Global political changes in the past 12 months have created uncertainty for the financial services sector and for other businesses. For compliance professionals in particular, that uncertainty sparked a range of challenges. Our 2016 Conquering Compliance study, in which we surveyed compliance professionals across the UK financial sector, highlighted those challenges. Let’s review those findings and consider strategies to meet the trials being faced.
Respondents told us that they anticipated a more complex and uncertain future, which could increase the risk of serious regulatory breaches and cause difficulties in the customer journey. Close to half (49%) told us it would become more difficult for them to comply with regulation over the next year.
Complex regulatory changes
The introduction of numerous new regulations over the last 12 months alone, requires that financial institutions and other businesses increase their practices around identifying beneficial owners, increasing transparency, and tightening up policies, procedures, and controls to mitigate and manage anti-money laundering and terrorist-financing risks.
- Under the Criminal Finances Act, which became effective on 30 September 2017, companies and partnerships may be criminally liable if they fail to prevent tax evasion by an associated person.
- The fourth Money Laundering Directive (MLD4), which came into force in June 2017, requires obliged entities to identify and assess money-laundering and terrorist-financing risks and to have policies, procedures, and controls in place to mitigate and manage those threats. Already businesses are preparing for the impact of the proposed amendments known as the fifth Money Laundering Directive (MLD5), which will strengthen transparency in an effort to thwart terrorism financing and tax evasion.
- The recent FinCEN final CDD Rule requires covered financial institutions to adopt due diligence procedures to identify and verify a legal entity customer’s beneficial owner(s) when a new account is opened, creating another pillar for AML programs.
CDD Challenges
Three quarters of the compliance professionals we spoke to indicated that CDD (Customer Due Diligence)-related delays had a negative effect on the customer experience. About one-fifth predicted a future where increasing regulatory complexity means they will be forced to onboard less business (17%).
This outlook gives clear cause for concern. However, it’s perhaps more alarming that many teams find monitoring the compliance status of customers a challenge today. Twenty-eight per cent said it would take between three and four working days to identify and compile a report on a client that posed a regulatory risk. This could create tension between sales and compliance teams, put existing revenues in jeopardy, or even have legal implications.
Resources & Technology
Many organisations are failing to equip their compliance teams with the resources needed to support them both now and in the future. Our study also suggested that few organisations are taking advantage of the most powerful compliance tools of the digital age: namely, artificial intelligence (AI) and master data.
Although it doesn’t seem to be widely deployed, compliance professionals do believe that using modern technology is the way to respond to the changing regulatory landscape, with 50% saying they will need to invest in it in the next five years.
All businesses (not just those in the financial sector) must recognise that compliance is not only a tick box – it is a strategic asset. Through a data-led, risk-based approach, teams can speed up the approval of low-risk transactions and focus human insight on higher-risk cases.
This, in turn, can allow the front-line business to onboard new customers as quickly as possible, making the company a more attractive business partner while increasing its capacity for new business and mitigating risk. And by sharing their data insights with other parts of the business, compliance teams can provide actionable insights about the financial status of partners, adopting an even more positive, strategic position within the organisation.
Since the study was conducted last year, we have heard through client meetings and conferences that businesses are benefitting from building transparency and using data to enhance their corporate governance and regulatory compliance programs. Master data is the foundation of that data-inspired compliance program. And AI provides improved tooling to protect the business against financial, regulatory, supply chain, and reputational risk.
Master Data, AI and RPA
Businesses have discovered that leveraging master data across the enterprise enables them to mitigate risk and accelerate due diligence while reducing costs. For example, you use entity resolution, aggregated risk calculations, and concordance for sanctions. Some of that same data is important for credit risk. Data attributes required for compliance often provide insight into fraud prevention. When one of our clients was conducting CDD research on a business, data attributes disclosed a hidden control person who was on a sanctions list and had a fraud conviction – operating at the same address.
The other notable compliance technologies, artificial intelligence (AI) and robotic process automation (RPA), are enablers for Know Your Customer (KYC) and third-party due diligence. Using AI, organisations can efficiently process, analyse and interpret meaning from unstructured data, by searching and screening news, social media, sanctions lists, and open web information for certain words or phrases. This information can then be leveraged for onboarding, list filtering, UBO identification, and ongoing monitoring/alerting, to keep up with new regulations.
AI also provides pattern recognition. This capability allows you to identify patterns in customer/supplier/vendor behaviours, as well as rogue employees and trading, which can alert you to fraud. It helps with ongoing review/remediation, and it detects patterns in spend and expense. It also simplifies questionnaires based on previous interactions, resulting in improved client experience.
With workflow automation, and RPA of rule-based operations, businesses see improvement in case management (including for the fraud alerts that AI recognises), process automation, automated documentation creation, and statutory reporting. It’s also possible to automate the segmentation of risk on suppliers and categories of service for further due diligence. With link analysis, businesses can identify links to bad actors and evaluate supply risk.
When it comes to uncovering beneficial ownership of clients and third parties, simplified direct or indirect ownership should be automated as part of the workflow. Businesses should consider “change in instance” alerting. You need to understand your paths from a target entity to their UBO and CBO. Leveraging RPA will help you understand looping relationships and calculate percentages of ownership for each entity within a structure.
By combining the use of both AI and automation in compliance, it is possible to lower manual intervention, which results in improved consistency of process and allows the compliance team to focus on more challenging issues.
Compliance is only set to continue to grow in complexity, with the ever-changing regulatory landscape and evasion techniques growing in sophistication. In this context, businesses should arm their compliance teams with the best tools and technology available, allowing them to not only support the business but help it grow. Those who prepare will thrive.
Read our initial study on Conquering Compliance.