FinTech should take advantage of the lessons learnt the hard way by established correspondent banking institutions, avoid repeating history and emerge stronger.
Established financial organisations have been battling the challenges of financial crime risks within correspondent banking for years, but in the last three to four that focus and complexity has increased as international regulators have rightly raised the level of oversight and enforcement. Collectively the fines have run into billions of dollars and have severely affected a number of international household banking names.
We would not be the first people to say FinTech and new payments technology are the new kids on-the-block with the ability to disrupt the status quo, improve financial inclusion and drive efficiency but there is also a need to learn the hard lessons of their forefathers in correspondent banking. Here are a few areas for consideration:
Understand the financial crime threats your business faces – and we mean genuinely understand them! Are sanctions a concern because of the type of products you offer, or the markets you cover? Or is money-laundering the primary concern because you’re operating in markets with limited transparency and weak legislation in the anti-money laundering arena? Understanding threats, and the risk they pose (the likelihood and impact of those threats materialising) is crucial to determining the next steps you take and should, in all truth, influence your overall strategy.
Define and understand your risk appetite – once you’ve understood the threat landscape, define what and how much financial crime risk you can realistically manage and what will you do if it is exceeded. This will help shape and refine your strategy.
Clearly understand your business strategy – use your knowledge of financial crime risks and overall risk appetite to set a cohesive strategy and monitor that it is working. You can’t blindly onboard or target new sectors, customers or markets without considering the impacts on your risk profile. Go into those decisions with your eyes open.
Understand your network and its constituent parts – who are you doing business with, who provides you with services or facilitates your business, do you use exchanges, what financial crime controls are they applying and does your network pose any risk to you, your concept, product or reputation. Understand the core components of your internal (affiliated) and external network and the risks they pose.
Identify and monitor the high risk parts of your network – once you understand your network and its components, identify those areas that are likely to present or incur financial crime risk and monitor them.
Don’t just trust what people say – make sure your have due diligence and assurance processes in place to identify when things in your network start to go wrong and standards are not being adhered to.
KYC, KYC, KYC – know your customer and understand what they should and actually are doing. Is it your customer or a customer’s customer? Do you know what KYC they have done? Effectively monitoring transactions, payments, transfers or associated deviations requires knowledge of the expected to recognise the abnormal. We don’t want to be too regulatory focused here but you really need to think carefully about what it is is you need to know about your customers.
Understand what is normal and monitor for any deviation – do you expect to see a high volume of transfers or payments to high risk jurisdictions, locations or customer groups? Has there been any increase or significant decrease in flow volume or value? You would be surprised at how rarely this is done effectively but can be one of the best indicators that something is going wrong.
Some of the points above seem obvious but the background for each is based on actual organisational failings evidenced in multiple publicly available documents such as the various Deferred Prosecution Agreements against international banks. There are hugely exciting opportunities to leverage developments in the FinTech and payments space to solve critical financial inclusion, transparency, efficiency and sustainability issues, but without learning from past experiences, and getting a grip on risk management early on, none of these opportunities for true disruption will be realised.