On January 18th, Elucidate's founder & CEO, Shane Riedel, and Francesco Miccoli from Standard Chartered Bank, held a panel at the Europe Bank to Bank Forum organized by BAFT (Bankers Association for Finance and Trade) Europe
The goal of the session was to answer one question: Can a new model for pricing financial crime risk exist?
Below you can find a transcript of the panel.
– – –
FM: My name is Francesco Miccoli and I am the Head of Correspondent Banking for Europe and the Americas, and the Head of FIs for the UK, at Standard Chartered Bank. I am joined by Shane Riedel, the CEO of Elucidate.
Before we kick off, a few technical points: We will have a few pool questions which you will be offered through the conference platform, so be on the lookout for those. Additionally, we welcome questions and comments throughout the session using the Q&A feature. We will do our best to address your feedback as we go.
Standard Chartered has been working together with Elucidate for the past year to utilise a framework for the pricing of financial crime risk across our footprint markets. We are here today to present the results of that work, as well as to discuss how we expect financial crime risk pricing to change the way the market views and manages financial crime risk in correspondent banking.
When Standard Chartered approached Elucidate to build a framework for financial crime risk pricing, our intent was to achieve two key objectives:
- Fundamentally, to reduce financial crime by creating a market-based incentive, and
- To create transparency with our clients around our risk appetites, as well as a shared mechanism for improvement
So far we have been successful in achieving these objectives, though this will become even more so as we hope to launch this new capability in 2022.
But before we come onto the details, let’s start with a few pool questions to gauge the group’s views on the status quo. There are no right or wrong answers here; rather this is an opportunity to get a sense of how the group perceives the impacts of the existing approaches to financial crime in correspondent banking.
Pool question 1 is: Do you think there is a need to change the current approach to financial crime risk management?
We will give the group a moment to respond.
- Yes
- No
- Don’t Know
While we wait for the results of the first question, Shane would you like to introduce Elucidate and your corporate mission?
SR: Yes, thanks, Francesco. At Elucidate we like to say that our vision is to rid the earth of financial crime. We are a data science company building the market infrastructure required to ease financial crime risk decision-making. We do this through our financial crime risk benchmark. And we are regulated by the BaFin and ESMA for that purpose.
FM: To report results of the pool. Most responses indicate that you do see a need for a change or evolution in the way banks manage financial crime risk.
Shane, Elucidate deals with lots of banks and focuses on financial crime risk, so is this consistent with your experience?
SR: For sure. We like to cite the report from Refinitiv that said banks are spending, on average, around 3% of revenue to manage financial crime risk across compliance, operations and the business. In some banks, that number is far higher. We have encountered banks where 10% of staff are employed in compliance alone. This is clearly not sustainable, and that’s what we hear from the market.
There is a growing recognition in the market, as well as regulators, that throwing money and people at this problem is coming up against diminishing returns.
FM: Which brings us onto the next pool question:
What is the most relevant factor driving the need to change the approach to financial crime risk?
We offer four choices here:
- Changes in laws and regulations
- Banks’ need to use data to derive value
- Demand for objectivity from clients and counterparties
- Increase in the prevalence and impact of financial crime
Shane, you are a seasoned Compliance Officer and a well known and respected colleague. What made you to decide to leave the bank industry to set up your own company?
SR: Well, I would say I am a recovering Compliance Officer. But in any case, I think for me the decision to set up a technology company was driven by the realisation that no one financial institution can solve this problem, even with unlimited resources. This is a network-based problem and it requires a network-based solution. And that is what we are building.
FM: Results of the pool. Shane, is this what you expected?
SR: Here we see a much more even balance across options. And in reality, all of these factors are important in driving a change in approach. The status quo in financial crime risk management has few defenders – apart from criminals, I suppose.
Whatever choice people make, however, the reality is that the role of data in driving this change will be central. The market is becoming more and more complicated, and the introduction of fintechs and more lightly regulated entities in payments and trade creates a significant increase in financial crime vulnerability.
In short, the market is evolving, it is moving faster than ever, and there is a pretty broad consensus across banks and regulators, which is echoed amongst this group, that financial crime risk needs to evolve with the market.
Whether one selected the primary driver of change being the banks, the clients, the regulators or society, one thing is sure: Using your data is essential to sustainable management of financial crime risk.
We all talk about KYC; at Elucidate we talk a lot about KYD, Know Your Data. In the future we can no longer rely on qualitative data and manual analysis to determine financial crime risk exposure. The pure volume of data makes this impossible.
FM: So we all get that data is central, but let’s turn our discussion to the use of the data to create systemic change. When Standard Chartered approached this question, we started with the view that financial crime risk, like credit risk, should be accurately priced. If Standard Chartered carries more financial crime risk, the pricing should reflect that. This allows us to:
- Compensate for the increased cost of controls for high risk transactions, and
- Disincentivise financial crime risk by driving the cost to the source.
With Elucidate we sought to utilise our existing data set to enable such a repricing.
So let’s come onto how risk pricing of financial crime will work. Let’s start with the status of the technology. Can you talk about how to build an objective and transparent assessment of respondent bank risk based on a consistent, mathematically-sound and data-driven approach?
