BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Wealth Of Malaysia’s 50 Richest On Forbes List Up 2% To $83.4 Billion
Starting Over In Sudan, With Support From UNICEF
Programmatic Ads And The Death Of Cookies: What Marketers Need To Know
Navigating Shades Of Gray: The Complex Landscape Of Modern Learning And Decision-Making
10 Practical Strategies For Building And Maintaining Trust
Why Safe Spaces And Being Real Are Vital For Healthy Boardroom Relations
Edit Story
ForbesLeadershipLeadership Strategy

Cutting Through Complexity In Financial Crimes Compliance

Bain Insights
Former Contributor
Opinions expressed by Forbes Contributors are their own.
We are a global business consulting firm.
This article is more than 6 years old.

By Jan-Alexander Huber, Matthias Memminger, Michael Soppitt and Matthew Hayday

With false positive rates sometimes exceeding 90%, something is awry with most banks’ legacy compliance processes to fight financial crimes such as money laundering. The processes have grown so complex as to be barely manageable. Multiple iterations, multiple handovers and too many manually controlled processes prevent banks from attaining truly effective or efficient compliance systems. Excessive complexity has led to greater operational risks and a spate of large fines.

In recent interviews with Bain & Company, bank executives described how the complexity affects their daily compliance activities:

  • “Relationship managers spend hours every week resolving false alarms.”
  • “Our automated rules are not sophisticated enough. Clients have been getting flagged because of the name of their street.”
  • “Operations cannot make fast decisions on alarms, because everything is escalated and it takes ages to get a green light.”

What accounts for this state of affairs? Banks face challenges on several fronts:

  • Processes. Most compliance processes and handovers still incorporate a high level of manual work for screening, alerts processing and other activities. For instance, staff at many banks are copying and attaching computer screenshots to protocols. Each manual step is inefficient and prone to errors.
  • Data. Low-quality and unstructured data resides within most banks without being fully integrated. That leads to difficulties with client reference data and documentation sharing, as well as data extraction or aggregation from flawed databases. While some third-party products have proved useful, certain popular databases lack some essential customer data—for example, more than 60% of names missing the date of birth for the client or the ultimate beneficial owner.
  • Model. When data quality suffers, so does the quality of the model. The rigidity of “hard-coded” or static transaction monitoring algorithms makes it difficult to adjust for policy changes or client behaviors. That drives up the volume of investigations.
  • People. If banks staff transaction monitoring processes with inexperienced employees, especially when offshoring, the amount of investigation effort will continue to increase.

When Bain and Parker Fitzgerald benchmarked five major global banks, we found that none of them has yet solved all of these challenges. Yet these five banks are demonstrating some good practices that can be adopted by other banks to advantage.

First, banks should develop a streamlined, end-to-end process. Leading banks are starting to review their processes with an eye toward maximizing the client experience, minimizing effort and eliminating breaks and complexity. To do this, some use zero basing, which takes a start-from-scratch view to set the baseline on activities and roles in compliance, rather than starting from existing activities. They are defining the desired future state of compliance, defining the gap between the future state and current state, then mobilizing the organization to redesign processes.

Effective compliance also demands a “golden record’’—a single source for all compliance processes. The record’s core consists of internal structured data that goes through a rules-based cleanup and gets integrated into a data lake. Internal data is enhanced with unstructured and external data such as text, voice and pictures. Some of that data may come from vendors, but banks can also look off the beaten track to non-indexed web pages and search-engine results.

Advanced analytics and algorithms form another essential component. Artificial intelligence increasingly can use the enhanced database mentioned earlier to power a proactive compliance model. Machines make a logical substitute for people on routine, low-cognition tasks, as when Fair Isaac introduced a credit scoring model that largely replaced the human element in many lending decisions. Human intervention remains valuable where machines cannot make better decisions, but a growing number of tasks will blend machines and human actors—data collection and crunching by the former, assessment of unclear data points by the latter.

The role of regtechs

Finally, a strong financial crimes compliance strategy now virtually requires some form of partnership with specialist regulatory technology firms, or “regtechs,” which have developed expertise that most banks would find too costly or time consuming to develop themselves. Regtechs range from know-your-customer or anti-money-laundering specialists such as Palantir, to customer onboarding and workflow process firms such as Encompass and Contego, to major technology firms including IBM and Oracle, to utilities such as Experian and Accelus, which act as intermediaries or data providers to other companies.

After a bank has redesigned its end-to-end financial crimes compliance process, the transition to a successful regtech partnership requires attention to a few new considerations:

  • Legal and regulatory compliance. Gaining the confidence of regulators will be essential for a partnership strategy, including with companies that may not yet be approved for certain operations. Regulators will need to be convinced that a bank can outsource activities without hampering reliability and quality, so regtechs must prove that their business and operating models are sound, and that client data will be kept confidential if several banks participate.
  • Operations. Most regtechs are digital natives accustomed to using Agile methods. To collaborate effectively with them, banks will have to become more nimble as well, with fewer handoffs, fewer workarounds and clear metrics for each step in the process.
  • IT. Banks will need to adapt their core system interfaces to work seamlessly with a network of various plug-and-play applications, yet still maintain system security.
  • Project management. Banks’ own IT and operations teams will have to become more flexible. If a regtech proposes a new technology, banks won’t have the luxury of taking months for internal approval.

As banks upgrade their crime-detection and crime-fighting capabilities, their arsenals will increasingly include more powerful analytical models, artificial intelligence and the help of regtech specialists. With each new technology and partnership, banks risk making their compliance operations still more complex. Banks that eventually excel in compliance will be those that strike the right blend of people and machines, build a seamless end-to-end compliance process and adopt Agile ways of working in order to make the most of regtech expertise.

Read more: How Banks Can Excel In Financial Crimes Compliance

Jan-Alexander Huber and Matthias Memminger are partners in Bain & Company’s Financial Services practice, and are based in Frankfurt. Michael Soppitt is a partner with Parker Fitzgerald’s Digital Risk Solutions practice. Matthew Hayday leads Parker Fitzgerald’s Risk Technology practice. Soppitt and Hayday are based in London.

Bain Insights
Bain Insights