Financial crime risk governance models have a long way to go

A live poll of risk and compliance practitioners has found that more than half believe “significant work remains” to improve the maturity of risk governance models across Asia and the Middle East.

A Thomson Reuters webinar found that only 6 percent of respondents believe organisations in these regions are doing “reasonably well” in terms of risk model maturity. Around one-in-three respondents said the level of sophistication differed vastly depending on the scale and complexity of the organisations concerned.

The poll was held during an event on the financial crime compliance risk landscape, hosted by Thomson Reuters and Napier.

Mark Nuttall, solutions director at Thomson Reuters in Singapore, said organisations were slowly realising that investing in compliance makes good business sense.

“Corporates are focused on one thing the majority of the time and that’s the bottom line. A risk framework is a’ nice to have’ for many organisations,” he said. “Some organisations realise that there is a fiscal value or a real benefit to have implemented risk management framework such as ISO 31000 as a benchmark and a foundation.”

The webinar also heard that data stewardship and data management was proving challenging for organisations across Asia and the Middle East. Almost three-quarters of delegates said this was an “ongoing challenge” for their risk and compliance team.

Robin Lee, head of Asia-Pacific for Napier, said these challenges were being fuelled by the exponential growth in the data that organisations generate and collect. On the positive side, organisations that manage to tackle the “data challenge” are able to generate a range of benefits, from reducing false positives to improving and augmenting transaction monitoring systems.

“The really interesting area is this concept of perpetual KYC, where the system is always listening and adjusting risk ratings, or triggering reviews, as a result of that,” Lee said.
Only 9 percent of respondents said their technology had evolved to the point where they could make use of unstructured data.

Jamil Ahmed, chief compliance officer for HSBC Singapore, said modern banking organisations had an enormous array of contributors to their data holdings. This data is dispersed across the organisation, from the lines of business that own the customer data to the various other functions that collect critical data elements, such as IT.

“It’s not surprising that is an ongoing challenge — we’re all seeing it,” Ahmed said.

“Data analytics is fundamental to compliance risk management. The range of data tools the banks have at their disposal are also evolving rapidly, which means that we can make better sense of our risk concentrations and risk drivers.”

Ahmed said organisations need to analyse their data to identify areas of “risk concentration” that will allow them to focus their controls on the areas of highest risk.

“The tools don’t have to be very complex,” he added.

The cybercrime landscape

Cybercrime risk is still a top priority for organisations in Asia and the Middle East, the event heard. Ahmed said the cost of cyber fraud crime had topped US$1 trillion globally. In Singapore cybercrime and fraud has increased by 250% over the past year, in terms of the scale of losses that consumers are facing.
Ahmed said money muling was a top priority for AML teams, as these schemes typically rely on networks of accounts to move and conceal the proceeds of crime.

“Cybercrime and fraud is increasing and that does require a network of mule accounts to funnel that money from wherever the fraud has occurred,” Ahmed said.

Traditional customer due diligence (CDD) processes are not always designed or effective to deal with money muling accounts. Individuals will often use legitimate credentials to open accounts, using the “digital onboarding journeys” that banks have ramped up during the pandemic.

“Many banks have been working to streamline their systems to make it easy to for customers to open accounts with banks … the mule accounts can pass through CDD undetected,” Ahmed said.

Traditional transaction monitoring systems are failing to flag these accounts promptly. When they do, the mules have potentially moved “hundreds of thousand dollars” in some cases, Ahmed said.

The webinar heard that “ever-changing regulatory developments” were still the number one driver of rising compliance costs. Three quarters of respondents identified this as a primary concern, compared with just 15 percent for recruitment and talent costs.

Join us for the second in a series of webinars co-hosted by Thomson Reuters and Napier on best practices in compliance risk management.

Subscribe to Business Insight

Discover best practice and keep up-to-date with insights on the latest industry trends.