By Alon KaufmanWhere are financial institutions today along their risk management journey? In the years following the 2008 financial crisis, the average bank has spent a great deal of effort and capital ensuring compliance with new and ever-changing regulations and breaking down organizational silos. The goal for most firms since that time has been to build a better view of risk across the enterprise in order to grow the business while avoiding the next crisis.
These efforts have moved most institutions and their risk groups in the right direction. However mounting evidence suggests that even this enterprise-wide approach to risk management is failing to deliver the desired results. This has been made even more apparent of late, as the increasingly complex risk landscape has been coupled with the COVID-19 pandemic, highlighting the need for further enhancement of risk management practices and technologies. What we’ve learned throughout this entire journey is that an enterprise-wide view of risk is not wide enough—what we need is an industry-wide view of risk.
Why? Let’s take a look at financial crime risk as an example. Today, even the largest financial institutions only see a fraction of their own customers’ overall activity, meaning that, in terms of uncovering financial crimes, their ability to analyze the big picture comes up short.
This manifests itself in the high costs and lack of effectiveness that are rife across risk and compliance processes. The global cost of financial crime compliance is over $180 billion per year—and the very largest firms sometimes spend upwards of $1 billion annually. Yet even these levels of expenditures still don’t yield satisfying results. The business of transnational crime has an estimated value of as much as $2.2 trillion per year. And despite the hefty cost of compliance, the industry still suffers from prohibitively high false positive rates across financial crime topologies, while 12 percent of customers are lost during lengthy and inefficient onboarding procedures, which can significantly affect banks’ bottom lines.
Even with these vast outlays, company executives still cite data silos, data protection, data quality and personal accountability as their top challenges, suggesting that the secret behind effective cross-department collaboration on financial crime prevention and other risks has yet to be discovered.
These problems have only been exacerbated in the wake of the COVID-19 pandemic. A significant uptick in fraud since the start of the pandemic has raged unabated, in part due to the inability of many financial institutions to quickly adapt their systems and processes to the sweeping and sudden changes in customer transaction patterns and to detect genuinely suspicious activities amid the parade of anomalies induced by the “new normal.” This has been further aggravated by the pandemic’s disruption of regulatory activities, which has widened the opportunity for financial criminals to prey on their victims.
The health and economic crises have thus exposed the weakness of financial institutions’ siloed approach to fighting crime, while simultaneously forcing them to tighten their belts and some to cut jobs, further straining risk and compliance processes.
Taking an industry-wide view of risk
To ensure a truly comprehensive and effective approach to managing risk, it’s time to take the enterprise-wide approach one step further and transform it into industry-wide collaboration, enabling banks to investigate suspicious activity not only within their own walls, but also across them. In an effort to thwart financial crime, for example, pooling information and insights held by multiple institutions can enable organizations to compile more complete pictures of their customers’ activities.
In fact, the shift towards an industry-wide view of risk is already gaining acceptance, particularly when it comes to financial crime.
Global regulators including FinCEN in the United States, the Financial Conduct Authority in the United Kingdom, and Fintrac in Canada have discussed the importance of information sharing and collaboration, translating their discussions into action by creating or participating in different organizations working to implement inter-bank cooperation—such as the FinCEN Exchange in the U.S. and the Joint Money Laundering Intelligence Taskforce in the EU and U.K. Emerging industry consortia are also tackling specific issues, such as STAT in the U.S., which addresses the convergence of financial crime and human trafficking.
Collaboration across institutions promises to significantly improve data capabilities of financial institutions. At present, the lion’s share of fraud and AML alerts are generated as a result of missing or incomplete information. An industry-wide view of risk could minimize or eliminate blind spots, thus significantly reducing the inflated proportion of false positives while streamlining companies’ efforts and costs when investigating alerts. Industry-wide collaboration can also stimulate top-line growth by re-capturing and retaining those 12 percent of customers who drop off during burdensome know your customer processes.
This new approach can also deliver major reputational benefits to financial institutions. Neil Katkov, head of risk at analyst firm Celent, has recently pointed out that ”financial crime is an area that is perhaps—in addition to financial risk—the most existential threat to an institution in terms of reputation.” Having a better understanding of customers enhances the ability of institutions to assess risks and evaluate information regarding how capital is being deployed, which in turn will allow the industry to operate more efficiently and responsibly.
How can the industry implement this collaborative approach?
Implementing an industry-wide approach toward risk would certainly have tremendous upsides, but this approach is currently hindered by legitimate privacy, secrecy and competitive concerns, as well as by conflicting regulatory obligations. On the one hand, financial institutions are obligated to detect, prevent, and investigate certain types of financial crimes. On the other, old and new privacy regulations including Canada’s Pipeda, the EU’s General Data Protection Regulation, and the California Consumer Privacy Act require financial institutions to ensure that their customers’ personal data remains private, often preventing the very kind of collaboration that would make financial crime cooperation tenable.
Building collective financial crime and compliance activities will require the financial sector to overcome this apparent contradiction and mitigate concerns about collaborating with competitors. Today, influential supranational organizations such as FATF, the Wolfsberg Group and the Egmont Group already advocate collaboration, encouraging institutions to come together to collectively address AML and terrorist financing challenges. Similarly, financial institutions are already joining forces to mitigate cyber threats.
Information-sharing across financial institutions could be a gamechanger for risk, enabling proactive and agile approaches, cutting costs through resource sharing, and building a truly comprehensive view of risk across the financial sector.
And privacy need not be the stumbling block, as the technology does exist to allow cross-institutional collaboration without jeopardizing the privacy or integrity of sensitive data. A recent World Economic Forum report about secure information sharing detailed a practical case study of how the U.K.’s Cyber Defence Alliance deploys such technology to enable such privacy-enhanced, inter-bank cooperation.
It takes a network to defeat a network. Especially given that cost-cutting is likely to characterize business models across the sector for the foreseeable future. Financial criminals are reaping untold profits from extensive collaboration among themselves. If collaboration is the best method of maximizing resources, then it’s high time for financial institutions to join together. For the benefit of both the wider financial system and their own bottom lines.
Alon Kaufman is CEO and co-founder of Duality Technologies.