With a constantly evolving threat landscape and changing regulations, modern-day Chief Compliance Officers (CCOs) face a demanding set of challenges.
It is not only about understanding regulations and laws – today’s CCOs need to be agile and able to leverage technological solutions while building solid interpersonal relationships. They must embody leadership and communicate clearly and with conviction to establish a healthy compliance culture, combining age-old techniques with modern data-driven strategies.
Back to Basics
Successful CCOs must first build a strong foundation. Despite the rapidly changing nature of the compliance setting, it is still essential to get the basics right by strengthening some occasionally overlooked fundamentals.
Financial crime risk assessments are a valuable tool in risk management, capturing external and internal factors. Despite the obvious necessity, regulators have recently pinpointed inadequate risk assessments as a common weakness for financial institutions (FIs).
For example, the Financial Conduct Authority (FCA) warned of poor business-wide risk assessments that lacked detail on financial crime risks, and generic customer risk assessments that lumped money laundering and terrorist financing risks together.
Establishing a management information (MI) framework is essential for overseeing financial crime risk and communicating it to stakeholders. Ideally, it should encompass strategic, qualitative and quantitative indicators.
Tips for developing an MI framework:
- Avoid overreporting with too many data points. What information is actually useful?
- Use strategic qualitative and quantitative metrics
- Consider the best intervals at which to assess and report MI
- Deliver information to the board in a straightforward and transparent manner
Know Your Customer
Know Your Customer (KYC) is an essential regulatory requirement that has seen substantial opportunities for enhancement from technological advancements. FIs are obliged to undertake ongoing due diligence throughout a business relationship and ensure that documents, data and information collected are kept up-to-date and relevant.
In recent years there has been a significant push towards automation, encouraged by heightened awareness of risk and the COVID-19 pandemic, which disrupted existing processes and exposed staffing challenges. FIs have increasingly turned to technology as a vital tool for effective due diligence and achieving perpetual KYC.
Perpetual KYC uses technology and automation to monitor customers, encouraging a proactive rather than reactive approach to due diligence. Customer information is refreshed based on specific triggers, events, or behavioural patterns.
This approach can better capture risk in real time, without unnecessarily bogging down staff. While this ultimately relies on mature data availability and management, beginning to move towards automation and perpetual KYC is an essential strategy for tomorrow’s CCO.
Using Data Effectively
The effectiveness of many newly adopted technologies, such as those that use artificial intelligence, relies on data quality. Having relevant and robust data is necessary to provide accurate and useful analytical outputs.
As the need for robust, quality data rises in importance, the CCO must increasingly have the quantitative skills required to interpret it. More and more, compliance teams will benefit from understanding data modelling, defining thresholds, data management, and statistical analysis.
Data and data analytics can assist with driving efficiencies, reducing costs and improving decision making. To support operational effectiveness, the use of AI, machine learning, and automation can help reduce alert backlogs, often suffered across key areas such as Politically Exposed Persons, Sanctions, and adverse media.
Data analytics can be used in screening to reduce the number of false positives and allow analysts to focus efforts on true matches. Furthermore, anomaly detection through a combination of behavioural profiling, real-time detection scenarios, and predictive analytics can help improve the accuracy of results.
While the CCO is ultimately responsible for establishing a healthy compliance culture, they do not operate in isolation. A considerable part of compliance leadership involves relationship building. Setting the foundation for how business teams and controls functions engage across the organisation requires establishing strategic partnerships.
Another instrumental component is language. Effective communication means telling business heads that they need to accept the risks identified, rather than portraying them as threats that can be eliminated.
Staying Ahead of the Curve
In a fast-paced world where geopolitical and regulatory changes are inevitable, CCOs must keep their finger on the pulse of emerging threats and changes so that they can act quickly and, wherever possible, proactively.
As new threats and regulations emerge, the CCO must be able to shift priorities at a moment’s notice. Ultimately, regulatory change and requests from authorities take precedence over priorities for the business.
There is no better example demonstrating the need for extreme adaptability than COVID-19. In the last few years, online digital banking and payment processing has skyrocketed, providing a wealth of opportunities for fraudsters – statistics show that fraud risk in the UK has surged by 24% since the outbreak of COVID-19.
In a rapidly changing environment, tomorrow’s CCO must tackle new threats with agility, strong leadership, and contemporary tools, technology and data.
Getting the basics right, developing and understanding available sources of data, and communicating effectively, while keeping a level head, will ensure any CCO is on a solid footing to lead their organisation safely through a complex and demanding world.
By Gabriel Hopkins, Chief Product Officer, Ripjar.