Compliance Tower of Babel: Are your teams speaking different languages?

Success in a globalized economy is often rewarded with an increasingly complex landscape of rules, regulations and compliance pitfalls. While such challenges were once the exclusive domain of finance, nearly every industry today finds itself touched by strict requirements to ensure that all transactions and business relationships are vetted, assessed for risk and profiled against internal risk appetites.

In any industry, growth is an imperative and a metric looked upon to gauge success. Growth, however, whether organic or through acquisition, can create operational and process fragmentation. Whether the company is a FinTech startup, a payments organization, a money services business or an established global financial institution, the pace of change is accelerating; the demand for new products, lean startup methodologies and agile development processes add to the rapidity of change.

Furthermore, as companies grow in size and complexity, expand into new markets and acquire new lines of business, their networks, systems and processes for detecting and monitoring risk, fraud and sanctions violations often swell and splinter while their ability to maintain oversight and control diminishes.

Unfortunately, overhauling or replacing existing systems is expensive and can require extensive retraining or even new staff to support. In addition, outdated technology solutions lack the scalability and intelligence to thoroughly identify fraudulent or suspicious transactions, either as isolated incidents or as part of a larger trend.

Apart from the technological and operational underpinnings, culturally speaking, responsibility for compliance and associated activities are typically not centralized, even in mature organizations, with rapid growth exacerbating the fragmentation. Products, departments or subsidiaries have distinct people, processes and tools for compliance with inherent inconsistencies in design, implementation and monitoring. These processes can overlap and contain inefficiencies, create friction around such strategic business activities as product launches and expansion, and lead to a failure to effectively identify risky business dealings.

As with the Tower of Babel, growth can cause different groups to speak different languages with respect to compliance. These distinct compliance dialects form silos, whether operational, cultural, or both, inhibiting clear communication and information sharing across the enterprise.

All the while, a globalized economy and the reach and rapid advancement of technology also give criminals a much larger domain in which to operate, enabling them to be more sophisticated and adaptable in their techniques and take advantage of an organization's inability to connect the dots.

Regardless, regulatory expectations include establishing compliance programs that are holistic and consistent, with repeatable processes, change control, auditing and monitoring—a difficult task to efficiently address with a multilingual compliance landscape and fragmented operational ecosystem. The burden to keep pace can cause many negative consequences, including reliance on ad hoc manual processes, inconsistent compliance views, analyst fatigue, and increased operational and compliance risk. Furthermore, the noise created by the volume of data can cause apathy and negligence among compliance operations staff and detract focus and energy away from real and potentially serious criminal activity.

Without a comprehensive view of customer and vendor activity, it becomes difficult and expensive to detect the patterns and behaviors that signal potential risk, fraud or sanctions violations. In short, operational excellence (data quality, processes, monitoring, controls, change management and oversight) is a prerequisite to appropriate risk management.

It becomes challenging for decision makers and operations managers to plan for future expansion and be strategic about their initiatives when they do not have the ability to properly predict or understand the impact their business decisions could have on cost, risk and compliance. A lack of the expertise and tools required to properly frame, execute and track a coherent strategic plan around risk makes the view even more opaque.

To mitigate compliance and strategic risk across the enterprise, focus on the convergence of these aspects of compliance and their associated operations:

  1. Real-time screening and analytics, to mitigate sanctions-screening and transaction-monitoring risk—As business functions grow and transactions become more sophisticated, real-time transactional screening has become essential as a preventative solution. Apart from the breadth and volume of data sources, such additional variables as language translation/transliteration, payments flows and ties between screening and movement of goods are considerations. Leveraging technology—including application programming interfaces and big data machine learning systems—is critical to mitigating the operational effects of the real-time requirements.
  2. Robust customer risk profiling, to enhance know your customer (KYC) and enhanced due diligence processes—Creating and enforcing consistent KYC processes and workflows across analyst teams provides a framework for customer risk assessment, whether the customer is local or global. For these processes, it is critical to implement ongoing risk profiling with alerts and aggregate customer profiles that monitors and predicts potential impact. Continuous feedback between KYC, sanctions, transaction monitoring and analyst data—using a machine-learning platform that perpetually analyzes large and varied data sets—reveals new or unseen patterns. These patterns can help predict future risk and the likelihood of such negative outcomes as suspicious activity report filings or account closures.
  3. Automated retroactive monitoring, to provide sanctions-screening coverage and changing customer risk profile escalation—Retroactive look-back sanctions and transactional screening remain an integral compliance expectation. An effective retroactive screening system should automate re-screening across all lines of business and transaction types, scaling up to give near real-time results. Machine learning can increase the efficiency of the due diligence process, reducing false positives and incorporating analyst results to increase efficiency over time.
  4. A centralized compliance system of record, to provide controls, metrics and monitoring across the enterprise—A collaborative platform for enterprise risk management, customer risk profiling, policy management and dissemination, operational metrics, and predictive analysis provides an enterprise view for executives as well as legal and compliance departments. Having a central customer risk profile hub bridges the gaps across disparate teams, tying together operations, internal and vendor applications, and compliance activities.

Incorporating these elements into your enterprise compliance strategy will assist in translating the various internal compliance dialects and facilitate a thorough review of business interactions and relationships, tracking and trending risks, key indicators, mitigation action plans and strategic opportunities—allowing your organization to truly capitalize on changing market conditions.

Michael Brown, CAMS, vice president of product strategy, CSI Regulatory Compliance, Charlotte, NC, USA, michael.brown@csiweb.com

Leave a Reply