The Fight Continues

Financial Services firms are trying to integrate their anti-fraud and anti-money laundering initiatives, breaking down silos, reports the latest OR&C Intelligence Survey.

Anti-money laundering and anti-fraud technology implementation continues to evolve as financial services firms seek to move beyond pure compliance by business line, with its siloed approach to these two disciplines. This is according to some of the results from the second annual OR&C Intelligence Survey on the subject, sponsored by financial crime and compliance software firm Norkom.

The adoption of technology to manage financial crime and compliance continues. Last year’s research showed that 34% of respondents had yet to put software solutions in place to manage AML detection and investigation. A number, 31% were without solutions to manage fraud. This year’s research shows there is increasing adoption of technology to defend against financial crime, with only 19.2% and 22.9% respectively not having a solution in place.

However, technology proliferation continues to be an issue in fraud arena in particular where 58.5% of respondents (up from 38% last year) say they have multiple solutions to manage detection and investigations across their organisations. “The proliferation of technology presents a challenge for many organisations as the threat of organised crime and international terrorism increases” says Hillary Duffy, manger at Norkom. “Fraudsters and terrorists operate without respect to geographical or enterprise boundaries, so the ability to identify links between incidents of suspicious activity on a company-wide basis is now an imperative. Companies are hampered in their ability to do so by two things: their organisational structure (decentralised and soiled) and their technology strategy (piecemeal and ad hoc). As their businesses have grown many companies have invested heavily in technology, but frequently without central governing strategy. Their now faced with a proliferation of technologies that reinforce their divisional structures and are unable to communicate or share information – a weakness today’s savvy criminals look out to exploit.”

Some early adopters are already overcoming the technology proliferation challenge by implementing overarching technology solutions that consolidate information from their existing detection systems so investigation intelligence can be made. This is happening quickly in AML, where 26.8% of the respondents have a consolidating solution on place (more than doubling 13% last year). No doubt, here, increased regulatory pressure is providing a considerable spur to action. The uptake of consolidating technologies should continue to increase, however. More than three quarters (79.3%) of those who don’t yet have a solution in place agree it would help to improve investigatory performance and lower operating costs. However, of that total, 20.7% believe the technology integration challenge to be “insurmountable” – expressing some of the doubts that linger in the industry, particularly at firms that have experienced rapid M&A growth in the past few years.

It’s logical and technological consolidation will go hand in hand with organisational consolidation – breaking down the decentralised or soiled management structures that characterise so many firms. Almost 80% of respondents say their AML activities are consolidated under a single reporting line across their entire organisation. This is slightly lower for fraud at 65.7%. A substantial number, 52.8%, of respondents have taken a step further by combining their AML and fraud activities. Some 40% have achieved this over their entire organisation, while 12.5% are progressing towards it, having achieved consolidation in at least some geographic regions. Among those yet to consolidate compliance and financial crime management, there is clear appreciation of the benefits. Some 68.8% believe it will increase their ability to detect crime, while 57% also agree it will reduce their operating costs.

Compliance cost reduction is a growing theme in financial services firms. According to industry analysts the Tower Group, the financial services industry will spend $370billion on compliance alone this year – up form $320billion in 2005. Some 84% of that cost will be attributable to administration. This scenario – of high costs on a continuously upward spiral – is now presenting a major challenge to the industry and the hunt is on for new ways to curb them.

For example, false positives on AML and fraud accounts for a considerable amount of wasted time and money. For AML, 27.4% of respondents say between 1% and 25 % of the alerts their system generated were false positives. A shocking 9.6% of respondents say 50% of their AML systems generated were false positives. The picture for fraud is a little better – 31.7% say their false positives ran between 1% and 25%, while 8.3% say they were 50% or higher. Firms are taking steps to help improve their false positive rate, because this helps decrease the amount of human intervention required to review the false positives, so there is an immediate ‘bang for the buck’. Structured manual review systems are used by 33.3% to refine detection scenarios to improve accuracy, while 28.3% occasionally take action to refine their detection scenarios, but this is not a structured process. Another 28.3% use software solutions to improve accuracy. Just 10% take no action to improve their scenarios.

Says Norkom’s Duffy: “These finding are startling, but when translated into monetary terms, their impact becomes tangible. If we assume the average international bank employs 100investigators at an average salary of $125,500 each, the loss of 25% of their time represents an annual cost of $3.1million. If the time lost reaches 50% this doubles to $6.2million.

Another area of high human resources cost is watch-list monitoring. Around 36% of respondents say they spend 20% of their investigators’ time, or more, monitoring watch lists, while 28% say their investigators spend 11% to 20% of their time doing this. Ten percent of respondents say the amount of time spent monitoring watch-lists has risen between 5% and 10% over the past year, while 18% say they’ve seen an 11-20% increase. Another 10% say they’ve seen monitoring time increase 20% or more. More disturbingly 45.5% of respondents said they could not conduct a name search across their entire organisation from the respondent’s location. Another 30.9% said they could conduct such investigation in other regions or locations.

