The new coronavirus pandemic is challenging the financial services industry on a whole new level of disruption. In particular, risk management and due diligence practices have been widely affected by the ‘contactless’ reality we are currently facing. In speaking with our customers, they shared with us some of their most burning challenges:
- New risks as criminal activities morph and proliferate, crossing over from the physical to the online world, in unusual schemes and patterns that fraud detection tools were neither prepared nor equipped to red-flag
- Difficulty keeping up with the unprecedented amount of amendments to legislations and rules made due to the global emergency, and consequent obstacles in granting compliance
- Lack of seamless remote access to many of the systems that compliance officers need to log in to in order to screen customers (e.g. for AML and EDD) and their ongoing activities (e.g. transactions monitoring, SAR, etc.) or to perform recurring regulatory reviews (KYC & KYB, suitability, FATCA, CRS, and more)
- An overload of new requests for certain lines of business like access loans or financial planning services, all of which require a thorough due diligence, an activity that is typically highly time-consuming – potentially taking even longer under current circumstances – despite the extraordinary urgency of these requests
The industry-wide unpreparedness for this sudden shift will, at the very least, translate into massive backlogs and workload peaks, exposing firms to fraud and security issues as risks are not being properly identified and addressed. In short, a huge burden is weighing on compliance and risk management functions.
Simplification, rhythm, and flexibility will be the key elements in helping institutions come out on top in this wilder, riskier world.
Simplification. Compliance officers have to log in and out from up to 16 different systems in their day-to-day job. Firms now need to lighten the load on their compliance and risk officers to the best of their ability. Whatever tasks can be automated by technology must be. Ideally, this looks like digital orchestration of activities, automated checks, instant KYC, cross-jurisdictional rules embedded in CLM workflows, all of which ensure to dynamically assess which action to take: straight-through processing, or triggering the right action to mitigate risk, or escalating dossiers for faster, smarter, more focused decision-making. This will eliminate unnecessary bureaucracy, giving time back to experts to focus on what really matters: detecting new fraud patterns, clearing true positives, etc.
Rhythm. Financial firms have to speed up the adoption of innovative technologies allowing for fast, automated, and data-driven risk assessment; they can do that by shifting from a ‘build’ approach to a ‘buy and configure’ approach, taking a well-known lesson from the automotive space, as McKinsey pointed out in their Global Banking Annual Review 2019. In the '90s, German car manufacturers started integrating pre-built modules in their value chain, provided by highly specialized providers. This modularization significantly improved productivity. By leveraging today’s mature RegTech ecosystem, and on multiple and alternative data sources thanks to API-based and cloud-ready architectures, financial services firms can intelligently configure and orchestrate these technologies, making them accessible through a single entry point for users, thereby reducing response time, manual activities, and friction for both clients and employees.
Flexibility. In times when face-to-face is not possible and teams are dispersed as they work remotely, it is imperative to grant smooth collaboration among all participants in a process. While a one-size-fits-all approach with a strict sequence of pre-defined activities is suited to clerical work, compliance and risk staff have to handle exceptions and outliers that require substantial flexibility and ad hoc steps to adequately respond to the specific nature of an occurrence. Today more than ever, knowledge workers (compliance and risk professionals) need tools that enable them to quickly act upon tasks by self-constructing the series of activities that must be performed and to collaborate in parallel with other stakeholders over a same client dossier. This allows for virtual proximity with experts across the firm, a key element to risk handling.
Today’s perception of risk has changed
The pre-COVID approach wherein financial firms followed a “risk elimination” strategy with IT security, as well as in governance and compliance, now is seen as presenting a massive business risk. Financial institutions have had to relax many policies almost overnight to turn risk management into adaptive due diligence in order to support customers and employees more flexibly, rather than forcing them to interact in a pre-defined way. Although policy relaxation will surely be short-lived, adaptive and outcome-based regulatory compliance is going be a theme for quite a while.
It is clear that operational agility and an acceleration of investments in digital tools have taken a new level of precedence in nearly every financial firm; the realm of regulatory compliance and risk management is by no means excluded in this. Indeed, the right technology represents a great opportunity for firms to take a factual step into the future of compliance agility by design.