In recent years, financial crime has increasingly become of concern to both governments and financial institutions around the world, particularly crimes such as money laundering, terrorist financing, fraud, bribery and corruption.
In financial services, managing risk is perhaps the key discipline, but while those in the sector are accustomed to managing perils in areas like credit risk or market risk — which are easily calculated and quantified — assessing financial crime risks is different. These are called “consequential” risks, meaning some risks here may only become evident once the customer began transacting through the account.
It is for this reason, says Jaco van der Merwe, capability architect at Ovations Group, that the monitoring of customer transactions is a fundamental component of the risk-based approach (RBA). This approach requires financial services organisations to identify, assess and understand each of the risks to which they are exposed, and then to target their resources at the most serious risks and deprioritise where required.
“With the implementation of the Financial Intelligence Centre Act (Fica), South African accountable institutions are now required to implement a risk-based approach to manage money laundering and terrorist financing risks. This has introduced several challenges to the banking industry, such as updating policies, procedures and processes, as well as the training of resources. To ensure compliance with Fica, accountable institutions chose to establish risk management and compliance programmes accordingly,” says Van der Merwe.
“Conducting a business risk assessment is about determining an organisation’s inherent risk. This represents their exposure to money laundering and sanctions risks in the absence of any control environment being applied. After the design and implementation of anti-money laundering and sanctions controls, and in combination with other business controls, IR is ultimately reduced to residual risk. After all efforts to identify and eliminate risk have been made, residual risk is the threat that remains.”
Furthermore, when talking about risk, he adds, it must be remembered that the Covid-19 pandemic has also had a significant impact on enterprises around the world, and it is important that organisations put policies, processes and procedures in place to minimise the impact of the virus and to ensure business continuity.
“However, these operational changes can introduce additional risks into a business. Therefore, it is clear that these organisations will benefit from the execution of a risk assessment to assess whether their controls are still effective in managing the risks in the aftermath of the pandemic.
“Adopting a risk-based approach to compliance management is necessary in today’s complex financial services sector environment. Such an approach requires entities to not only be able to understand the various laws and regulations with which they are required to comply, but also the impact that non-compliance with each of these will have on the organisation. With such knowledge, organisations can decide on the number of resources to employ to manage compliance risk. They can also decide how to deploy their resources, focusing firstly on the highest risk areas identified and following up with those that have less of an impact.”
When it comes to indicators that can enable the assessment and measurement of the level of risk, says Van der Merwe, one must interrogate the details relating not only to the customers themselves, but also their country of origin, the industry in question, the channel being utilised and even the products and services involved.
“Although these risk factors are crucial to establish the client’s risk profile, we are seeing a shift to a more entity-centric, risk-led approach, something that is underpinned by a technology-enabled scenario involving continuous scoring of risks across a customer’s interactions,” he says.
“The benefit of such an approach is that it provides a continuous, timely and comprehensive understanding of clients and counterparties across previously siloed risk areas. Specific enabling technologies are vital in delivering the required support for an entity-centric, risk-led approach, and can include agile platforms and scalable data access, advanced data management and algorithms, predictive modelling based on data science, process automation and optimisation, behavioural risk models and integrated due diligence.”
Ultimately, a risk-based approach is considered an important component in the initial client on-boarding process, Van der Merwe adds. It is at this point that financial services entities can establish a risk assessment strategy, which can help to mitigate and assess the risks involved in dealing with high-risk customers, not to mention the ongoing due diligence required to mitigate these risks.
“Financial crime is a global concern and companies can no longer focus only on their home base – instead, they need to be aware of the risks in every country in which they operate. Moreover, constantly changing laws and regulations, on-boarding of new products, services and clients, each with their own degree of risk, necessitates that organisations ensure that they assess their risk-based approach in a way that ensures it aligns with their risk appetite, he concludes.
- This promoted content was paid for by the party concerned