In a world where regulations shift as rapidly as the tactics of those who seek to undermine them, staying still is not an option. This reality check and its implications was the focal point of a recent RegTech Insight webinar hosted by A-Team Group and sponsored by Saifr that brought together a panel of industry experts to discuss Effective due diligence, screening and monitoring to mitigate financial crime risk. The expert panel comprised: Dan Auciello – CAMS Chief BSA Officer and Head of Financial Crime Compliance, Bank of China. George Stein – Compliance & Operational Risk Manager, Surveillance Strategy F&O+Derivs, Bank of America. Loren Schwartz, Senior Director, Capital Markets Regulatory Technology at CIBC Capital Markets and Jon Elvin – Strategic Risk Advisor, Saifr.
The conversation kicked off by highlighting the foundational aspects of building a strong risk management framework, setting the stage for a deeper dive into the challenges and solutions that firms must consider as they navigate the complexities of compliance in 2024 and beyond.Building a Solid Foundation: Governance, Workflow, and Data Management
“A healthy framework involves understanding core products, services, and customers… and ensuring proof points from the actual performance of controls,” noted one panelist.
A strong governance framework is the backbone of any effective compliance program. The panel highlighted the importance of having a thorough understanding of the core products, services, and customers that a financial institution serves. This understanding forms the foundation for a comprehensive risk assessment, allowing firms to pinpoint areas of potential vulnerability.
The panel stressed that governance cannot be a one-time activity but must be embedded into the operational fabric of the institution. Proof points, such as metrics and performance indicators, should be regularly evaluated to ensure that controls are functioning as intended. Without this ongoing governance, a firm can quickly lose sight of critical risks.
However, governance is only part of the equation. Well-designed processes and workflows are essential for maintaining a seamless process of risk identification and mitigation. As another panelist warns, “Complacency is the enemy.” Simply using the same software as everyone else is not sufficient to meet the demands of today’s regulators.
Firms must stay on top of not just technological updates but also regulatory shifts and the specific areas of focus that regulators are emphasizing. Regularly updating workflows and adapting them to align with evolving regulations, such as those issued by the Department of Justice or the CFTC, is critical for staying compliant.
The panelists also noted that collaboration with peers and participation in industry conferences can provide valuable insights into current best practices, helping to ensure that governance, risk and compliance (GRC) workflows remain effective in a dynamic regulatory environment. “Risk assessment isn’t a one-time activity—it’s continuous. The business landscape, client profiles, and regulations are always changing,” said one panelist.
In addition to governance and workflow, data management plays a fundamental role in helping to ensure a risk management framework’s effectiveness. One panelist pointed out that the quality of data flowing through an organization’s systems is key to staying ahead of potential threats. Without high-quality, accurate data, even the best risk management framework will struggle to keep up with changes in the regulatory environment or shifts in the business landscape.
The panel underscored the critical need for data controls and governance. Inaccurate or incomplete data can lead to flawed risk assessments, making it difficult for firms to identify emerging risks or demonstrate to regulators that they are staying on top of compliance requirements. “Without controls around your data, you’ll always be a step behind,” emphasized one panelist, highlighting the need for rigorous data governance practices to help ensure that data for risk assessments are reliable and complete.
The discussion touched on how data integration across various systems and functions is crucial for maintaining an up-to-date view of risk exposure. Panelists stressed the importance of seamless data handoffs between departments, ensuring that information flows efficiently across the entire organization. This is especially important in areas like Know Your Customer (KYC) and Anti-Money Laundering (AML) processes, where incomplete data can lead to compliance gaps.
By continuously addressing gaps in data management infrastructure and maintaining a strong opinion on data domains, financial institutions can create a more agile and responsive compliance program that better manages the complexity of today’s financial crime risks.
The consensus was that relying on an annual or semi-annual risk assessment is no longer sufficient. Financial institutions should consider adopting a mindset of continuous risk monitoring and reassessment, using real-time data and insights to adjust their controls as new risks emerge. This proactive approach helps ensure that firms remain compliant while minimizing exposure to financial crime risks.
Embracing Agility in Compliance: Adapting to Evolving Threats
A key point raised during the webinar was the need for an agile compliance framework that addresses the evolving nature of financial crime. One panelist emphasized the importance of “a proactive threat intelligence framework that looks across the entire firm… It must include cyber, fraud, and AML.” By adopting a holistic approach, organizations can better monitor vulnerabilities and adapt to emerging threats.
Proactive reviews can also play a significant role in maintaining due diligence. The panel highlighted the importance of external data sources to help stay ahead of potential risks. “Proactive reviews, using data from subpoenas, industry trends, and negative news, are crucial,” said one panelist. This forward-looking approach helps firms identify and address issues before regulators step in. Documenting these reviews thoroughly not only strengthens internal controls but can also demonstrate to regulators that the firm is taking a proactive stance in managing risk.
Harnessing AI in Due Diligence: Transforming Compliance Processes
The panel explored how AI is beginning to transform compliance, although its adoption is still in the early stages. One panelist pointed out that AI’s primary value currently lies in improving efficiency: “We’re in the early stages of AI in compliance. Business process automation is improving workflow efficiency, allowing investigators to focus more on decision-making.”
AI can enable compliance teams to shift from repetitive tasks to more complex risk analysis, helping to enhance the decision-making process. Discussion continued around the potential of natural language processing (NLP) and generative AI. While generative AI is still developing, the panel acknowledged its growing role in helping analysts manage large volumes of text. “NLP is definitely more widely applicable right now, while generative AI is still in its infancy,” said one panelist.
The webinar then addressed the challenge of bias in AI models. While difficult to eliminate completely, managing bias in AI is essential for maintaining fairness and accuracy in risk assessments. “It’s difficult to eliminate all bias, as it can enter at different stages—from the coder, the model trainer, or the data itself,” explained one panelist. Ongoing model retraining and careful monitoring are necessary to help ensure balanced and effective performance over time.
Key Takeaways: Strategies for Strengthening Compliance Frameworks
As the panel wrapped up, each panelist offered practical advice for the months ahead. One emphasized the importance of focusing on outcomes: “First, focus on repeatable and explainable alert outcomes.” Ensuring that alert systems are consistent and transparent is crucial for maintaining regulatory compliance and building trust within the organization.
Another key takeaway was the need for a holistic approach to compliance. The panelists discussed the importance of integrating compliance efforts across all risk areas, from AML to fraud prevention. “Aim for a more holistic approach to compliance,” advised one panelist. This broader view can help firms better manage interconnected risks and stay ahead of potential threats.
Finally, investing in technology was highlighted as a critical priority. A panelist suggested that firms should “invest in pattern recognition technology,” which can help identify emerging risks more efficiently and help reduce reliance on manual processes. By embracing technological advancements, organizations can better adapt to the evolving regulatory landscape and help enhance their compliance frameworks for the future.
By adopting these strategies, firms can not only meet current regulatory demands but also position themselves for future challenges—a journey made smoother with the right technological partners.
Listen to the webinar in full here and find out more about how Saifr is transforming compliance, check out their though leadership here – saifr.ai/blog.
View our full agenda and sign up here or register below.
Subscribe to our newsletter
