The Future of Compliance
March 30th, 2021
The effects of COVID-19 will be felt for the next few years and will continue to ripple out into the world of financial crime and compliance. In my opinion, this will result in a seismic shift in how compliance programs are governed, staffed and what technology is employed to ensure efficacy.
With that said, here are my predictions for the next 12 months.
Prediction 1: Smaller, leaner and more adaptable compliance teams
Organizations and compliance suffered a major shock in 2020 that no one saw coming. This shock has changed how people do business, how they use financial services and how compliance teams operate. As most organizations have been adversely affected by the pandemic, this has resulted in either a reduction in revenue or greater uncertainty about future revenue streams. Naturally this has caused budget cuts, including compliance budgets.
Compliance functions across the globe have been reviewing how they operate and identifying how they can reduce the costs of operations, more so than at any point in the recent past. One of the biggest costs by far is staffing, which has come under closer scrutiny. It’s inevitable that over the next 12 to 18 months, organizations will have to reduce staffing costs. There has been a greater emphasis on convergence of compliance functions and an increased use of technology; these themes will continue over the next year. The natural outcome will be that less staff are needed to maintain effective compliance operations.
I predict that organizations will speed up the convergence of their compliance functions and will begin to introduce risk intelligence investigators. These will be multi-skilled investigators who are comfortable investigating an AML alert, fraud alert, screening alert, conducting a KYC review, or a mix thereof. This will allow organizations to get more value out of their staff by having a flexible and nimble workforce who can quickly reprioritize their workload depending on demand and risk. A multiskilled workforce would require less management, who are expensive and will centralize compliance risk and governance.
I am not predicting the end of human investigators; what I am predicting is a significant reduction in the size of compliance teams. The investigators who will survive this change will be able to turn their hand to multiple disciplines in compliance, being able to investigate a KYC alert just as easily as investigating a screening or AML alert, with decisive and accurate disposable recommendations.
Reducing staffing, converging functions and multi-skilling investigators will only be possible by the introduction of new technologies that can significantly reduce alert volumes and manual actions by investigators.
Prediction 2: Faster adoption of advanced technologies
2020 will be known as the year where there was a global shift to digital. The next year will be the time where digital is fully implemented on an industrial scale. The norms of banking were changed in early 2020 with the imposition of national lockdowns in jurisdictions around the globe. It was now difficult, if not impossible to go to a bank to open a new account, to pay in cash or conduct face-to-face transactions in a branch. Overnight, all activity shifted to digital. Some organizations were ready for the move to digital, others not so much. Either way, organizations needed to adapt, and fast.
Technology will transform the compliance landscape over the next year, making it a slicker, more effective, resilient and efficient machine. This will become a competitive advantage to organizations. Why? Because a compliance team that can adapt by quickly onboarding customers, identifying only truly suspicious behavior and investigating any activity quickly and accurately will reduce friction for legitimate customers. This will result in a better customer experience, increased loyalty and business revenue. In these tough times, this is crucial.
Onboarding will increasingly become digital and performed remotely, requiring advanced technology to manage the compliance risks. Activity monitoring has, for too long, resulted in lots of noise. AI will be used at scale to reduce the noise and direct only real suspicious behavior to investigators, and ML and automation will help improve investigators’ efficiency and accuracy. This will result in quick but accurate disposal decisions.
Over the next 12 to 18 months, we will see most regulated firms employing AI, machine learning and automation across every aspect of their compliance functions. They will do this to manage the changed risk landscape, increase their resilience to future shocks and also to significantly reduce the cost of compliance in response to the pandemic challenges.
In October 2020, they released a publication about the importance of allocating sufficient resources to compliance during the pandemic. FATF stated that they would drive forward digital transformation of AML systems, ensuring organizations have the right technology in place so they are resilient for the future and can build their efficiency.
Prediction 3: Quality, not quantity
SAR numbers are going up year on year, but law enforcement resources are not increasing at the same speed. Very few SARs, less than 1 percent, result in any active police investigations. We repeatedly hear that there are a large number of SARs that lack sufficient information for law enforcement to proactively act on the intelligence.
There will be renewed vigor to increase the quality and reduce the quantity of SARs filed by the regulated sector to financial intelligence units (FIUs) over the next year, especially in light of the September 2020 FinCEN leaks. There is no evidence that any of the financial institutions named in the leaks did anything wrong, but what it has highlighted is that in a significant number of SARS, critical details were lacking to allow law enforcement to act effectively. Filing a SAR just to be compliant with regulation may help prevent an organization from being fined, but does not help in the fight against financial crime. In fact, it hampers the efforts of law enforcement as it creates additional noise and detracts law enforcement from focusing their efforts on the criminals.
Some regulated organizations were already beginning to focus on quality SARs, but many were still filing too many SARs that served no benefit to law enforcement and only served as a regulatory tick box for the organization. The media exposure from the FinCEN files for some regulated firms has resulted in a large number of organizations reviewing their investigation processes to improve investigation and SAR quality. The FinCEN files will also result in SAR reform within FIUs. FinCEN themselves is now actively looking at reforming their SAR processes and the UK has been looking at it for several years, but I believe the leaks will speed them up in acting.
