How to Build Your Flexible Anti-Financial Crime Target Operating Model


Regulators have recently issued huge fines to firms for having insufficient operating models. For example, Santander UK was fined £107.7 million for “serious and persistent gaps” in its anti-money laundering controls and wider operating model. Processes lacked operational clarity, teams operated in silos, and information was not sufficiently shared; failings indicative of an operating model not mature enough for its size.

Similarly, the cryptocurrency exchange platform Coinbase reached a $100 million settlement in the US because it failed to “build and maintain a functional compliance program that could keep pace with its growth.” With a rising backlog of over 100,000 unreviewed transaction monitoring alerts and suspicious activity reports filed months after the activity was detected - Coinbase’s operating model could not keep up as it grew and scaled.

Even firms that aren’t subject to formal enforcement action may be subject to other costly and disruptive measures. Intrusive and arduous, a significant number of firms in the UK have received a section 166 Skilled Person Review. The aggregate cost for section 166 work undertaken in the 2021-2022 financial year, including reviews in progress from previous years, was £37.7m.

These recent fines and costs illustrate the importance of having an effective operating model that adequately plans for the future: a flexible target operating model.


Target operating models: the basics


With the aim to ensure programmes continue to mitigate financial crime risks in the face of new challenges, many large financial institutions already have a target operating model in place. However, this shouldn’t just be the preserve of large institutions, it is fundamental for all.

A financial crime target operating model is the vital blueprint that ensures anti-financial crime processes, systems and controls are strategically aligned. It’s responsible for leading the prioritisation and coordination of an entire anti-financial crime programme and ensuring it stays risk-relevant and proportionate.

More practically, a target operating model typically includes the following elements:

Vision: Strategic direction of the company and compliance function, including financial crime risk appetite. 

Processes: All the actions taken in financial crime prevention, which are documented in policies, procedures, and desktop manuals. The policy and procedure framework encompasses organisation-wide guidelines for policy and procedure creation, execution, and clear instructions for amendments.

People: How your resources are structured across all financial crime functions and defining the structure of teams, including the three lines of defence. The organisational setup should clarify how different business lines and segments operate with one another. Additionally, team culture, people culture, and learning opportunities must be included alongside resource requirements.

Technology: The systems, applications, and data that support the compliance function. This includes solutions and tools for transaction monitoring, identity verification, customer monitoring, case management, etc. 

Governance, reporting and management information: Underlying the target operating model is a governance and management information structure. Tracking the success of a target operating model requires a good governance structure that receives clear management information flows from each area of the target operating model. Ultimately, a target operating model can only be effective with good governance and reporting.

 

 Flexible target operating models

While many financial institutions have a standard target operating model in place, it often needs more flexibility to remain truly effective in changing conditions. Flexibility requires a level of built-in adaptability, anticipation, and reactivity: as the risk landscape and regulations evolve, so too must the target operating model. 

Building a flexible target operating model requires regular review and comparisons against the financial institution’s maturity. Objectives and targets should be revisited and refreshed where necessary. For example, a firm undergoing remediation for compliance failings will have different objectives than a firm focused on operational efficiencies. 

Just as a firm’s entire anti-financial crime programme must be rooted in a risk-based approach, so should the target operating model. Flexible target operating models should be informed by the firm’s risk assessment so that it captures key risks and, like any risk assessment, is reviewed on a data-driven and regular basis. 

What are the benefits?

The benefits of a flexible target operating model are multiple and go beyond staying compliant. When a firm adjusts to meet changing risk factors, like regulatory changes or rapid increase in customer demand, a flexible target operating model should be able to identify areas where an anti-financial crime programme will be impacted or need more support in both the short and longer term. This allows management to plan ahead effectively and anticipate the areas requiring more support, whether hiring flexible support or employing technology tools.

The ability to anticipate and plan means financial institutions can be spared from costly last-minute capacity strains. Additionally, flexible target operating models can help consider how investments in technology infrastructure will serve the long-term, ensuring a better return on investment.

“It is clear from the tone of global regulators that maintaining a robust, effective and compliant anti-financial crime programme within regulated institutions is top of the agenda. Over the last two years, we have seen this focus extend from large legacy institutions to innovative financial services firms such as virtual asset providers, EMI’s and payment firms. To demonstrate you are robust, effective and compliant means you need to be able to explain how your AFC programme works. We continue to see time and again that firms build controls in a silo rather than viewing them in the context of their wider framework. It becomes disjointed and gaps and vulnerabilities start to appear, whether that be technical system deficiencies, or people or process shortfalls. Target Operating Model sounds like a grand word, but in simple form, it is about being able to explain how your programme works and why that is relevant to your business.”
— Robert Evans, CEO and Co-founder of FINTRAIL

 
FINTRAIL process

As businesses scale and internal and external conditions inevitably change, financial institutions must ensure their anti-financial crime operating models remain effective.  Here’s the proven FINTRAIL process to a flexible target operating model.

 

Step One: Explore and map the current model

Assessment of current operations and anti-financial crime programme capabilities, structure, and firm’s maturity. 

Step Two: Your strategic roadmap

Identify which elements must be flexible in the target operating model in order to align with your strategic business goals.

Step Three: Build your flexible target operating model

Build or refine the new target operating model across people, process, technology and governance while setting clear metrics and aligning with your existing compliance strategy.

 
 

 
FINTRAIL has proven expertise across financial crime prevention disciplines and brings that together under our advisory services to help clients review and build target operating models for the rapidly changing business landscape. FINTRAIL can help you build out your flexible target operating model so your financial institution can remain compliant and relevant for emerging challenges.

Free resources

Access free resources designed to help strengthen your anti-financial crime controls.

Partner with us

We love to support projects that combat financial crime -
get in touch to find out more.