What are the hot topics for Accuity at the moment?
Over the past few years we have seen a number of compliance and regulatory factors combine to promote trust and confidence in financial markets. However, some have had unintended and negative consequences. For example, the combined impact of rising anti-money laundering/combatting the financing of terrorism scrutiny, personal liability, and the adoption of risk based approaches has been de-risking—the act of removing products or services from certain regions and sectors such as correspondent banks or Money Services Bureaus.
What we are now seeing is a move where banks are trying to understand the real nature of risk that an entity represents, and make a judgement at that level, rather than at a broad-brush sector or regional level. These broad-brush decisions had been based on top-level view of risk, say, at a country level but clearly, within those regions deemed high-risk, there are low-risk and profitable business opportunities to be had.
At the heart of this decision making is the need for banks to really understand the granular nature of risk that a specific client does or does not represent and have confidence in that view so they can make the decision as to whether they should do business within them.
For me, it is interesting to see this shift in how compliance professionals are looking to use information and technology more effectively to make better risk-based judgements on who they should do business with.
How do you tackle this kind of risk management?
There are two key aspects that banks need to bring together in order to get this true picture of the risk an entity represents to their business. There is a need to access a wide range of data, content and information, and then use technology to identify where, within that broad corpus of information, there are any red flags—direct or indirect risks that would influence the decision to do business with a client. Allied to this is the importance of integrating a bank’s policy into how they are defining risk so that this information, once identified, is presented in the context of a particular policy.
For us, it comes down to know-your-client (KYC), and three questions. Do I know who the client is? Can I do business with that client? And should I? The first question is about the data points you need—that’s relatively straight forward.
For the second, you have to ask whether there is any reason you cannot do business, for example a sanction or control order. However this could also include things like a narrative sanction, and this is where it gets quite subjective. For example, it may be forbidden to do business with 20 banks and a handful of individuals, but also with any entity they have a controlling stake in. It can be difficult to find out who these entities and subsidiaries actually are.
Finally, when asking whether you should do business, you can go so far as to consider a fine for tax fraud ten years ago. If that a material risk or not? It’s a judgement call. And any level of subjectivity makes KYC quite a difficult task. In relation to financial counterparty KYC, Accuity provides a ‘single source of truth’, which can be supplemented with additional information in order to create a ‘risk picture’, allowing for trust between financial counterparties.
If we look at this in relation to payments then, while there are two main parties, there are actually many parties involved in the payment chain—‘nested counterparties’. You have to trust that everyone in that chain is working to the same standard of risk assessment and KYC. The chain is only as strong as its weakest link.
There are some challenges at the moment, because there is a real disparity across a global standard for this risk assessment.
How do banks gather the data for this decision-making?
Accuity provides data and information for this, but that data must be tied into the bank’s own policy. The information picture will be different for each bank and each policy, and the challenge is to find the technology to do that. As the market has matured and data assets have developed, we have had to decide which parts to automate.
Another method is the use of KYC utilities to outsource the creation of KYC reports for re-use, however there are still problems they don’t solve. They may play a role, but at the moment there are issues around the business model. A collection of documentation that is provided once and then available to anyone will not necessarily meet the requirements of different banks’ policies. Each bank could end up with incomplete data anyway. Also, to do this on a large enough scale, with a decent refresh rate, will be time and cost intensive.
Also, KYC utilities introduce an easy switch mechanism for the client, making it very easy to move between sell-side opportunities. The proposition is good, but now institutions are looking for a better way of doing it, where they have more control—exacerbated by factors such as personal liability —but also where they have the best of both worlds. They don’t want to do the heavy lifting on the information, but they do want it within their own operations.
Data and compliance issues used to be the domain of IT departments. Are you seeing more interest now from the decision-makers of the business?
There has been a big shift, and it has been very interesting for us. We do a lot of innovation work and project development with our clients, and they are starting to demand more control and assurance functionality with very clear decision support and information on demonstrating that controls are in good health rather than relying on a manual translation of this from the technical or operational teams.
A bank might have its technology and operations teams connected, but there also has to be a reliance on other teams, such as audit or change management functions to give this real confidence that there is line of sight from the regulation through to the actual systems and process within an organisation. This means the bank ends up reliant on a very manual process, and that is likely to lead to errors.
Personal liability is forcing innovation in compliance and negating the ‘wilful blindness’ that might once have existed. With the maturing of the compliance role as a profession in its own right, with status on the board, and only recently are senior figures in a business signing off with liability. Now, compliance officers and heads of operations want all the decision support information that proves their compliance operations are in good health, because they’re the ones who are liable.
This is now why we find that a significant amount of our research and development is now focused on developing dashboards that provides that visibility and translation, and to a different audience than before.
What are you most looking forward to at Sibos?
There are some fantastic sessions with some good panellists and speakers, but what I really like about any conference is speaking to clients in relation to the topics discussed.
On a panel you can get two or three people with strong points of view, who may or may not agree. I am always interested to see what clients make of the discussion, as that gives us a sense of what they want and what they’re concerned about. That validation from clients, and spending time with them, is a great opportunity.