The disruptions that affected all industries in 2020 will forever reshape the financial services industry. With such changes come regulatory and public policy challenges and concerns, which in 2021 will begin to inform the future, altering our view of the course to take.
Here, from the KPMG report Ten key regulatory challenges of 2021, we share insights related to fraud and financial crimes.
Financial institutions face challenges to enhance financial crimes prevention and detection capabilities while meeting their obligations to provide information to key regulators. Regulatory comments ask for better quality suspicious activity reporting versus a sheer volume of filings. In this environment, many firms struggle to augment legacy monitoring systems with artificial intelligence and other advanced detective approaches due to long implementation timelines.
Fraud concerns shifted due to COVID-19, and the operational flexibility to adjust detective and reporting processes to address emerging areas has required many institutions to shift more resources into fraud and financial crimes. PPP, unemployment, healthcare scams and other COVID-19-related schemes have emerged as key risk drivers, but significant uncertainty about the responsibilities of financial services companies remains.
While the respective regulatory pressures continue to mount, the mandate to meet those needs at a lower cost and with fewer resources is ever present—and growing with the emergence of FinTech competition with lower-cost business models.
Alignment of risk with capabilities. Regulatory expectations continue to increase to match program design to real world risks presented by customers, products, and geographies. Consistent with the pressure for increased quality in reporting, regulators are demanding evidence of how KYC programs influence detective capabilities and risk assessments, and vice versa.
Deployment of advanced technology. Financial services companies continue to experiment with different levels of automation and artificial intelligence but legacy data and systems problems result in long and rigid implementation timelines. Many firms struggle to move these capabilities out of the lab and into production due to data, governance, validation, and reporting issues. Moreover, accelerated rollout of contemplated central bank digital currencies will require redesign of existing technology capabilities and operational processes.
Continued emphasis on sanctions. Economic sanctions continues to be a significant area of focus as the volume and complexity of sanctions programs grow globally. Many firms struggle to align sanctions detective and alert management capabilities to the need for faster or instantaneous payments and digital currencies. Legacy technology solutions result in high volumes of false positives and require significant manual intervention, thereby impacting processing times.
Exposure to COVID-19-related frauds. The regulatory expectations have increased for firms to detect and report suspicious activity related to COVID-19 relief program frauds and other emerging threats. Potential fraud and financial crime profiles have shifted due to COVID-19 with significant increase in medical scams, imposter scams, money mules, unemployment insurance, and cybercrime. Losses from these frauds are not strictly financial, with reputational damage and customer friction as significant concerns. Ongoing and after-the-fact reviews of COVID-19 relief programs for fraud are a significant, and emerging concern, especially in light of the sheer volume of the relief measures, and the speed at which they were necessarily rolled out.
Enterprise wide focus on fraud and financial crime. Regulators expect firms to measure and respond to fraud and financial crimes risks across business lines in a consistent and cohesive manner. Firms are challenged to work across functional silos in cyber and IT security, product-focused fraud, financial crimes teams, enterprise AML leadership, and regulatory reporting. Many firms may have to re-design their operational and reporting structures in areas that were traditionally separate functions.
Response to Cybercrime and Ransomware. Account take over, ID theft, bot attacks, and synthetic ID fraud continue to be major fraud risks arising from cybercrime and gaps in cybersecurity programs. Additionally, recent regulatory guidance, including red flag indicators, raised expectations that firms will file suspicious activity reports for cybercrime and ransomware payments using cryptoassets which may flow through the firm’s custodial or account operations.
Adapting to Cryptoassets. Competitive pressure from emerging FinTech companies and non-bank custodians is increasing the pressure for regulated firms to allow customers to hold cryptoassets in accounts. New charters for digital assets have been proposed at both the federal and state levels. However, most firms are not yet prepared to make the necessary changes to their financial crimes programs and technology in order to monitor and respond to the new fraud and financial crime risks presented by cryptoassets, both private (e.g., Bitcoin) and emerging government issued fiat digital currencies. At the same time, the emerging FinTech firms have been building more sophisticated compliance programs, including increasingly robust financial crimes compliance functions. DOJ recently released a report evaluating emerging threats posed by cryptoassets and the legal and regulatory tools available in the U.S. to confront those threats.
9 actions to take
- Align preventive, detective, and reactive capabilities with the risk profile of the company and its customers.
- Develop cohesive connections between fraud, cybersecurity, and financial crimes teams within all three lines of defense on a global scale.
- Design and build target operating models and responsibilities linking first and second line operations to remove internal friction and duplication of effort.
- Operationalize fraud processes and technology through integration of advanced technology tools, including enhanced analytics capabilities.
- Respond to rapid changes in threats with automation and new capabilities; integrate ethics and compliance efforts for scalability and continued sustainability.
- Develop financial crimes capabilities that are effective and suspicious activity reporting that provides adequate and meaningful information.
- Improve communication and collaboration across functional groups responsible for preventing, detecting, investigating and reporting potential fraud.
- Aggregate risks and losses across all business lines and develop appropriate metrics to monitor changes.
- Develop effective strategies for increased adoption of cryptoassets and the novel compliances challenges presented by existing and planned crypto and digital assets, particularly those with anonymous capabilities.