Inadequate systems may mean personal loss
Around €16 billion is laundered in the Netherlands every year according to recent research from Utrecht University. Despite the massive impact to banks and their customers only 1% of money laundering cases in general are intercepted by bank systems. Regulators are now cracking down. In Europe alone, 18 of the top 20 banks have been fined for offenses relating to money laundering since the financial crisis. In 2018 alone, there were an unprecedented number of cases of fines to banks, some of US$1bn or more.
Fines are not the only impact. Banks failing to sufficiently protect against financial crime are experiencing falling share prices, as well as reputational and client/partner relationship damage. There are also increasing examples of personal impacts to bankers; in the UK and US bank execs are now being held personally accountable, facing personal fines and even prison for non-compliance. Mitigating this growing risk is crucial, however, with new regulatory standards and the increased risk from digital and real-time payments, this is no easy task.
The digital and real-time payment risk
Financial criminals love digital. Smartphone platforms are the second most targeted platform by hackers after Windows. Why? As banks shift to digital channels the attack surface grows, there is more to protect and complexity ensues. In addition, successful attacks on banks provide a quick way to monetize stolen data. Add real-time payments, and identifying illegal transactions is a real challenge. This is because they are processed as they happen and cannot be reversed – there is no time for manual fraud review steps. Tackling fraud in real-time payments relying on just historical data alone isn’t sufficient. And with the increase in new schemes without value limits, processing a fraudulent transaction could be very costly.
The EBA’s new anti-fraud requirements
The EBA regulatory technical standards (RTS) relating to Open Banking mandates, stipulate that banks need to monitor transactions, allowing frictionless traffic where the risk of fraud or value is low while enforcing additional verification where risk is higher. This stipulation means that banks must have this capability but at present very few do.
This requirement does however offer benefits. The RTS states that where the fraud risk is better understood, more convenience can be driven to the customer. This is an incentive to manage fraud risk well. In a digital banking world, trust is key to reputation and ultimately retention. The probability of selling to an existing customer is 60-70% while the probability of selling to a new prospect is 5-20% . These figures are general but the statistics from a banking perspective are likely to be similar and banks need to adopt techniques that support retention as well as acquisition if they are to maintain market share and profit.
The operational challenge
Financial crime is growing. Banks are suffering and the personal impact to Bank execs can be huge, so why aren’t banks protecting themselves? This may be because it costs the banking industry nearly $270 billion annually, or 10 percent of operating cost, to meet the demands of regulatory compliance . Much of this cost is due to poor operational efficiencies. Ineffective Screening of watch lists, static business rules (e.g. highlighting transactions over 9k), an inability to monitor suspicious activity, the high numbers of false positives that must be investigated and high numbers of staff needed to investigate these are just some of the reasons behind the costs. Operational efficiency is crucial, and has been sited as a top three IT investment priority for banks in 2018 , realising that it can be achieved with the right system and processes in place.
Addressing the false positive issue
False positives are a major issue for bank operations. Between 5% to 7% of total transactions are erroneously identified as relating to a financial crime. That is a lot of transactions to review (often manually). Potentially good customers may be treated unfairly unless they are identified as ‘false positives’ quickly and addressed effectively.
However, false positive incidents can be significantly reduced by using sophisticated algorithms and highly effective scanning methods. This combination of algorithms and methods allows for a higher threshold in fuzzy matching and, as a consequence, reduces the number of false positives without compromising accuracy in hit detection, and ultimately realising enhanced efficiencies. At Temenos, our clients report false positive rates of just 2.5% when using our financial crime mitigation (FCM) software. This means lower review rates and seamless transactions, and ultimately lower costs. In fact, our customers report a 50% lower cost of ownership when using our FCM software
Using AI to improve accuracy and efficiency
One of the key features of artificial intelligence (AI) is its ability to detect patterns and recognize small deviations that occur which seem irrelevant to create an intricate profile. This clustering functionality is perfect to support FCM. For example, location data can be collected from counterparties, originators and beneficiaries in a customer’s payments transaction on an ongoing basis; looking beyond just a one-time snapshot of a payment transaction. This machine learning approach would enable a profile of habitual behavior for that customer’s payments activity. As a result the profile is more accurate with alert detection and false positives are reduced.
It is a daunting time to be responsible for compliance and its associated operations, but it doesn’t have to be. The technology to reduce both the risk and the associated costs is available, quick to implement (implementations can take as little as 6 weeks!) and sufficiently intelligent to grow with a bank’s business. There is no need to be concerned anymore.
Written by Keith Morrison – Business Development, Netherlands