Moving to a single, client-centric view of risk

This is the fourth article in our Future of Financial Crime series. It explores the changes to financial crime (FC) client monitoring that are needed to move beyond traditional transaction monitoring (TM) to a more effective, single client-centric risk approach. Traditional TM is fragmented, creates a large volume of false positives, and often fails to connect the risks when it really matters. To address this, financial institutions need to combine a range of risk indicators for expected and actual client activity, including FC indicators such as fraud, cyber (such as the location of activity, devices used, etc.) and sanctions.

Our research has identified a number of factors driving the need for change. These include:

• market and regulatory changes, including highlighting the failure to link risks to controls in detection, increased regulator knowledge and increasing expectations of system and control effectiveness;
• industry factors, including new, faster, cross-border payment channels and new payment providers;
• high levels of duplication and inefficiency, with alerts relating to customers reviewed multiple times; and,
• advances in technology, including emerging ways to consolidate data and using machine learning (ML) and artificial intelligence (AI) to detect complex patterns of behaviour.

Together, these factors are increasing the risks, complexity, and pressure on traditional monitoring approaches, and also creating opportunities to change the way technology is utilised. To keep up with new and evolving FC threats, financial institutions need to integrate internal and external intelligence sources, consolidate monitoring, and ensure the control environment is able to respond rapidly to changes in risk.

In addition to the above change factors, there are well-known and documented challenges with the ability of existing TM solutions to identify suspicious and potentially criminal activity. These include:

• a large number of false positive alerts (often 90%+) that typically lead to a low conversion ratio of investigations to suspicion and actionable intelligence for the financial institution(s) and/or law enforcement partners;
• solutions are expensive to implement (including data integration costs), test/tune, operate and upgrade;
• the majority of client monitoring is still conducted at the transaction or account level. The inherent complexity of some relationships, which have multiple touch points with the financial institution (e.g., larger SMEs, corporates, markets customers, trade finance, etc.), means risks cannot be easily drawn together with existing solutions;
• large operations teams, using manual processes, have an inherently high risk of human error, due to the large volume of alerts and repetitive nature of tasks; and,
• linking the expected behaviour of the client (from client due diligence (DD)) to the client’s actual behaviour, has proven problematic due to the siloed nature of risk domains (see Figure 1 below), difficulties bringing data points together, and poor quality and outdated client DD data.
  
  

The result is significant ongoing cost to achieve regulatory compliance, with only poor outcomes - if measured in terms of criminals detected and disrupted - relative to the effort.

We believe that considering the change factors and the challenges with traditional TM, a transition to a single, client-centric view of all the relevant risks is required. An outline of how this could work is set out in Figure 2 below.

To make this single, client-centric view of risk a reality would require:

• consolidation of available risk domains from expected and actual behaviour, including fraud, sanctions and cyber;
• a single, converged client risk score that is tracked over time to maintain a more holistic picture of the client risk - in the same way an individual’s credit score is established and updated over time based on a variety of their attributes and behaviour – rather than a discrete static rating (e.g., low, medium, and high);
• the use of dynamic client segmentation so that anomaly detection techniques (including ML/AI), can be used to reduce false positives;
• a set of descriptive rules to support client segmentation, which provide coverage for prioritised risks, where there are known problems with anomaly detection (e.g., with human trafficking and Ponzi schemes); and,
• feedback loops from scoring changes and investigation outcomes, directly linked back into client scoring and risk assessment, to improve monitoring over time.

A number of strategic choices will need to be evaluated, tested, and aligned as part of this transition to a single, client-centric risk monitoring approach. Once executed successfully, we believe this transition will result in three key benefits:

1. Enhanced monitoring effectiveness

Combining the risk indicators will be a powerful tool for improving the understanding of customer risks and detecting complex and higher risk patterns earlier and more effectively. Working with data at this higher level of aggregation, such as at the client or client group level, will help to identify the most important risk areas and enable a focus of key resources on those risks that matter the most.

2. Reduction in regulatory risk

In some recent enforcement actions in Europe, the findings have drawn attention to the fact that a number of red flags were identified through client due diligence and/or monitoring but were not connected or acted upon by the financial institution. A subject person’s customer risk assessment should enable a firm to take a holistic view of the risk associated with the relationship, considering all relevant risk factors. By monitoring the client risk score over time and how it is changing, there is a better opportunity to identify increased risks and outliers. The European Banking Authority (EBA) has also highlighted that de-risking of customers should only be done in instances where due consideration is made to individual customers’ risk profiles and that the unjustified de-risking would be a sign of ineffective ML/TF risk management.¹

3. Reduction in operating costs

Whilst cases would likely need to be more in-depth due to the increased risk insight, the time taken per case would be more than offset by the reduction in volume of client due diligence re-fresh and monitoring investigations.

When integrated with an intelligence-led risk assessment and a more dynamic approach to client due diligence, the move to a single client-centric view of risk outlined here will enable a more integrated, efficient, and effective approach to FC. This will in turn allow for a transformed operations capability as well as better and more timely information sharing internally, peer to peer, and with public sector bodies (police, law enforcement agencies and financial intelligence units). The changes to operations and the role of intelligence sharing will be covered in more depth in later articles in this series.

Please get in touch if you would like to discuss this topic further. Also look out for further articles in our Future of Financial Crime series – up next, Financial Crime Operations - but not as we know it.

References

1 Guidelines on MLTF risk management and access to financial services.pdf (europa.eu)