty companies, whether they’re dirty through pollution, their behaviour, financial fraud and crime, supply chains or exploiting workers in other countries.” This societal pressure pushes firms towards a proactive risk culture where they actively do the right things. McKeown noted that strong governance gives a firm competitive advantage.
The risk-based approach to compliance changes the culture and behaviour to be proactive to problems rather than reactive. A firm is better able to understand its governance objectives, what it wants to achieve, its obligations in terms of financial fraud and crime, and how it can manage it efficiently to ensure the right controls are in place.
He added, “At that point, the industry starts to become more excellent. You get operational benefits and value creation from compliance, because it stops simply being a chore and becomes somewhat of a place where value is created in your organisation. I’m a zealous evangelist for good operational risk management as a starting point. Once you have this in place, compliance becomes a bi-product of operational and cultural excellence. For example, AML just becomes a control management solution within the wider risk management framework.
Cloud technology is integral for making risk management work. McKeown explained that it gives access to intelligent cloud services like natural language processing and machine learning, which enable predictive risk. It enables data analytics to build dashboards that offer real-time visibility of emerging problems. This technology can use the data in ways humans can’t and pick up on trends that a human might miss. .
Having that strong risk management can even help a firm be prepared for unforeseen circumstances. For example, McKeown stated that one of Ideagen’s clients was able to mitigate the impact of Covid-19 by repurposing a risk register. In February 2020 the firm quickly remodelled their “terrorist attack” risk as “pandemic” risk, as both scenarios are based on the firm not having any control on the event and having to evacuate premises. This empowered them to examine what mitigations they could have and their potential consequences, and then used that to build a response plan for the pandemic which made them more robust and ultimately more resilient
“I spent a lot of time talking to customers about how they responded to COVID and witnessed how good operational risk management processes and systems made firms more robust and thus better able to weather an unexpected storm.”
Ideagen is helping companies establish strong risk-based approaches to compliance. It is launching a new enterprise risk management solution this year, which will help companies be more proactive with their compliance and strengthen governance and assurance. One of the things the solution will have is a regulatory risk control library to help facilitate compliance with FS regulations such as SMCR.
To learn more about Ideagen click here to see how their SMCR solution can ensure accountability standards are met, whilst boosting productivity
Copyright © 2021 FinTech Global
Copyright © 2018 RegTech Analyst
