Maintaining Strong BSA/AML and Fraud Programs During Digital Transformations

The digital transformation trend continues to gain strength, with more financial services providers (FSPs) launching and accelerating digital strategies to enhance operations, grow, and compete. As financial services are reimagined, FSPs need to ensure that their financial crime compliance and fraud management programs remain robust and effective. Otherwise, the risk is that their new channels, products, customers, markets, and digital processes will create more opportunities for fraud, money laundering, and other crimes while also impacting compliance operations.

Specifically, the surge of new digital and mobile banking products and channels, digital wallets, digital asset transactions, contactless payments, multi-currency accounts, and other innovations brings its own set of challenges for FSPs when managing the risk of scams, illicit crypto transactions, money laundering, and sanctions violations. FSPs’ BSA/AML and fraud programs need to keep pace, requiring an ongoing evolution of risk assessments, compliance operations, resource capacity, training, risk management processes, and governance.

The Race to Go Digital

Globally, customers are increasingly using their digital banking and payments apps to manage their finances. Customers—especially younger generations—expect to be able to open an account or get approved for a mortgage through digital applications without ever entering a branch or talking to a banker on the phone. In turn, banks have begun to offer fully digital onboarding and services that require little to no in-person interaction. This is just one example of how the desire for increased market share is driving FSPs to expand their digital processes, products, and services. During this digital transformation, strong and effective financial crime compliance and fraud management should remain top priorities and not get lost in the rush to market.

Preventing Digital Transformation Pitfalls

Digital transformations can involve a broad set of improvements ranging from technology upgrades, to the optimization of data, processes, and operations, to the introduction of new digital products and services. FSPs are quickly embracing digital technologies and embarking on complex transformations.

Digital transformations often require changes over an extended period of time. If not properly managed, a transformation can cause inefficiencies and increase the risk of weaknesses in compliance programs due to potentially unsuccessful change adoption, inefficient compliance processes, and inadequate risk coverage. In addition to impacting operations and customer experience, a mismanaged transformation can result in significant regulatory costs due to noncompliance and remediation.

FSPs can minimize obstacles and negative impacts by taking a holistic view of the transformation process and engaging all the key functions, including compliance and risk management, from the strategic planning through post-implementation phases. Establishing a cross-functional transformation team and strong communication strategy can help ensure the collaboration and governance needed for a successful transformation.

Infusing Compliance into the Transformation

As the roadmap is being defined, compliance and risk management functions should support the transformation in identifying and assessing process, people, data, and technology implications. The transformation team can facilitate this by:

• Involving, engaging, and communicating
  Digital transformation project plans must involve the compliance and risk management functions from planning to execution:
  • To actively participate when defining strategy, milestones, and timelines.
  • To identify any impact to compliance operations’ processes, capacity, and training needs.
  • To provide insights, data, and advice on potential risks, limitations, and resource needs.
  • To be aware of, prepared for, and engaged in the upcoming changes.

Early and ongoing engagement of compliance and risk management will allow these functions to understand the transformation strategy and plan for updates to risk assessments, policies, controls, process flows, documentation, customer risk rating, and training programs, among other areas.

• Engaging trusted partners 

  Trusted partners, including experienced consultants, can provide expertise and guidance, as well as insight into industry best practices and preventable pitfalls, at each step of the transformation.A trusted partner will provide support in identifying and assessing compliance and risk management impacts, designing updated processes, and guiding technology and other functions as the transformation is defined, required supporting skills are identified, and resource building takes place.

• Creating change with harmony 

  Transformation should be planned and driven to encompass changes and activities regarding processes, people, data, and technology. Transformation should not only paint the future state for all four of these areas, but also should assess and outline the impact and changes that need to occur, including the identification of who will be responsible and who will make needed decisions, the establishment of feasible timelines, and the identification and resolution of resource needs and dependencies. The use of data analytics and management reporting can help identify risk areas, capacity pain points, and other issues. With the right stakeholders, engagement, and information, FSPs will be able to establish a project plan that will set the transformation up for success.Effective and timely communication is just as important as planning. It is critical that all the involved functions are aware of what any change means to them, the benefits that are expected to be derived, what will be needed from them, and how they can prepare for the project.

  A well-designed transformation team will ensure governance and effective communication, stakeholder engagement, and accountability. Additionally, it will ensure coordination to eliminate roadblocks, monitor, and report on progress against the plan.

• Thinking big and building in phases 

  Transformations involve significant, continued, and coordinated efforts from multiple functions. Achieving the ultimate goal of a digital transformation will be more feasible with the introduction of phases to the project plan that allow for effective change management and adoption, with minimum disruption to operations.A phased execution approach also provides opportunities to:

  • Identify legacy systems that can be modernized to support sustainable change,
  • Find opportunities for process optimization through the use of available tools like robotic process automation (RPA), artificial intelligence, and machine learning (AI/ML), and
  • Ensure that implementation and go-live phases do not disrupt compliance and risk management activities.

Actions to Reduce Financial Crime Risks During Transformation

Specific actions that compliance and risk management functions should take to minimize the financial crime risks of digital transformation include:

• Review the digital transformation plans, workflows, process flows, technology architecture, data analytics, and reports to identify BSA/AML, fraud, and compliance risk implications.
• Develop new and updated BSA/AML and fraud management processes based on the transformation plan.
• Assess compliance and risk management capacity, structure, and training needs vis-a-vis increased and new demands.
• Update risk assessments to identify new and changed financial crime risks resulting from the transformation.
• Assess technologies, including Transaction Monitoring (TM) model coverage assessments and validation, as well as the adequacy of the existing customer risk rating model.
• Assess the current BSA/AML data and technology architecture to ensure it will remain effective during and after transformation.