“Financial Crime Operations”

The Maltese Anti-Money Laundering Act was adopted in 1994, with the Regulations coming into force in 2018. Since then, we have seen the scale and scope of regulatory expectations continue to expand and escalate, obliging regulated firms to respond through ongoing development of their compliance capabilities.

For many subject persons (SPs), the focus has been on regulatory compliance – attempting to do enough to stay out of the regulator’s gaze. However, where even this limited goal has been achieved with some measure of success, it has often been at the expense of operating efficiency.

Despite the long-held promise of technology – to enable smarter, more targeted controls and reduced operational effort – the reality is that the anti-financial crime capabilities of many organisations have not kept pace with either a rapidly evolving threat landscape or increasing regulatory expectations.

As a result, we have seen a never-ending expansion of manually intensive operational teams to process those activities intended to manage financial crime (FC) risk and ensure compliance. For some SPs, this has included building operations teams offshore in a move to manage spiralling costs. Quite simply, this cost burden is undesirable and unsustainable for many SPs.

Key challenges facing financial crime operations

Beyond simple measures of scale and cost, FC operations are typically plagued by a number of challenges to effective delivery:

• Legacy technology - where SPs battle significant data deficiencies and analysts navigate multiple systems that don’t speak with each other;
• Repetitive, clumsy customer interactions - where ineffective communications lead to a lack of engagement;
• A struggle to attract and retain talent - where high staff turnover leads to a loss of corporate knowledge and the need for repeated training cycles; and
• Lack of capacity to absorb inevitable incidents and surges – where SPs become repeatedly struggle to meet regulatory expectations and get stuck in a cycle of remediation.

But with a new generation of emerging and rapidly maturing technology capabilities, could we be on the threshold of a revolution in the way we operationally manage and execute FC compliance obligations? What will FC operations functions look like in the future? And what does this mean for people and the skills they will need?

What’s changing?

In previous blogs in the series, we have looked at some of the upstream shifts we see as critical to a future FC function – taking an intelligence-led, proactive approach to risk management, consolidating relevant internal and external data, connecting FC and monitoring capabilities, and encouraging self-service through digital-first customer journeys.

These shifts will play through into FC operations, leading to a more accurate understanding of customer risk and a reduced volume of higher quality investigations.

In parallel, Gen AI-powered solutions, better technology integration and enhanced use of data will transform the manually intensive operations processes we see today. FIs will need to explore and assess where the greatest impact may be on their operations, cognisant of the associated risks and delivery challenges, not least given the technology and data issues identified above. Objectives may include:

• Minimising manual data gathering efforts from internal and external sources;
• Intelligent analysis and risk identification;
• Improving consistency and quality of outcomes; and
• Enhancing feedback loops to monitoring and risk identification.

Collectively, such capabilities will support more efficient investigation and resolution processes, enable resources to focus on the highest and most complex risks, and create better outcomes for both customers and compliance.

What might the future look like

As FC operations become more interconnected, there will be a fundamental shift towards smaller teams with an enhanced skillset and broader capability to assess risks more holistically.

The automation of basic tasks will free up resources, removing duplication and complexity, while low value tasks which are unsuitable for automation will be outsourced. The residual teams will use a more technical skillset and expertise to make better informed risk management decisions.

With a smaller number of more highly skilled individuals, we will see different organisational structures. The factory model will become obsolete; and instead of separate isolated teams working on part of a process, analysts will operate in integrated teams, assessing different types of FC risks across the whole of the customer lifecycle.

Looking ahead, technology- and data-enabled transformation of operations and processes will be a critical priority, and a more desirable approach over offshoring all or parts of the operations function. However, given the capital investment required, we may see further growth in outsourcing FC operations rather than firms looking to develop their own next-generation FC operations capabilities. For the residual operations teams, we will see more engaging, skilled analytical work, delivering better and more sustainable risk outcomes and helping to attract and retain talent more effectively.

Please get in touch if you would like to discuss the themes outlined here on the future of FC operations. Also look out for further articles in our Future of Financial Crime series – up next, a look at the evolving role of the FIAU.