Anti-financial crime technology updates needed to meet regulators’ increasing supervisory capacity

The financial crime technology stacks within banks, investment firms and insurers are struggling to meet today’s regulatory expectations. Although many financial services firms are working hard to meet their compliance obligations, out-dated software is now holding them back from realising the best compliance outcomes. 

Growing regulatory sophistication around financial crime takes many forms. To begin with, regulators are much savvier about technology and data. For example, the UK Financial Conduct Authority (FCA) has access to cutting edge financial crime and anti-money laundering technology through its Regulatory Sandbox, Digital Sandbox, and FCA Innovation Hub programmes. Over the past two years, the regulator has also brought in key technology talent, including a new CIO, and a director – intelligence and digital. Jessica Rusu, chief data, information, and intelligence officer, established a new division – Data Technology and Innovation – after she joined in June 2021. Recent new rules, such as the Consumer Duty, contain informed data and technology expectations – a supervisory approach that is also being applied in some areas of financial crime, such as trade surveillance.  

The FCA is also making its expectations clear in what it is saying at industry events. For example, in a September 2022 speech, Sarah Pritchard, executive director of supervision, policy and competition – markets at the FCA said, “Embed your financial crime checks in your systems from day one but keep evolving as the threats evolve. Use the power of data and tech and stay alert for situations in which you may need to recalibrate your defences and alerts.” The regulator is not standing still when it comes to data and technology, and it doesn’t expect firms to, either. It wants to see compliance agility within firms. 

Increasing enforcement 

As well, the UK FCA is using enforcement actions to make its messages around financial crime processes – including data and technology – heard. For example: 

  • In mid-July 2022, a firm was fined more than £2 million for inadequate financial crime systems and controls, pushing the firm into liquidation. 
  • In late June 2022, a branch of a bank was fined more than £5 million for failing to have the right policies and procedures in place, having inadequate enhanced due diligence, and having inadequate enhanced ongoing monitoring.  
  • In December 2021, a large international bank was fined nearly £70 million because its policies and procedures for two of its key automated transaction monitoring systems were not appropriate or sufficiently risk- sensitive, and the bank did not ensure the policies that managed and monitored those systems were adequately followed. 

So, while the regulator is encouraging firms to raise their game around financial crime data and technology, it is also inflicting significant punishment on those which don’t meet the required standard. 

Fresh expectations 

Regulators want to see improved use of data and technology to meet financial crime compliance requirements within firms. They want to know why firms have the solution in place that they do, what their processes are, and how they manage the data. They are looking at the suitability of the firm’s controls and the effectiveness of those controls.  

In short, regulators are demanding more explainability of processes and outcomes. Much of current financial crime technology is a “black box”, and financial firms do not understand what is going on inside. Regulators are pointing out that this means that these firms do not have a sufficient grasp of key elements of their overall financial crime programme – the data and the technology – and this can lead to suboptimal outcomes.  

Firms should seek a financial crime solution that delivers an open-box approach, providing transparency of the logic behind every risk decision, and an audit trail of decision-making. Also, the solution should enable the compliance team to model and test the impact of new screening requirements – to improve speed to compliance –​ and provide specialised support for all major commercial watchlists. A cloud-based solution delivers more agility, which gives regulators confidence that the firm is capable of complying with future regulatory change. ​​ 

For many firms, now is the time to upgrade the data and technology that supports their financial crime processes. New approaches to financial crime processes deliver on regulatory demands, while at the same time enhancing the ability of firms to detect and prevent financial crime taking place within their organisations. 

Financial Firms Run Real Risks with Legacy Sanctions Screening Software

The financial crime technology most firms have in place today is ageing quickly and needs to evolve. Incumbent screening tech stacks for anti-money laundering (AML) compliance have not kept pace with the increasing complexity, scale and velocity of new risks.  This creates substantial operational pressures that are grow larger with each passing month.

A rapidly changing world

A good example of this situation can be found in the volume of Russian sanctions that have been implemented since February 2022. The US has put in place 1,375 Russian sanctions, the UK 1,375, and the EU 1,143. This is 73% of all the sanctions against Russia issued since 2014.[i] Legacy technology-based AML screening technology simply cannot respond with agility to this pace, and so firms have had to increase compliance headcount to support their sanctions screening processes. However, this expediency is unsustainable because of talent shortages, rising salaries and increasing training costs. Without robust sanctions screening processes, firms are exposed to considerable compliance risk and operational risk, which could lead to significant social consequences, regulatory action, and reputational damage.

Legacy screening technology is creaking under its own weight for other reasons, too. For example, most of today’s screening software is located in on-premises servers. However, current digital transformation programmes mean that most firms are increasingly moving their data and business processes to the cloud. Also – as a direct result of the pandemic – many client processes are being automated through new FinTech approaches, often breaking down internal silos. Legacy AML screening software usually struggles to operate outside of the silo in which it sits, and to integrate with cloud-based data and new technology – for example, with new customer management systems or onboarding portals – to create enterprise-wide end-to-end processes that firms need to stay competitive.  

Now is the time

Logically, firms should be investing in cloud-based sanctions screening technology today to close compliance gaps, reduce risk and enhance their organisation’s ability to achieve its strategic goals through digital transformation. Ironically, it is the rapid pace of current change that has put many firms off from implementing a new AML screening platform. They say that they are waiting for a “quieter time” to do this. The reality is that there will never be a “quiet” time because the world has changed. Firms need to take a new strategic approach to financial crime compliance or risk having this important part of their infrastructure fall behind, and non-robust processes increase the risk of getting sanctions wrong – leading to enforcement action, including fines.  

Screening in the cloud

To meet the demands of digital transformation and today’s compliance environment, firms need to embrace a cloud-based approach for AML sanctions screening. Taking this path will lower IT costs without compromising security or performance​. The cloud has big benefits, too. It is the best way to manage large or complex data volumes – a key requirement for today’s high velocity of sanctions issuance. Indeed, today’s screening platform should combine the cloud with a best-in-class core technology stack providing low-latency ETL and high-speed screening, capable of a million transactions a day.

Firms also need tools with high levels of self-configurability that can address requirements without product customisation or professional services. This enables firms to adapt to regulatory change quickly and easily in the future, without the weight of high cost installed software.

In addition, today’s screening platform should include APIs that enable the solution to exchange information directly with other systems, such as CRM platforms, no matter where those systems are located. This enables screening to overcome silos within firms – communicating and harvesting data across the whole enterprise at lightning speed.  

Financial firms that fail to invest in a cloud-based sanctions screening platform today are potentially significantly increasing the risks that they face, while also failing to meet the demands of digital transformation. Firms should think more strategically about sanctions screening technology and the benefits it can bring to their organisation today and in the future.