Financial Crime and Conduct: When controls collide
PPI mis-selling, market manipulation and Russian laundromats. The numerous high-profile incidents in financial services over the past 20 years have cast a dark shadow over the industry. Whilst damage to consumer trust and reputation has been long-lasting, the financial and criminal implications of regulatory action has also damaged shareholder value.
As a direct response, there has been significant investment to enhance the management of non-financial risks, with conduct and financial crime controls at the forefront of this activity. However, even with considerable improvement, the siloed nature and pace of work has led to some challenges in operating these controls cohesively.
Financial crime and conduct controls, by their very nature, have potentially conflicting objectives. Whilst financial crime risk frameworks aim to protect society from bad actors (e.g. money laundering customers), conduct risk frameworks aim to protect customers from detrimental outcomes.
Do I protect my customer or do I protect society from my customer?
This question may be a broad oversimplification but, by looking a little deeper, we can uncover how these trade-offs manifest themselves in practice.
Financial crime controls typically involve blocking payments or exiting customers deemed beyond risk appetite. These risk-based decisions can increase conduct risk through exposing ‘good’ customers to the possibility of experiencing detrimental outcomes. For example, in the absence of complete information, firms might choose to cautiously exit relationships with ‘good’ customers based on potential financial crime risk concerns.
When customers have been identified as participating in financial crimes such as money laundering, there is often little consideration as to why they have been drawn into this behaviour. Blacklisting customers who are vulnerable can be considered poor conduct, particularly if the bank has done little to design and operate its products and services to protect and warn customers. There might have been clear signs that the customer was being pressured into depositing illicit funds, but limited training meant bank employees did not detect this.
Newly designed financial crime controls are also introducing a new range of conduct risks. Machine learning offers huge potential to dynamically identify financial crime. However, algorithms can become unintentionally discriminatory if learning from imperfect historical data sets that already contain bias.
So, what can be done to minimise the apparent trade-off?
- Get KYC right
Better customer data enables more accurate monitoring, screening and risk classification which means fewer blocked payments and frozen customer accounts following decisions based on imperfect information. Ensuring data captured through KYC is routed back to core systems also enables a firm to better understand and service their customers’ needs. The result is a better customer experience and less unnecessary customer detriment, while also enhancing financial crime control.
Organisations should bring together marketing, financial crime risk managers and conduct SMEs to agree appropriate data requirements for both new and existing customers where they hold incomplete data.
Naturally, asking new customers for additional information can disrupt customer journeys and impact sales so processes must be designed to limit the impact on customer experience and encourage customers to provide information by highlighting the benefits.
For existing customers, banks are filling gaps by re-contacting customers or using third party data providers. However, third party data is often matched to customers based on probabilities, includes gaps and is created through black box models, while re-contacting customers can conflict with the bank’s own anti-fraud advice regarding unsolicited calls. Any bank using either approach needs to consider it carefully and fully understand the benefits, costs and risks involved.
- Understand vulnerability
By utilising financial crime intelligence (e.g. new and emerging risks), banks can better identify customers who are vulnerable to exploitation and put in place preventative controls. These controls can help to reduce the likelihood of customers being exposed to financial crime, for example, warnings and limits on transactions to reduce push payment fraud.
The advanced analytics and machine learning technologies on which such controls are often based have many potential applications which identify vulnerable customers from a conduct perspective. Such customers are typically hard to detect but may require additional support from the bank. By combing through multiple data sources and identifying outliers, banks can proactively identify these populations and engage them where appropriate. For example, if a customer has spent a very long time reading the T&Cs or browsing product offerings during a digital journey, they may be better served discussing these over the phone. Findings such as these can be fed back into financial crime controls so that customers receive closer monitoring and protection from fraud and other financial crime risks.
- Break down silos
Often controls are designed to manage a specific risk and are developed by subject matter experts with extensive knowledge and experience managing that risk area. However, this can lead to inefficiencies and poor customer experience in cases where controls are focused on a single risk type, when a common control could mitigate multiple risks. This is seen in the design of onboarding processes where both financial crime and conduct risk management considerations drive the collection of key customer information for different reasons.
Building a culture of collaboration and customer-centric thinking leads to fewer instances where controls are designed in isolation. By bringing together cross functional teams to discuss problems and potential solutions for a specific part of the customer journey, controls can be designed for the bank holistically, incorporating multiple risk management requirements and leading to greater effectiveness and efficiency.
The industry is in a stronger position to manage its financial crime and conduct risks than a decade ago. As an unintentional result, challenges are emerging in operating controls cohesively. The teams responsible need to work more closely to manage conflict in the control environment and balance customer-centricity with effective financial crime prevention.
Closer collaboration can drive control development that will benefit both customer outcomes and the bank’s risk management through investing resource in better collection of customer information and understanding vulnerability. By doing this, it’s possible for firms to manage these risks holistically and transcend the apparent trade off.