Financial crime is up: Time to strengthen your defenses

  • Facebook
  • Twitter
  • Linkedin
  • Email

The global disruption brought on by COVID-19 has exposed new cracks in banks' security foundations. As the initial shock subsides, and financial institutions shift their focus from business continuity back to growth again, they must firm up their defenses to better protect themselves against new vulnerabilities.

An altered risk landscape

For financial institutions, COVID-19 has significantly changed the risk landscape.

Governments and private institutions have had to divert resources to fight the pandemic, impeding their ability to meet anti-money laundering (AML) and counterterrorist financing obligations.

Market volatility, increased trading volumes, and the need for testing, cures, and vaccines have heightened the risks of insider trading and coronavirus scams.

A global pivot to full-time remote work has spurred new challenges for regulatory compliance, data management, and business continuity. As a result, banks have seen an increase in ransomware, malware, and phishing attacks on corporate systems as they rushed to add unmanaged personal devices and surge capacity to company networks without adequate security protocols.

And the speed, volume, and variety of applicants to government relief programs around the world have placed undue pressure on banks' know-your-customer (KYC) and AML procedures. For example, US-based Primis experienced a 33% increase in overall loan volumes in just four months as a result of the Paycheck Protection Program.

Banks are under tremendous pressure to identify financial crime and fraud, and they're experiencing more frustration than ever with high levels of false positives and KYC backlogs. Financial crime is up. But despite the volume, fighting it can sometimes feel like looking for a needle in a haystack.

Navigating toward growth again

Understandably, banks are eager to shift away from business continuity and back to growth. Recent conversations we've had with banking leaders suggest that they are untroubled by the idea of redirecting budget from other areas, including pandemic preparedness, toward digitization. These conversations also suggest that they understand the urgent need to invest in advanced technologies to drive growth.

This is for two reasons. First, more digitally mature banks generally fared better over lockdown. And second, banks' future revenue streams will increasingly be based on hyper-personalization of financial products and services enabled by digital technologies – a trend that Genpact's recent study, Banking in the Age of Instinct calls out for additional investment.

In particular, the journey to the cloud, artificial intelligence-based analytics, and business process automation have all taken on increased importance in this respect.

Migration to the cloud is certainly top of mind for financial services companies. Steven D'Alfonso, research director, compliance, fraud, and risk analytics strategies at IDC, says that "Reassessing the business model is a top priority for banks right now." Early on in the pandemic, IDC had predicted that annual cloud-based digital transformation investments would amount to $3 billion plus by 2023. "Since then," says D'Alfonso, "we've been conducting biweekly surveys on IT investments, which suggest that this figure will increase dramatically. There's been a massive shift to investment in cloud technologies since the start of the pandemic."

Similarly, banks have seen that adopting artificial intelligence (AI)-based analytics to connect to new internal and external data sources provides deeper insights and drives greater resilience. These technologies will also enhance anti-fraud and AML outcomes, for example, by enabling better prioritization and triaging of financial crime alerts.

And more than half of the banks we talk to have made automating business processes a top priority – not as a way to reduce staff, but as a lever to create business differentiation by boosting efficiency and optimizing resources. These investments will move banks from the new normal to the growth path – and this includes auto intelligent financial crime risk management (FCRM), which is characterized by high automation.

The evolving role of regulators

Banks need to up their FCRM game to do more than just protect their bottom lines.

Early on in the response to COVID-19, regulators granted exam reprieves, ran off-site inspections, and extended remediation deadlines. But this has largely come to an end. Regulators seem to be in a different phase now, and they are starting to impose more fines again.

They have also moved from encouraging innovation in the FCRM space to expecting it. And they're increasingly harnessing the power of digital to develop new methods of forensic analysis and surveillance. For example:

  • In the US, the Financial Crimes Enforcement Network uses an AI system that links and evaluates reports of large cash transactions to identify potential money laundering.
  • The Australian Transaction Reports and Analysis Centre is working with RMIT University researchers and AI scientists to develop machine-learning tools to study transaction flows, pick up anomalies, and raise alarms.

Meanwhile, since November 2020, successful applicants to a pilot program launched by the UK's Financial Conduct Authority have had access to a digital sandbox. In the sandbox, they can use advanced technologies to address pandemic-related issues, including small-business lending fraud prevention and risk mitigation for vulnerable customers.

New ways to find funding

How will banks fund these digital transformation projects, which will enable innovation in FCRM? The good news is that the current situation provides banks with a greater opportunity than before to free up resources and capital for reinvestment in digital transformation.

After all, adoption of digital self-service among consumers has skyrocketed. The virtualization of work, which is here to stay, allows banks to realize savings on fixed costs, such as real estate. And business travel has slowed – first as a result of shutdowns, and now as videoconferencing has become the new normal – which has led to a reduction in banks' travel costs.

Banks can reinvest these net new savings and productivity gains in critical areas – including further digital transformation – to help them increase their resilience and grow.

Acting on lessons learned

A dash to digitally powered, highly individualized experiences must take into account banks' lessons learned.

As such, some of the investment that banks are pouring into cloud, AI-based analytics, and automation should specifically be directed to developing FCRM solutions that address new threats.

The lift-and-shift approach banks took to graft existing FCRM procedures onto their response to the pandemic – an entirely new situation – was barely sufficient for disaster-recovery mode.

To succeed in the long term, banks will have to come up with a stronger game plan. This must include FCRM advances such as digital identification, intelligent transaction monitoring, and cloud-based compliance solutions to provide scalability, resilience, and agility.

Preparing for the new reality

To prepare for the new reality that COVID-19 has ushered in, banks will need to direct some of their investment toward solutions in FCRM. And they will need to get ready for regulators to pursue their investigations with their own digital tools.

There is no doubt that the threat landscape has changed, and banks are uncertain about what the coming months will bring. But the need to transform and grow will not change. In fact, the pandemic has only accelerated the drive to achieve these goals and made transformation and growth a strategic imperative.

In their push to move past COVID-19, banks must not forget the lessons they've learned so far. The future of banking is digital, and that must include FCRM.

This article was authored by Manish Chopra, global risk and analytics leader, banking and capital markets, Genpact. A version of it first appeared in PaymentsJournal.

Visit our financial crime risk and compliance management page

Learn more