We will see active SAR reform by FIUs. This will include guidance or requirements issued for better quality SARs to be filed, potentially by reforming the SAR form to include additional essential details, but also improving the analytics within FIUs to better analyze the received SARs. I also believe FIUs will start to engage better with the regulated sector, providing feedback or rejecting poor quality SARs. This will help improve not only suspicious activity detection, but also improving SAR quality and standards.
Prediction 4: Convergence of compliance
This is something that has been discussed for a number of years now: bringing together fraud, AML, sanctions and CDD under one unified hub. A number of organizations are already looking at doing this or have already started, either as a complete unification or partially. A move to unification of the compliance functions will continue over the next few years and it makes sense to have a unified view of risk of your customers. This will allow organizations to better detect suspicious behavior, investigate this behavior quicker and more accurately while achieving higher quality outcomes.
The convergence as mentioned above is nothing new – what is new is convergence in a broader context. This means unifying front and back office functions and widening coverage. We will see financial crime becoming a hub for operations, more so than we have seen in the past. Trade and trade finance operational checks, crypto checks, biometric, ID and third-party verification checks and capital markets compliance checks, amongst others, will all be conducted through a single financial crime hub. This will help organizations reduce costs by centralizing operations, increase compliance and efficiency and reduce customer friction by providing a faster, lower risk service. By converging compliance functions and front office functions into one place, organizations will be able to view and share information quicker and make more informed decisions on high risk activities or alerted events.
Prediction 5: Increased focus on virtual currencies
With the marked increase in crypto-related financial crime, the next year will be when virtual currencies take centre stage in the world of compliance globally. In August 2019, CipherTrace released a report which stated that crypto related crime was expected to exceed USD 4.3 billion in 2019. Historically, there has been an awareness of virtual currencies but little has been invested by compliance teams, on a large scale, to understand the flows of fiat currency into and out of Virtual Asset Service Providers (VASPs). This is important because every fiat financial institution, whether directly or indirectly, are exposed to virtual currencies. Whether their customers are acting as unauthorized VASPs or trading in virtual currencies, fiat funds will be flowing to and/or from a VASP. All financial institutions, whether they deal in virtual currencies directly or not, need to be aware of their exposure and ultimately their financial crime risks in their dealings with VASPs.
The regulators are increasingly focusing on virtual currencies. In 2020 we saw the introduction of the 5th Money Laundering Directive in the EU, requiring digital currency exchanges and wallets to register with their local regulators. In November 2020, the head of the U.S. Financial Crimes Enforcement Network (FinCEN), Kenneth Blanco, stated that the U.S. would be enforcing a rule that requires companies dealing in cryptocurrencies to share details about their customers. This includes full compliance with the ‘Travel Rule’. At the end of December 2020, FinCEN made another announcement stating that it intended to make the reporting of any offshore holdings in virtual currencies above USD 10,000 mandatory.
Up until now, I do not believe all financial institutions have fully grasped the concept that they could be unwittingly funding terrorism or facilitating money laundering through their direct or indirect connection with VASPs. All financial institutions will begin monitoring their exposure to VASPs and take action to manage and mitigate the risks.
Prediction 6: Extensive adoption of biometrics
The pandemic has changed the way we live and work. We are unlikely to go fully back to the way we lived and worked before the pandemic took hold. This couldn’t be truer than for the way financial institutions onboard and manage their KYC programs.
Asking a customer to walk into a branch to present documentation or paperwork has been difficult, if not impossible over the last several months. As a result, digital onboarding and remediation has become the norm and biometrics are and will increasingly play a big part in this. I believe that over the next year we will see extensive and increased adoption of facial and voice recognition as a way of identifying and verifying customers. Biometric identification and the compliance technology needed to manage the risk will be essential requirements – not optional nice to haves.
This technology is not fool proof and criminals have already begun to use biometrics as part of their toolkit to their benefit. For example, deep fake AI software can imitate an individual’s voice and face and appear to be the genuine customer. Channel 4 in the UK used deep fake technology to imitate the Queen’s speech in December with stunning accuracy. There is also technology available to everyone that will allow individuals to create fake faces, imitate voices and fake other biometric features that financial institutions are now using to validate an individual.
Compliance is a critical gatekeeper in using this technology to validate and verify customers. Organizations must adopt the right technology that can not only validate the biometrics of the customer, but also conduct additional validation checks to ensure the information tallies and the individual is indeed who they say they are. Using biometrics has so many benefits in providing a quick, efficient onboarding and remediation process for customers. It does not come without its risks, but when used with the correct compliance technology and controls, this will likely be more effective and a lower risk compared with face-to-face customer interactions.
The next year is going to be an exciting year and one topic is going to dominate– digitization. All financial institutions are going to have to tighten their purse strings as the pandemic was a shock to the global economy in 2020, and although there are reasons to be hopeful – the impact of the pandemic is far from over. Digitalization will be a way for financial institutions to reduce their costs by increasing their efficiency, reduce staffing numbers and increase their competitiveness by being faster at meeting the needs of their customers. The next 12 to 18 months will be an interesting period to be in compliance, and I believe we will see a raft of changes across the compliance landscape over this period.