The number one financial crime compliance risk is legacy tech.
At the recent ACAMS conference in Sydney, John Rayment, CEO Identitii spoke about the emerging threats in AML/CTF compliance alongside experts from CBA, Norton Rose Fulbright, ACAMS and NewEra Business Consulting.
It’s not new news but, the risks posed by legacy tech and manual processes were highlighted as the number 1 and 2 issues for AML/CTF compliance teams. It’s the same story across the globe. “Financial institutions are museums of technology dating back to the 1960s. The complexity makes it impossible to manage risk.”
Updating and maintaining these legacy systems is a mammoth, costly and risky undertaking so, instead businesses end up creating a complex web of spaghetti connections that are held together by incremental fixes. Which in turn, pushes critical processes into spreadsheets and email, further increasing risk.
And, this complex problem just got tougher.
Covid-19 turbo charged digital adoption and forced changes in how compliance teams work, demanding more of regulated entities than ever before.
According to the 2020 McKinsey Global Payments Report “the crisis has compressed half-decade’s worth of change into less than one year with shifts toward e-commerce, digital payments (including contactless), instant payments, and cash displacement have all been significantly boosted.”
This has created a chaotic environment perfect for astute criminals to exploit weaknesses in hastily adopted changes which have been required to keep pace with customer behaviour and new emerging payment flows.
This demand to remain competitive and the need to keep the lights on results in a dangerous mix of new technology, old technology, and manual processes – making it harder than ever for AML professionals to correctly identify and report IFTIs and SMRs.
Not only has the risk of financial crime increased the risk of financial crime non-compliance just got riskier…
Being able to effectively identify these new typologies of fraud and illicit activities with the technology constraints provides additional challenges to over-stretched compliance teams, unable to rely on bolstering their resources with external talent due to border closures.
Nevertheless, regulators haven’t taken their foot off the gas. In Australia, AUSTRAC reporting still must happen on time and the challenge remains for regulated entities to determine what is and isn’t reportable and ensure they able to report correctly to the regulator.
Financial crime compliance reporting still high on the board agenda
Research has calculated the total value of infringements paid by banks around the world was $19.9 billion in 2020, almost double the $11.8 billion the year before. Australia was the 2nd highest contributor by value to this. We expect more fines to come, with AML/CTF compliance an ongoing target for AUSTRAC. Getting it wrong has costly implications, with reputational damage, downward pressure on share prices and the potential of personal liability always on the minds of board members.
So what next…
When asked if there was a golden bullet when it comes to reducing financial crime compliance risk, John replied – “Innovation. Legacy systems aren’t going away quickly, but by innovating on top of them, regulated entities can significantly reduce the risk they pose to compliance. This is one area where RegTech’s can help, as their focus is often on creating purpose built solutions to specific problems faced by reporting entities.
“Legacy systems are hard. Payment platforms are new. There’s going to a huge growth in human population. As a result, more money is going to flow across borders. There will be more cross border payments and there will be more players. This all has an increase in risk but using RegTechs and cloud platforms could be the game changer."
If you’d like to talk to us about how we can help eliminate risk with automated financial crime compliance reporting request a demo today.