In many ways, current best practices within the Financial Crime and Risk Management space seem to be preordained; the common wisdom of the industry seems sound, yet stubborn and immoveable. For many risk managers, it’s common sense that extractive industries or real estate brokers would present as high-risk clients, while medical equipment manufacturers or food service providers likely don’t throw up any flags. There’s a strong possibility that such an assessment is somewhat grounded in reality. Yet, underpinning this all is the experimenter’s bias; the observer-expectancy effect. Risk managers believe that they will find financial crime in industries traditionally considered to be high risk, and they likely will. Yet, what they don’t expect is illicit payments cleared internationally under the guise of medical equipment provision (Interpol). Risk managers are effectively left with results that conform to their basic hypothesis regarding where their risk exposures lie while neglecting to investigate those aspects of their business that do not conform to the traditional definition of “high risk.” Yet, the reality is that financial crime is pervasive, dynamic, and often exists on such a scale that even the most apparently safe industries and regions are open for exploitation. To ignore this fact is to ignore both the reality of financial crime today and the information resources necessary to stymie these illicit flows.
Challenging Common Wisdom
It’s no secret that the vast majority of financial crime goes undetected (UNODC). It’s this gap between the actual volume of illicit flows and those that are caught, that should be of the greatest concern today. Yet, when considering a path forward to bridge that gap, one will undoubtedly run into a wall built of overburdened compliance departments, and outdated technology. The fact of the matter is that this myopia is institutional. Regulatory guidance dictates where key risks are, and institutions focus on those risks. As a result, these areas are where most illicit flows are likely to be detected, thereby reinforcing the notion that these areas are the riskiest. Experimenter’s bias fundamentally occurs when expectations influence outcomes. It creates an obstacle to the discovery of new knowledge which, in this case, could enable the detection of a larger portion of financial crime globally. Criminals don’t exploit “high-risk” industries simply due to an adherence to tradition, but instead, they aim to exploit systems with poor controls and poor monitoring.
Compounding this problem, nearly all major risk assessments in banks today are carried out either manually or at best using relatively unsophisticated, dated technology. Given this dearth of resource availability, it makes sense that banks would concentrate on those risk-concerns where common wisdom dictates they do so, even if it’s to the detriment of other areas that could, in fact, be rife with financial misdoings. Yet without evidence to the contrary, and without tools to provide such evidence, financial institutions have no incentive to change their practices.
Readjusting Perspectives, Reallocating Resources
Contained within these unidentified flows is a data set that is likely a veritable treasure trove of information and a wealth of knowledge concerning new patterns of criminal activity, new information on how niche industries may be exploited, and most importantly, it contains the information necessary to successfully combat these financial misdeeds in the future.
What is required is a shift in the way that banks manage not simply clients and industries perceived as high risk, but more importantly their risk assessment, risk prioritisation, and resource allocation methodologies. Banks must be open to challenging their preconceived notions about risk and be proactively acquire new knowledge on the risk exposures they face.
In practice, this means:
- Undertaking holistic assessments of each aspect of an institution’s operations and controls, seeking out deficiencies in specific areas prior to finalisation of resource allocation decisions, and
- Continually assessing the institution’s risk exposure at every level, and ensuring that this assessment is derived from quality investigatory data analysis, and not simply rote memorisation of common wisdom.
While an institution’s controls around high-risk products may be top-notch, criminals may have no interest in exploiting these services, and these controls won’t stop a financial criminal from exploiting poorly monitored banking operations. As such, one should be able to identify the functional risk posed by every given industry or client-type for their specific financial institution. Anything short of that is a disservice to the institution and its customers.
Unfortunately, this is a relatively weighty ask for any single financial institution, regardless of its size. As such, the final component necessary to successfully push this paradigmatic shift would be the aggregation of risk data at the supra-institutional level. With this data in hand, banks could not only identify weaknesses in their control frameworks but through the implementation of lessons learned from substantiated risk events and control weaknesses, either locally or at other institutions, they could begin to develop an understanding of both regional and international criminal patterning as it concerns their specific business operations.
Elucidate Built the Solution Already
Of course, bespoke assessments are costly and time-consuming. Luckily, at Elucidate we’ve created a solution. Instead of using outdated and costly methods of risk evaluation, Elucidate has developed the Elucidate FinCrime Index (EFI), a platform that leverages machine learning capabilities towards objective and holistic data-driven assessments of financial crime risks. As an automated system, the EFI alleviates the burden of long, drawn-out assessments, and allows risk managers to reorient their resource expenditures towards the development of a more proactive control framework. Yet, most importantly, the EFI provides a view on your risk profile that is unique to your institution but derived from learnings from all institutions.