Says Duffy: “After a foiled terrorist attack Heathrow airport last August, the UK government asked financial institutions to search for any business connection with 17 named suspects. For most of the process took over three weeks. One, thanks to the sophistication of its counter terrorist financing operation’s watch-list management programme, completed the task in over two hours. This story illustrates well that the watch-list management, though viewed by many as mundane and unglamorous, is a vital element of the war against terrorist financing and that, in most organisations, its performance is inadequate.”

Overall, firms are struggling to keep costs under control while meeting increasing regulatory demands. Some 14.5% have seen their AML compliance costs rise between 5% and 10%, while 23.5% have seen their anti-fraud expense rise by the same amount. Some 32.7% have seen their AML costs rise by at least 10%, and some 10.9% have seen costs rise 50% or more. Anti-fraud costs are rising at slightly lower clip but on the other hand those costs don’t have the same level of regulatory momentum behind them. Over time, however, anti-fraud costs can expect to rise as regulators focus increasingly on combating fraud at financial services firms.

A QUANTUM SHIFT

Enterprise-wide financial crime management is becoming mainstream reality, says Norkom’s Hillary Duffy. But those that combine it with risk-based approach will reap the most reward.

The move towards an enterprise-wide approach represents a quantum shift in financial crime management. And it is clear that, despite the considerable barriers to its achievement – decentralised management structures and soiled techniques- that shift is under way and gathering pace. Twenty-seven percent of research respondents have implemented enterprise-level technologies that draw information from their disparate detection systems to rationalise investigation management, overcoming the technology barrier without an expensive rip-and-burn strategy. In addition, 79% tell us their anti-money laundering AML) activities are now consolidated under a single reporting line. The number is only slightly lower (66%) for fraud. More than half of respondents (53%) have gone a step further by combining AML and fraud activities. Forty percent have achieved this across their entire organisation, while 13% are progressing towards that goal, having achieved consolidation in at least some geographies. It’s clear that long-established bastions are beginning to topple.

An appetite for risk

The gritty determination that characterises the move toward an enterprise-wide approach is equally evident in the way institutions are addressing risk. This year’s research tells us that 72% of financial institutions have responded positively to the regulators’ demands that they adopt a risk-based approach for their AML activities. The figure is only slightly lower, 69%, for fraud. The trend looks set to continue: a further 16% say they’ll adopt it for AML over the next 12 to 24months, 10% for fraud. The risk-based approach is being adopted with almost as much enthusiasm in fraud departments, where it is not required by regulation, as in anti-money laundering departments it is. This is hardly surprising. After all, the economic benefits on the offer are considerable. Enlightened organisations recognise, for example, that if, during the customer due diligence (CDD) process, 80% of new customers can be clearly identified as low risk, justifying a minimal verification process, most new business can be brought onto book quickly, leaving only a small minority to pass through more rigorous, and therefore time-consuming and costly, process.

More than four-fifths (84%) of our respondents that have instituted risk-based approach confirm they’ve been able to bring new business on board more quickly as a result, speeding up revenue generation and improving customer responsiveness, as well as easing the investigative cost burden. Sixty-five percent of those yet to make the move anticipate similar benefits when they do.

The benefits are not restricted to customer due diligence activities undertaken at account opening. If monitoring activities can be intensified for customers with a high risk profile and relaxed for those whose activities are more straightforward, expensive investigatory resource can be allocated more meaningfully, with a resulting reduction in false positive rates and increased investigatory success. Our research tells us that organisations are hot in their pursuit of this objective. Of those that are using a risk-based approach in CDD, 87% are also determining risk profiles that will dictate the degree of monitoring dedicated during the lifetime of the account. Furthermore, the overwhelming majority (98%) appreciate that a risk allocations only truly valuable if it can be regularly viewed and adjusted as an account holder’s circumstances and financial dealings change.

The Challenge being met

It is important not to underestimate the size of the challenge this represents. Its one thing to allocate a risk profile to customer at account opening, quite another to make sure it is constantly re-evaluated as the customer’s circumstances change. Over one-fifth (21%) of our respondents are to be applauded for having technologies in place that monitor behaviour and automatically suggest changes to the risk profile. Others are relying on manual, and frequently irregular, processes to achieve this, which are unlikely to meet regulatory scrutiny long term or deliver the optimum economic benefits.

But, to turn full circle, the re-evaluation of technologies already under way to address the enterprise-wide management challenge will help here, too.

As institutions re-invest to support organisational consolidation, they would be wise to look for technology solutions – and they are certainly available – that address both issues in tandem. As the move towards an enterprise-wide approach to financial crime gathers pace, the benefits of a risk-based approach will be realised in full, making it clearer than ever that, in this case at least, what’s good for the regulator is good for business, too.