03/05/2022

7 ways challenger banks can rise to FCA’s call for more effective AML controls

In its latest reproach of the AML regulated UK financial service sector, the FCA recently published a report highlighting systemic failings among Fintechs and Challenger Banks to implement robust AML controls in line with money-laundering regulations.

Whilst some challenger banks were commended on their innovative use of tech to identity and verify customers, and manage risk at speed, significant weaknesses were identified in areas such as customer due diligence, enhanced due diligence and inadequate control frameworks that fail to keep up with changes to business models.

The FCA highlighted that fast onboarding processes synonymous with challenger banks could be particularly attractive to fraudsters looking to set up money mule networks and that insufficient information may be being gathered at account opening stage in favour of speed, leading to firms failing to identify high risk customers.

Clearly there’s a danger that this newer enclave of the UK financial services sector could be seen by criminals as the weak link and more needs to be done by the challenger banks in the fight against financial crime. The good news is that businesses don’t need to make a choice between fast, slick on-boarding and AML compliance. Technology and AI driven solutions can passively authenticate and screen customers with minimal friction to their journey.

In light of the recent findings from the FCA, LexisNexis Risk Solutions has compiled 7 steps that challenger banks can take in order to mitigate risk and effectively prevent fraud when accepting new clients.

1. Better use of innovative technology in order to identify and verify customers at speed

The FCA commended challenger banks on their increasingly innovative use of tech in order to on-board customers at speed, however, it is imperative that the technology used is just as effective at collecting the right data in order to mitigate risks. The tech identified by the FCA included non-traditional approaches to identify, verify and monitor customers – such as video selfies, mobile phone geolocation data, and photo images of the customer’s passport. 

In order to increase confidence when verifying an individual’s identity, whilst supporting a frictionless customer journey, a business needs to provide a multi-layered check, incorporating a variety of positive and negative datasets. Screening these individuals against a bespoke scorecard will enable challenger banks to identify risks and take action. Using technology such as LexisNexis® IDU®, it can help to verify and authenticate recognised identity documents, and identity risks.

Having the right controls in place helps to not only avoid the risk of enforcement action and possibly heavy fines, but also ensures that compliance teams remain efficient and effective in detecting financial crime, whilst maintaining a high level of customer experience.

2. Focus on implementing a risk-based approach to AML controls to obtain all relevant customer information

As with all financial crime compliance controls, the risk-based approach is key to success. this means implementing a proper risk assessment procedure that carefully and forensically assesses any potential financial crime risks related to both new and existing customers. In practice this means gathering as much information as possible on the customer’s activities, business operations, interests, geographies and what services they require. Well-documented policies and procedures are vital, and full training for compliance teams is essential.

The recent ‘Cutting the Cost of AML Compliance’, report published in association with Oxford Economics, analysed the costs of AML Compliance across the whole financial services sector in the UK. It analysed what is driving up these costs, finding that the biggest driver was in fact regulation itself. The results were staggering both in terms of the total amount spent on AML compliance (£26bn) and the fact that 70% of this is spent on people-related costs as opposed to slightly less than 30% on technology that can speed up and improve process efficiency. A copy of the full report can be downloaded here.

LexisNexis Risk Solutions also produced a helpful guide to the Risk-Based Approach for Financial Services Organisations which details the steps required to create a robust process. It can seem daunting, but an array of data solutions and technology are available to automate much of this activity so that analysts spend more time on assessing the risks and less doing repetitive low level information gathering activities.

3. Carry out effective enhanced due diligence (EDD) with confidence to evaluate risks instantaneously

Not all risk is equal and the FCA highlighted weaknesses in firms’ abilities to recognise heightened risk and apply EDD measures. EDD is resource intensive and can absorb a disproportionate amount of analysts’ time, especially in the present climate. Understanding and tracking sanctions changes, and following the complex web of sanctions evasion tactics is delicate and time-consuming work. Similarly, when a customer is politically exposed (a PEP), carrying out the additional due diligence measures and looking at, for example, adverse media and sources of wealth, is often challenging.

