Skip to main content

Financial Crime Operations

But not as we know it

April 1st this year marked 30 years since the first anti-money laundering regulations came into force in the UK. During this time, we have seen the scale and scope of regulatory expectations continue to expand and escalate, obliging regulated firms to respond through ongoing development of their compliance capabilities.

For many financial institutions (FIs), the focus has been on regulatory compliance – attempting to do enough to stay out of the regulator’s gaze. However, where even this limited goal has been achieved with some measure of success, it has often been at the expense of operating efficiency.

Despite the long-held promise of technology – to enable smarter, more targeted controls and reduced operational effort – the reality is that the anti-financial crime capabilities of many organisations have not kept pace with either a rapidly evolving threat landscape or increasing regulatory expectations.

As a result, we have seen a never-ending expansion of manually intensive operational teams to process those activities intended to manage financial crime (FC) risk and ensure compliance. For some FIs, this has included building operations teams offshore in a move to manage spiralling costs. Indeed, operational teams are now estimated to account for two-thirds of the £34 billion spent annually on FC compliance in the UK1.

Quite simply, this cost burden is undesirable and unsustainable for many FIs.

Key challenges facing financial crime operations

Beyond simple measures of scale and cost, FC operations are typically plagued by a number of challenges to effective delivery:

  • Legacy technology - where FIs battle significant data deficiencies and analysts navigate multiple systems that don’t speak with each other;
  • Repetitive, clumsy customer interactions  - where ineffective communications lead to a lack of engagement;
  • A struggle to attract and retain talent - where high staff turnover leads to a loss of corporate knowledge and the need for repeated training cycles; and   
  • Lack of capacity to absorb inevitable incidents and surges – where FIs become repeatedly struggle to meet regulatory expectations and get stuck in a cycle of remediation.

But with a new generation of emerging and rapidly maturing technology capabilities, could we be on the threshold of a revolution in the way we operationally manage and execute FC compliance obligations? What will FC operations functions look like in the future? And what does this mean for people and the skills they will need?

What’s changing?

In previous blogs in the series, we have looked at some of the upstream shifts we see as critical to a future FC function – taking an intelligence-led, proactive approach to risk management, consolidating relevant internal and external data, connecting FC and monitoring capabilities, and encouraging self-service through digital-first customer journeys.

These shifts will play through into FC operations, leading to a more accurate understanding of customer risk and a reduced volume of higher quality investigations.

 In parallel, Gen AI-powered solutions, better technology integration and enhanced use of data will transform the manually intensive operations processes we see today. FIs will need to explore and assess where the greatest impact may be on their operations, cognisant of the associated risks and delivery challenges, not least given the technology and data issues identified above. Objectives may include:

  • Minimising manual data gathering efforts from internal and external sources;
  • Intelligent analysis and risk identification;
  • Improving consistency and quality of outcomes; and
  • Enhancing feedback loops to monitoring and risk identification.

Collectively, such capabilities will support more efficient investigation and resolution processes, enable resources to focus on the highest and most complex risks, and create better outcomes for both customers and compliance.

What might the future look like?

As FC operations become more interconnected, there will be a fundamental shift towards smaller teams with an enhanced skillset and broader capability to assess  risks more holistically. 

The automation of basic tasks will free up resources, removing duplication and complexity, while low value tasks which are unsuitable for automation will be outsourced. The residual teams will use a more technical skillset and expertise to make better informed risk management decisions.

With a smaller number of more highly skilled individuals, we will see different organisational structures. The factory model will become obsolete; and instead of separate isolated teams working on part of a process, analysts will operate in integrated teams, assessing different types of FC risks across the whole of the customer lifecycle.

Looking ahead, technology- and data-enabled transformation of operations and processes will be a critical priority, and a more desirable approach over offshoring all or parts of the operations function. However, given the capital investment required, we may see further growth in outsourcing FC operations rather than firms looking to develop their own next-generation FC operations capabilities. For the residual operations teams, we will see more engaging, skilled analytical work, delivering better and more sustainable risk outcomes and helping to attract and retain talent more effectively.

Please get in touch if you would like to discuss the themes outlined here on the future of FC operations. Also look out for further articles in our Future of Financial Crime series – up next, a look at the evolving role of the FIU.

Meet the author

Stephen Nicholls


Stephen is an experienced Partner in our financial crime practice, with a successful record in various operational and strategic roles. He is an accredited PRINCE2 (2009) Practitioner and an associate member of the Association of Certified Fraud Examiners. Stephen started his career in financial services, managing fraud investigations teams and driving fraud strategies to protect the delivery of online and mobile banking services. Since joining Deloitte in 2012, he has combined a detailed understanding of business processes and drivers with an in-depth knowledge of the fraud and financial crime threats and challenges facing organisations. He has undertaken programme implementation and leadership roles within large scale transformation programmes and conducted independent risk assessments and reviews, helping clients understand and address their specific challenges. He is passionate about driving improvement in organisations’ understanding of complex issues regarding financial crime, fraud and the impact on businesses and consumers.