The Urgent Need for Financial-Crime Risk Management in AsiaPartner, Global Finance and Risk Practice and a Director of Oliver Wyman Australia Principal, Finance and Risk Practice for Oliver Wyman
This is the first article in a special series on financial crime.
The costs of financial crime are rising, and financial institutions in Asia are having to bear them. Given the concentration of capital flows into and within the region, the direction being taken by governments across the region, and the spate of financial-crime events in the recent past, financial institutions need to prepare to mitigate the risks associated with such crimes if they are to protect economic value and limit reputational damage.
For example, in February this year, a large Indian public-sector bank was involved in fraudulent transactions exceeding $2 billion. Owing to the market’s reaction to the news, the bank’s shares dropped by almost 40 percent in three weeks. This happened due to the lack of adequate controls systems in the bank, which allowed criminals to work through loopholes in the system and bribe internal employees to help them commit fraud.
While this has been dubbed the biggest fraud in India’s banking history, it is by no means an isolated incident in the region. In Australia, at the end of 2017, one of the Big Four banks was accused by AUSTRAC of breaches of anti-money laundering and counter-terrorism laws. By the first quarter of 2018, the bank admitted culpability in half of the cases. Recently, it agreed to pay a $523.8 million fine.
This as an issue that financial services institutions all over Asia need to deal with urgently, before the costs become too high. Given the extensive flow of foreign funds into the region in the form of foreign direct investments, it is imperative for Asian banks to actively manage and mitigate risks associated with financial crime. This will not only limit freedom for criminals and rogue states to operate, but it’s also a simple protection against financial distress.
Separately, regulators in the region will also expect much more of the banks in terms of monitoring, controls and reporting. As a result, banks will have to move closer to international norms in terms of investment in preventing financial crime.
How Can Financial Institutions Prepare?
Many firms that find themselves early in the journey of investing in financial-crime risk management may struggle to know where to start and how to get a grip on the issues.
The first step is establishing a positive relationship with the regulator. Most supervising bodies appreciate the complexities with which the bank is dealing. They are aware that controls sometimes represent a trade-off with customer experience, that systems may themselves prevent the creation of perfect controls environments, and that cultures and behaviors are slow to change.
Nevertheless, their expectations have moved, and we suggest an action plan targeting six areas for gains to get started:
Communication. Senior leadership needs to communicate the importance of financial-crime controls down the hierarchy. Boards and executive committees need to be well-versed in specific examples of failures of financial-crime controls and their implications. These can then be used to school leadership teams in the criticality of quality risk management in this area.
Culture. Uncertainty about the purpose of a transaction must be unacceptable in the culture of the organization. This will be critical not just for management of financial crime, but also for good conduct and to satisfy community expectations. The playing field of expertise in finance is not level between provider and customer: Bankers will be expected to have a solid grasp of transaction logic. Unusual requests should be met with questions, not executed regardless. This can be turned into a competitive advantage if done well and seamlessly.
Compliance. All staff need to understand the organization’s obligations for clear and transparent reporting to regulatory and supervisory bodies. Staff should be aware of their role within that overall obligation. Compliance must be a “gate” and basic requirement at all levels.
Coverage. Technical aspects of managing financial crime are equally important: All transactions need to be screened, and all customers need to go through know-your-customer procedures of the desired quality. Risk assessments need to be thorough, and tested scenarios need to be comprehensive to cover all products and segments. All geographies, branches and subsidiaries need to meet minimum standards, which are well-articulated and understood.
Computation. While financial crime is a major issue for all banks, armies of people conducting transaction checks and monitoring is not the answer. The most advanced institutions are finding radical increases in productivity from analytics. To this end, Citigroup president and chief executive of the bank’s institutional clients group James Forese, believes that the bank could replace up to half of its 20,000 technology and operations staff with machines over the next five years. According to Mr. Forese, operational positions at the bank were “most fertile for machine processing.” It is an increasingly common sentiment. Transaction monitoring is moving from merely screening to the use of advanced analytics and machine learning. Prioritizing the files for manual review frees up expensive expert time for cases where it is most needed. Large complex organizations such as HSBC have realized double digit gains in productivity and helped set the goalpost for the industry.
Cooperation. There are areas where cooperation in the industry is possible and to everyone’s benefit, such as in the creation of utilities for processes that meet KYC requirements. Well-targeted cooperation makes regulators more—rather than less—comfortable, customers more satisfied (assuming privacy can be handled appropriately), and banks more efficient (where incentives are aligned).
The Risks Are High
The cost of poor financial-crime risk management falls heavily on society as a whole—but especially heavily on the pockets of shareholders in firms judged to have materially missed expected standards.
The response needs to be broad and deep, raising seniority of issue ownership, capabilities, and engagement at all levels of the industry. But the costs of doing this will be high. We expect that most banks will need to at least double their annual spend on financial-crime risk management in a business-as-usual state. Additionally, many banks that are coming from a lower base will need to significantly upscale their financial-crime control environment to meet international norms.
The high associated costs notwithstanding, this is an issue that financial institutions in Asia need to confront sooner rather than later.
To read the full paper, click here.