Regulations are meant to prevent serious data breaches and financial crime, but is meeting compliance just about ticking boxes?
Financial regulations are a core element of the financial industry landscape and have a long history. For example, financial regulatory measures in the USA go back to the 1700s and have been regularly debated and changed for centuries. Across the world, regulating financial activity has become an ongoing challenge for regulators and financial institutions alike. Compliance requirements are designed to help FIs manage risk and reduce financial crime. But has the long history of regulations made compliance a tick-box exercise, and are regulations agile enough to handle the ever-changing financial crime landscape?
Why do financial regulations exist?
Financial regulations provide a standardized framework upon which a financial system can be established and optimized. The rules upon which the framework pivots form a baseline of expected interoperability, security, and privacy. These rules protect against financial crime and help to mitigate systemic risk, helping to stabilize the economy. As a framework applied across the financial sector of a given jurisdiction, regulations can form a basis for innovation and competition. Across borders cooperation between regulators can help build financial bridges and deliver further innovation across borders. Regulations, when enforced, also provide a way to police irregularities within the financial sector, making the landscape fair for all. Overall, regulations are a must, but they can quickly become a rod for a compliance officer’s back.
One of the continuing challenges of financial regulatory compliance is the evolving requirements of the regulations. International agreements and standards play a part in complex and continuing modifications of AML laws and regulations. The problem is that costly and complex regulations can become a tick-box exercise, with compliance and IT staff going ‘through the motions’ to simply get the company over the compliance hurdle.
Costing compliance and non-compliance
Meeting the various requirements of anti-financial crime regulations such as AML is no mean feat. But, non-compliance has multi-level impacts on the financial sector and society as a whole. Macro impacts include the global costs of money laundering; the United Nations Office on Drugs and Crime estimates that up to $2 trillion of illicit laundered funds are being moved through global financial networks yearly. Regarding human costs, money launderers contribute to terrorism, human trafficking, illegal drugs, and child abuse.
At the organizational level, meeting AML compliance is a costly business at around US $48 million per bank per year. According to Oxford Economics, 70% of those costs are due to human resource needs.
However, these costs pale into insignificance next to penalties for non-compliance. According to the Financial Times, in 2022, the cost of fines for financial non-compliance increased by over 50%, with banks and FIs fined over $5 billion for AML, KYC, sanction breaches, and other financial crime regulation infringements.
In a recent webinar hosted by Finextra, the panelists, including Eastnets own Deya Innab, stressed the challenges of adhering to regulations and that “Effectiveness is an issue, and more of the same may not offer better results.” These challenges can easily lead to stress and a feeling of just wanting to complete the requirements of compliance because it must be done, rather than an important aspect of tackling financial crime.
Watch the webinar: Financial Crime: How regulators are cooperating to combat financial crime.
Do anti-financial crime regulations work?
Significant penalties alone are not enough to enforce good regulatory practices. Is this because it is hard to meet regulations, and perhaps FIs don’t believe they are enforceable, or the situation is too complex? A panelist in the webinar pointed out that there may be an underlying issue with the “willful circumvention of requirements or a subjective interpretation.”
KYC checks are a case in point. FIs are increasingly expected to provide seamless, simple, and unobtrusive customer experiences. A conflict can occur if KYC/CDD checks are overly intrusive or take too long. However, without robust and effective KYC, an FI will not only be liable for non-compliance penalties but also put its customers and itself at risk. The entire chain of anti-financial crime checks, including KYC onboarding, sanction checks, and monitoring, can become burdensome, resulting in a check box mentality to get over the compliance line.
Anti-financial crime regulations work but must be balanced with customer experience, cost, and business goal impact. As Deloitte found out, 62% of banks and FIs see increasing regulatory expectations and enforcement as the most significant challenge with AML compliance.
Why anti-financial crime should go beyond regulations
Risk mitigation can be transformative and open new ways of delivering innovative customer due diligence. Indeed, support for new mechanisms such as faster payments and cross-border transactions is enabled through the medium of regulations. However, there is a question: why even have a set of controlling requirements for FIs? The answer may seem obvious; in a perfect world, financial transactions would be carefully handled and monitored for any nefarious activity without needing external enforcement. But this is not an ideal world. Changing regulations and increasingly sophisticated and complex chains of financial crime mean that regulations must be seen as something other than ticking a box. Regulations are a framework, often a baseline of requirements to help prevent financial crime. However, it is the enforcement of these requirements that can cause headaches for an FI. Help is needed to automate protective measures. RegTech solutions are typically designed to handle the burden of regulations to allow an FI to move out of the tick box into a realm of effective control over customer onboarding and transactions. Customer screening and monitoring are fluid events, especially in a financial world of open borders. Screening and monitoring of customers and sanction lists cannot simply be a check in a box; instead, this must be automated, continuous, and real-time if an FI wants to prevent financial crime.
Compliance and IT teams in the financial sector are under immense pressure to meet regulations and deal with sophisticated money laundering schemes. Any device that can save time and money must be a welcome addition to ensuring that regulations are not only met but that the protection measures can go beyond basic compliance and offer real-time effective protection.
Compliance should not just be about avoiding penalties. KYC and AML checks and monitoring are vital to the bigger picture. One that impacts the stability of world economies and prevents material harm to people and the planet. Balancing regulatory compliance with customer experience needs solutions that work in real-time and reduce the overhead of performing AML and KYC checks. RegTech solutions for financial regulatory compliance must be designed to work seamlessly, integrated into an FIs stack, handling the workload on behalf of the compliance and IT team. Financial criminals must not be underestimated, and regulations are there to set the bar. Meeting and moving beyond that bar will help mitigate risk and build safer transactions.