Five common pitfalls of financial crime prevention
Financial services organisations can, and do, prevent many criminal acts through adequate controls, proper supervisory procedures, and sophisticated detection and incident management technology. However, there are a handful of shortcomings that derail the best preventive measures and result in negative news headlines and increased regulatory scrutiny for individual employees and entire institutions alike, writes Joram Borenstein
Financial services organisations would certainly benefit from an introspective look at their current financial crime management process to ensure that they are not falling prey to any of these common pitfalls. We think there are five common areas that are usually the source of most problems.
#1 – A Piecemeal Approach to Financial Crime
Many financial services organizations have obtained and implemented an appropriate tool for a given task or coverage area, such as fraud or anti-money laundering, but then have simply used such systems in isolation. Whether due to organizational silos, the lack of a long-term channel strategy, or a rush to protect the institution against emerging threats, different solutions are cobbled together that offer a superficial yet functionally inadequate layer of protection against financial crime. Sophisticated criminals exploit the gaps between these independently operated systems, often leveraging weakness in one channel to gain access to another. As a result of this situation, financial institutions are increasingly moving towards a more consolidated approach to financial crime prevention and should match their strategy to their technology solutions and buying decisions.
#2 – Failure to Connect the Dots Across Systems
By neglecting to view information across their myriad systems, many financial institutions often fail to identify criminal activities as they are in progress (or even after they have occurred). Especially in sectors and channels where there are no comprehensive solutions providing complete coverage, this lack of information connectivity prevents organizations from understanding the big picture of financial crime at their institution. Achieving this holistic view amongst disparate systems and data sources creates a more robust financial crime prevention program and allows an organization to incorporate new technologies without increasing risk.
#3 – Cost Driven to the Detriment of Prevention
Viewed primarily as “cost centers,” fraud detection groups, and Financial Investigation Units (FIUs) have seen budget cuts and staffing reductions following the 2008 economic downturn. Yet as regulators have increased scrutiny on the financial industry, the number and amount of fines have grown precipitously, and financial services organizations must rethink the value of adequate protection and the true cost of financial crime prevention programs. No longer satisfied with merely “checking the box,” regulators are looking to financial institutions to do what is necessary rather than what has been deemed acceptable in the past.
#4 – Doing Too Little Too Late
A regulator at the doorstep with a Cease and Desist Letter or an embarrassing front-page news article should not be the driver to identify gaps in a financial crime prevention program. By the time such a situation has occurred, the damage is most likely done, ruining reputations, customer relationships, and more. Being reactive and flexible to on-going threats is important, but putting safeguards in place and making the necessary investments before issues occur will save significant time and cost and enable firms to make investments that are part of a larger strategy, rather than a series of quick fixes.
#5 – Neglecting Organizational Behavior Changes
State-of-the-art detection systems, updated processes, and well-meaning executive mandates are a positive start, but if an institution’s culture does not incorporate or reflect these ideals, no technology or mission statement – no matter how well implemented or planned – will prevent financial crime. Prevention must be an imperative not only from the top down, but also from the bottom up to ensure protection of an institution, its customers, and assets. Technology, policy, and process should support the right actions and enable staff to take the steps needed to comply with organizational policies and prevent risk from criminal actions, conflicts, or various forms of fraud – however, these elements cannot be expected to make up for failings in corporate attitudes.
It’s Time to Think Differently
“Adequate” and “good enough” were once acceptable as financial crime prevention benchmarks, but today, regulators, boards of directors, shareholders, and consumers are holding financial services organizations and their management teams to a much higher standard. More is expected of financial institutions despite the obvious challenges of cost, technology, and an ever-changing threat landscape. As fines have proliferated and increased, the relationship of upfront investment versus the expense of regulatory fines, reputational damage, and loss of equity has changed, and financial institutions are rethinking how they address financial crime and the true value of their strategies as well as deficiencies.
Investing in financial crime prevention strategies and tools not only increases the effectiveness of such programs, but also provides significant cost savings and increased employee efficiency. This paradox of gaining more from expenditure requires a change in the perception that financial crime prevention can only be a cost center. Viewing financial crime prevention as an investment in mitigating negative consequences, such as customer disruption, government indictments, and lost employee productivity, means such programs are more likely to thrive in the long run.