Tuesday 17 November 2020 4:56 am

Covid revealed that compliance is broken — now let’s build back better

Charles Delingpole is chief executive of Comply Advantage

We’ve all been a little lonely during lockdown, but a word to the wise — if a new match on a dating site asks you to transfer some money to them, don’t do it. It’s probably a fraudster.

Professional money launderers have been getting creative during the pandemic. With the usual avenues closed to them, they’ve had to move recruitment of “money mules” online. Dating sites are fast becoming a favoured approach, as are job postings for “financial transfer analysts”, among other things. 

And it seems to be working. While overall crime is down, money laundering is unquestionably on the rise, as are financial fraud attacks more generally. Experian reported a 33 per cent increase in fraud in the first month of lockdown alone.

Increases in fraud are common in times of crisis — disruption opens windows of opportunity, while financial pressure lowers inhibitions. That trend has been exacerbated in this particular crisis because so many businesses have been forced to move online, where it’s easier to commit fraud repeatedly and at scale. 

But perhaps the biggest issue is that while fraud attacks have increased, our ability to detect them has been thrown off completely. It’s a tough time to be working in risk and compliance.

We’ve been caught out by Covid-19 because most anti money laundering (AML) frameworks are based on examining an individual’s patterns of behaviour and flagging any changes to them. Since almost everyone’s spending habits have changed, businesses have found themselves faced with a slew of false positives, and no reliable way to sort good actors from bad. 

Compliance professionals have had to scramble to recalibrate their systems to respond to the new environment, but have come unstuck. Because of the configuration of some of these systems, there is no quick way to do it. Some frameworks can take up to six months to recalibrate, and that’s not time businesses can afford to lose when faced with the combined pressures of fraudsters, regulators, and a crashing economy.

This pandemic has proved that not only our tools but our whole approach to compliance is  in urgent need of revision. It transparently isn’t working. 

Fundamentally, fraud is difficult to catch. Money launderers aren’t stupid: they’re creative and diligent professionals who constantly change their approach to exploit weaknesses. They work hard at it, and we haven’t yet found the silver bullet solution to stop them. 

Effectively dealing with this mounting threat is expensive. While automated solutions help reduce manual overheads, they’re still complex to implement and maintain. But there’s no alternative. If controls and reporting aren’t to the satisfaction of regulators, businesses have to throw more money at the problem —  and face fines and reputational damage if they don’t fix it. 

On top of this, there’s the internal perception of compliance being a blocker to business growth, an impediment to user experience and primarily a tick-box activity. It’s a thankless task made worse by the fact that, too often, fraudsters still slip through the next anyway.

No wonder compliance professionals are fed up. But they can (and should) take this pivotal moment as the impetus for positive change. The general consensus among those in the compliance industry is that there must be a better way of doing things — and there is.

Broadly, there are two schools of thought. One is reform: to work with the data and the tools that we have, go back to first principles and start again. The other is to transform. If we’re unable to respond to the risk environment and have become solely focused on complying with regulation instead, we’ve lost sight of what we’re here for.

The good news for both camps is that it looks likely regulators will start to respond to their frustration with more concrete guidance. One of the biggest complaints compliance professionals have is that they’re bending over backwards to reach continually moving goalposts. 

In the US, regulators are already becoming more prescriptive. For instance, last month FinCEN and the Federal Reserve suggested changes to regulations that would lower to $250 from $3,000 the threshold for financial institutions to “collect, retain, and transmit certain information related to funds transfers and transmittals of funds”. Though it’s unclear yet how regulators will respond to Covid, the hope is they’ll follow this developing trend. Though only a tentative step forward, it’s already a marked improvement from the vague “encouragement to use innovation” that’s been offered thus far, and should start to  fix some of the systemic problems.

In the meantime, there are other, more immediate ways forward. Chief among them is investment in dynamic AML solutions that can rapidly adapt to a changing fraud landscape, such as the one we find ourselves in now. 

A lot of financial institutions are waking up to this fact too late. Not only is their tech slow and difficult to reconfigure, it’s also on-premise. In a lockdown, that accessibility problem is significant and putting them at a serious competitive disadvantage.

Even those that do use more nimble, cloud-based solutions need to get to know them better. A lot of teams treat complex tech stacks as if they’re plug-and-play. They aren’t. Financial institutions in particular aren’t great at running enterprise-wide risk assessments. They assume “factory settings” calibration matches their specific risk environment, and that leaves them exposed. Getting to know the finer details is a good way to generate higher level ideas and ensure systems are better prepared for the next crisis.

As compliance professionals know all too well, there’s always another one looming. The only way forward is to learn from the last. This crisis has exposed the existential issues in the way we currently conduct compliance. But with more structure from regulators and a more proactive approach to processes, we can fix them.

Fingers crossed that this uncertain landscape sees the compliance industry out of “react” mode, and able to respond more dynamically to risk.

Main image credit: Getty

City A.M.'s opinion pages are a place for thought-provoking views and debate. These views are not necessarily shared by City A.M.