The solution is not to ‘Google it’, but to work with well curated PEP, Sanction and Adverse Media datasets. These, combined with the right technology, will transform your screening capability and release significant amounts of analysts’ time to focus on higher level tasks.

4. Build a thorough profile of your customers and evaluate their level of risk with customer due diligence (CDD)

The FCA found that, when onboarding new customers, most challenger banks are not obtaining relevant details about customer income and occupation, resulting in an incomplete assessment of the purpose and intended nature of a customer’s relationship with the bank. Without a complete picture of the risk associated with the relationship, transaction monitoring is far less effective.  

It is imperative to capture a relevant view of a customer’s risk across the relationship and carry out an effective KYC workflow throughout, not only at onboarding, but through the entire customer lifecycle. An integrated approach to KYC and CDD workflows can improve visibility into potential risks associated with financial crimes, such as money laundering and terrorist financing, whilst providing valuable insight into customer life events and changes. Combining this with machine learning, proven analytics and a global risk intelligence network will give you the most holistic risk-based approach possible to gain a deeper understanding of your customer.

5. Ensure that your financial crime controls remain fit for purpose as your business develops and grows

Also highlighted was ineffective management of financial crime change programmes leading to control frameworks being unable to keep up with changes to the business models and regulation. In other words, in their constant pursuit of growth and adaptation, challenger banks are neglecting to properly re-evaluate their approach and assessment of financial crime risks. The FCA will be watching closely hereon in to ensure that their defences against financial crime are fit for purpose.

The recent ‘Cutting the Cost of AML Compliance’, report published in association with Oxford Economics explored how firms are dealing with the need to interpret increasingly complex and ever-changing legislation to stay compliant.

“Regulation is becoming more complex, it is becoming more onerous, and I think one of the dangers is that it’s going to become so onerous or complex that businesses will stop buying in. There is more onus being placed on businesses to almost be all-seeing and all-knowing. And I think it’s in danger of reaching a saturation point if we continue down the line of more and more regulation.”

To keep up with inevitable challenges posed by both regulation and market competition, challenger banks seeking an edge would do well to explore orchestration platforms that seamlessly automate the financial crime management process end to end, as well as providing case management tools to manage difficult cases. Through this, challenger banks can create fast, bespoke journeys without compromising on the security or accepting unnecessary risk for the sake of a seamless customer experience.

6. Ensure that your business has the right controls in place for effective transaction monitoring alert management

As many analysts will tell you, alerts from screening operations, such as false positives, can quickly become mountains of work creating backlogs and absorbing large amounts of analyst resource. This is an area where technology in the shape of machine learning algorithms can be applied to deal with a high percentage of the routine alerts, freeing up experts to carry out the true investigative work.

Customer lifecycle platforms can help here too, bringing together all data sources, documents and other controls into one connected eco-system, achieving a highly efficient and seamless KYC and AML framework for both onboarding and ongoing monitoring.

Effective controls can not only avoid the risk of enforcement action and possible fines, but also ensures that compliance teams remain effective at detecting financial crime whilst maintaining a high level of customer experience.

7. Improvement of the quality of Suspicious Activity Reports (SARs)

An unfortunate side effect of tighter regulation is the increasing tendency for banks to exit a customer relationship due to a lack of information available to make a risk decision, on the one hand you could applaud banks for erring on the side of caution. Unfortunately, this practice also risks unnecessarily excluding people from the banking system – after all, just because there’s a lack of information, doesn’t mean the individual is risky.

The FCA highlighted the need to improve the quality of SARs reports, to explain why the transactional data is being marked as suspicious, what circumstances led to that individual being flagged and why the suspicious activity raised was of reasonable suspicion.

The fintech sector was built on the principles of universal access to financial services including those who may have a thin credit file or poor credit history. Providing more detailed SARs can help this cause further by highlighting the signals that point to high risk customers and ensuring the correct checks, controls and risk assessments are in place to identify them sooner.

LexisNexis Risk Solutions provides a suite of data, data analytics and technology solutions to design and create a robust framework that will combat money laundering efficiently and effectively thus protecting the business, its customers and all stakeholders from the impact and damaging effects of financial crime.