FinTech solutions for regulatory compliance – watch the risk

by · January 17, 2023

FinTech solutions for regulatory compliance – watch the risk

To remain compliant with an ever-evolving regulatory landscape, a growing number of financial institutions in the Middle East are turning to fintech solutions. Although such solutions can bring significant benefits, they also contain a number of inherent risks, write Muthmainur Rahman and Jonny Davies from Ankura.

The UAE is the Middle East’s leading financial center and a global hub for trade, particularly in gold and precious metals. This large presence in the global financial system makes it a target for financial crime, especially being a transit point for illicit funds.

Over the past few years, as part of efforts to further combat this threat, the UAE government has made significant progress in aligning with global Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) standards, largely by improving the robustness of the country’s legislation.

Muthmainur Rahman, Jonny Davies, Ankura

Improve compliance programs

With the government’s increased focus on AML and CTF compliance, financial institutions must ensure that they continuously develop and improve their compliance programs. One of the most effective ways to do that is to leverage the strengths of modern technology disciplines such as advanced analytics and artificial intelligence.

There are a number of compliance-related areas where fintech solutions can improve efficiency and results. Examples are:

Advanced transaction monitoring and network analysis
Traditional transaction monitoring systems use a set of static rules to identify money laundering behavior. The challenge with this approach is that complex money laundering patterns can be missed and a high number of false positives are produced which can strain the compliance team’s resources.

Advanced transaction monitoring systems use artificial intelligence, machine learning and network analytics to uncover and identify complex patterns in both transactions and customer relationships that would otherwise be difficult for human analysts to detect. In addition, advanced monitoring systems produce fewer false positive alerts and can provide a risk rating to the alerts generated, allowing professionals to review the most urgent cases first.

See also  FE News | Fintech 11Onze launches an open access website offering free financial literacy training for teachers

Automated customizable sanctions screening
Automated sanctions screening applications allow organizations to screen their customer base and transactions in real time against relevant sanctions lists. This allows compliance professionals to review the alerts generated for potential sanctions hits rather than spending valuable time manually checking each name against each of the selected sanctions lists.

These automated applications also make it possible to configure the underlying algorithms and similarity threshold to match an organization’s risk appetite and reduce the number of false positive alerts produced.

Streamlined customer due diligence
Traditionally, customer due diligence is a time-consuming process, while the introduction of new technology can significantly reduce this. Advanced analytics applications are designed to streamline the various phases that make up customer due diligence, from ID verification, negative news screening to checking device connections, so compliance professionals’ time can be better spent elsewhere in the organization.

When properly implemented, modern fintech solutions form an integral part of an effective compliance program. In light of the clear benefits of adopting advanced technical solutions to combat financial crime and improved regulatory control in this area, financial institutions (including those in the UAE) are increasingly turning to third-party fintech providers to build their internal monitoring systems.

In the past, it may have been possible for these systems to be built in-house. However, that is no longer the case given the need for specialists in areas such as machine learning and advanced analytics as well as the AML/CTF expertise of compliance professionals.

Third-party tools – reduce risk

While third-party applications can undoubtedly help financial institutions implement robust compliance programs, there is a risk that costly problems can arise if used incorrectly, especially if the provider and financial institution have failed to communicate effectively.

All over the world, there are many examples of breaches by financial institutions due to misunderstandings of the scope of used solutions provided by suppliers or miscommunication between the parties about what the solution implemented by the supplier needs to achieve.

See also  FINANCIAL INNOVATION FOR EQUITY AND OPPORTUNITY

Risk management between supplier and financial institution must be managed in all phases of the software life cycle. Relevant considerations for both parties include:

Implementation
Has the application been installed correctly? Does the system work exactly as expected? Has the assignment given to the supplier been fully fulfilled by the application installed?

The risk of inadequate implementation can be managed by ensuring that the financial institution provides a comprehensive overview to ensure that the supplier has all the relevant knowledge (including an understanding of how the institution operates) to develop and implement software that is tailored to meet the institution’s specific needs.

Once the implementation is complete, a full audit of the application should be performed by the institution in collaboration with the provider to identify any issues.

Updates
Are updates checked before they are deployed? Do the updates change the scope of the application?

As above, communication between the organization and the supplier is important. The impact of updates should be fully understood and accepted by both the compliance and IT departments before they are deployed, and the impact confirmed once deployed.

Settings
Has the financial institution been made aware of the impact of changing the application’s settings?

Many applications, such as applications for automated sanction checks, have settings that can be changed to reduce the number of alerts produced. Institutions should ensure that they are aware of and understand the impact of changing such settings. For example, increasing the threshold for ‘similarity’ in an application for sanctions control will reduce the number of alerts produced.

But the downside of doing so is a risk that true positive matches may be missed if the threshold is set too high. The decision to change the settings of a sanction screening application depends on a number of factors, including the organization’s risk appetite and the specific circumstances under which the sanctions lists will be examined. Any decision must therefore be assessed in the light of these factors.

See also  Singapore is deepening fintech relations with the UK through a fintech, regtech and wealth management bridge

The examples above are just a few of a number of scenarios where vendor-supplied software can expose a financial institution to risk. Omissions or oversights in software can often result in financial institutions paying a high price from purchasing additional/replacement software to, in the worst case scenario, being subject to enforcement by regulators as a result of compliance failures resulting from misuse of software.

An independent view

One way to mitigate the risks outlined above is to engage with independent experts on a regular basis who are experienced in interrogating and assessing the suitability of compliance applications from an impartial perspective. These experts can identify and advise on shortcomings in the functionality of the application and suggest ways to improve or adapt the application to suit the individual institution’s specific needs and circumstances.

Using external experts reduces problems likely to arise if you conduct a review in-house, such as bias, available staff bandwidth, and lack of specific skills and experience.

In short, when used correctly, vendor solutions can improve financial institutions’ ability to effectively and efficiently combat financial crime. However, financial institutions should not be unaware of the inherent risks that arise when they rely on vendor solutions. It is essential that thorough risk assessments and performance testing are carried out throughout the life cycle of the technology, ideally by an independent expert.

About the authors: Muthmainur Rahman is Senior Managing Director at Ankura in Dubai, where Jonny Davies is Senior Associate.

Related posts:

  1. Fintech’s view of the BoE’s rate hike
  2. OPTASIA Among TOP 25 MIDDLE EAST FINTECH COMPANIES ACCORDING TO FORBES MIDDLE EAST MAGAZINE
  3. Is China leapfrogging in fintech?, how AI is changing lending, and embedded lending with Finastra – Tearsheet
  4. FIS and Microsoft Top Annual IDC FinTech Rankings Top 100 and Enterprise Top 25; ServiceNow named winner of real results

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Headline Posts