Maintaining a comprehensive view of financial crime risk of your customers is an essential task but not a simple one. Current models rely on static data collected at account opening or event-driven triggers. Organizations need a unified view of compliance risk that dynamically calculates risk levels based on evolving customer profiles from internal and external data sources. It’s time for a more integrated, dynamic approach that embraces the latest technology.
Here’s how flexibility, integrating risk across multiple processes, together with AI and ML technology, can empower businesses to mitigate risks more effectively, reducing exposure to financial crimes and the potential regulatory violations, hefty fines, and reputational damage that can result from such illicit activity.
Who are you doing business with?
The foundation for robust financial crime risk assessments is to understand—in detail—who you are doing business with and the propensity or likelihood of underlying financial crimes to find their way into the complex array of customers and their relationships. Piercing the complex ownership structures which proliferate throughout your customer base along with complex regulatory guidelines, more data sources, rising data volumes, a vast array of predicate offenses and unlawful activities, and geopolitical tensions mean this is no small feat.
Traditionally, risk assessments have focused on the customer directly with consideration of their relationships coming in secondarily. Customer due diligence is conducted during onboarding or at specified intervals throughout the customer lifecycle based on initial risk assessments. Also, the traditional focus has been on collecting and evaluating information about a person or entity, such as name, address, account purpose, source of funds, etc. There was no real focus on the underlying offenses that a customer may be exposed to or participating in.
In today’s world, with increasing ML and AI capabilities, organizations can trace the ripple effects of relationships and transactions with associated red flags with unprecedented precision. Organizations have the capability to evaluate their clients' entire network, encompassing beneficial owners, suppliers, employees, customers, and other critical stakeholders along with transactions conducted that bring risk.
It is vital to understand the potential risks posed by the customer and their direct and indirect relationships. For instance, a community bank may serve domestic customers with clean profiles but unknowingly expose itself to sanctions or money laundering risks through the customers' suppliers operating in sanctioned geographies.
Failure to monitor direct and indirect relationships and transaction activity can result in financial crimes being undetected and allowed. This lack of monitoring and risk identification and mitigation has resulted in historic financial penalties, as evidenced by high-profile examples of companies fined for ineffective customer risk assessment and overall weaknesses in their AML controls. Consequently, companies need to develop their financial crime risk analysis and assessment processes across all risk monitoring systems to effectively identify counterparties and the potential for underlying offenses and unlawful activity, down to the level necessary to determine the risk of doing business.
Process and technology challenges
Understanding the need for holistic risk assessment is one matter; achieving it is another. From a technology perspective, financial crime risk assessment is often fragmented across multiple processes—onboarding, due diligence, monitoring—each using different systems that don't communicate with one another. The data contained in these systems is often old and or out of date. As a result, businesses are left with a retrospective and incomplete view of their risk exposure.
Moreover, many risk models are static and fail to reflect real-time changes. Due diligence conducted during onboarding offers only a snapshot of that reality, and periodic updates are typically based on a calendar schedule prioritized by the current risk rating or event triggers, rather than ongoing changes to customer risk profiles based on changing internal and external data.
Not only does this approach leave companies open to financial crimes, either knowingly or unknowingly, along with a myriad of compliance failures, but it is also more expensive from an operational perspective. A study by McKinsey & Co found that banks adopting trigger-based reviews for low-risk customers—rather than relying on a calendar schedule—reduced KYC operating costs by up to 20%.
Individuals and entities in your customer base are ever evolving, demanding a more dynamic approach. As their profiles change, they either increase or reduce potential risks for your organization. Treating them as static objects in need of periodic maintenance heightens the risk of participation in financial crimes along with financial and reputational harm or missed revenue opportunities.
Moving towards integrated and dynamic customer risk scoring
Adopting integrated risk scoring overcomes many of these challenges and provides a more robust approach to customer risk assessment. This approach sees organizations dynamically calculate risk scores by pulling data from all critical source systems, including internal systems such as transaction systems and external ones like news outlets and social media. As a result, they are better placed to spot risks that may impact a customer risk profile arise both directly from customer interactions and transactions and changes such as those in beneficial ownership or negative media coverage.
But how much integration is too much? Implementing these datasets can come with significant resource and cost investments, and identifying the right level of integration requires careful consideration. Consulting a risk expert is a crucial first step to pinpoint the specific risks your organization faces. While stopping and reviewing every transaction would indeed eliminate risk, that’s neither practical nor recommended. Instead, a targeted approach that balances thorough risk assessment based on your customers and red flags associated with their activity can help ensure that the resources invested yield meaningful insights to enhance your risk management processes, not overwhelm it.
Additionally, artificial intelligence (AI) and machine learning (ML) have a growing role to play. As regulators become more open to innovative technologies, AI and ML will, for example, enable integrated, real-time adverse media or identification checks. Further, AI and ML can help analyse transaction data to detect and potentially prevent activity associated with underlying predicate offenses and unlawful activity.
However, caution must be exercised. The algorithms that underpin AI and ML models must be transparent, explainable, and free from bias. Clear documentation of how these models work and their criteria is essential for compliance, especially as regulatory scrutiny increases. In short, while AI can enhance risk assessment, it must do so in a way that doesn’t introduce new risks or biases into the decision-making process.
Adopting a proactive approach to financial crime compliance
As financial crime risk continues to evolve, organizations must adopt a proactive, technology-driven approach to stay ahead. Outdated risk models that struggle to draw on all relevant information sources, internal and external, are no longer sufficient to manage the complexities of today's global business environment. By embracing integrated risk scoring in a flexible and dynamic risk model, companies can gain a holistic view of their risk exposure, covering not only direct but also indirect relationships. This approach not only strengthens compliance and optimizes operational efficiency but, most importantly, reduces financial crime exposure.