SR: The way we have approached this question is to start with the benchmark. One thing I learned during my time at Goldman was that no one at Goldman cares how much money they make – they only care how much money everyone else makes. The application of the benchmark is really powerful, and provides a basis for determining one’s placement in the market.
So for us, we start with a financial crime risk model akin to credit models. We use that model to give objective values – financial crime risk scores – across the financial institutions within a given network. Call it a financial crime market-to-market. And we use those results to determine the current financial crime risk associated with a particular entity.
From there we move onto applying those scores into a pricing algorithm, but I’ll come back to that in a minute.
Today risk assessment is generally done through a periodic review cycle in most banks. As we show on the left, generally one has a Wolfsberg DDQ and a number of static data points (jurisdiction, UBO, regulator, policies), and we ask a person to do a manual review, lend their perspective and arrive at a risk classification – generally low, medium or high. And if you are like most banks, in the institutional business the risk ratings are heavily skewed towards high.
And even with this process, many banks struggle to manage. The manual nature and volume of requirements can be quite daunting.
But the problem for risk pricing is that most KYC processes are not fit for purpose in determining objective criteria that can be applied to pricing. For one, the assessment criteria need to be transparent to all parties to justify a change in pricing. And all parties need to be able to impact that pricing, or accept it, as the case may be
This process requires a few changes in order to be useful for risk pricing. As you can see on the right, data from all internal sources is enriched with external data in order to create an objective score. Whether this is delivered numerically, ie 75 out of 100, or in a letter form aligned to the credit ratings agencies.
Critically, this scoring must be aligned across the entities doing the pricing and being repriced. To the earlier point, for risk pricing to work it requires a basic level of agreement on both the contributing data and the results.
What we know from our data analysis is that certain data points in correspondent banking are highly correlated to counterparty financial crime risk. That is to say these are the risk characteristics that create acute risk to a correspondent processing a SWIFT message. Some are obvious, for example, breaches of FATF 16 requirements. Others are more specific and data-driven, for example the presence of statistically-significant but anomalous trading partners and corredors.
FM: I would also chime in here. We agree that transparency around the means for repricing is important. Shane spends his days surrounded by data scientists, but we need to make sure that this works in the real world. So that means keeping it simple and not too costly.
Market adoption of risk pricing for financial crime risk requires a shared data set – we have relied heavily on transactional activity we processed. This means the data is shared between correspondent and respondent, and visible to all parties.
SR: And in the spirit of maintaining simplicity, we have utilised a relatively simple pricing algorithm. Think of it a bit like a financial crime-based version of Black-Scholes, but easier to understand. At the end of the day the bank outlines current pricing and determines a risk appetite threshold. Based on this, the pricing algorithm determined the delta for pricing payments or relationships outside of the risk appetite. Those two factors enable pricing to be standardised yet bespoke to specific banks’ risk appetites. And really simple to implement.
FM: What do you think prevents a bank from pricing risk today based on their own risk assessments?
SR: Well, nothing I suppose. But we don’t see it happening. Our hypothesis is that risk pricing cannot be done unilaterally.
In our view the standardisation of the algorithm across the market is essential to adoption. This is important because functioning markets require a degree of standardisation. But it is also important in order to ensure that there is fairness and comparability within the market.
For example, today we see a divergence in risk assessment between traditional banks and fintechs. The former are aligned to traditional assessment tools, the latter are often not. As a result, we observe a regulatory and commercial bias in favour of fintechs, simply due to a more limited business model. However, our data results demonstrate several vulnerabilities around fintechs which are simply ignored in all of the excitement. Poor corporate governance, strategic pivots and rapid release of new products all increase financial crime risk, but have not generally been a focus of existing due diligence which was built by and for traditional banks.
FM: So are you saying that fintechs are higher risk than banks?
SR: Not necessarily. What I am saying is that we need to rely on the data to lead us to a conclusion on financial crime risk levels, and to the appropriate pricing. Some banks present very little financial crime risk and some present quite a lot. The same is true for fintechs. But in order to credibly price this risk, we absolutely need comparability across the market. Which brings us full circle back to the benchmark.
FM: We have talked a lot about “the data,” but I think we should talk a bit about what data is needed to reliably assess a counterparty relationship. Unlike technology companies, banks operate in complicated data environments. It can be challenging to get access to data.
SR: Well, when it comes to data one must always take the view that “the perfect cannot be the enemy of the good.” One can model for pricing purposes on as much or as little data as is available. That said, the most critical data set in risk pricing is transaction data from SWIFT, and is generally also the easiest data set to get.
FM: Let’s turn a bit more to the specifics. Can you describe how a risk scoring system will help to fight money laundering and financial crime?
SR: Well, at a philosophical level I can say we have several thousand years of market experience showing us that the best way to manage risk is to price it correctly. This applies across the board. The closer we come to allocating the cost of financial crime risk to the point of its origin, the less risk there will be.
FM: That’s hardly specific. Can you focus on the work Elucidate and Standard Chartered have done together, and how that work is creating a broader framework for the market?
SR: Sure. With Standard Chartered we have worked together with several functions in the banks to bring together a broad data set, and primarily data derived from SWIFT messages, enrich the data and process it through the risk model and pricing algorithm. This was done across a broad range of counterparties. This has enabled Standard Chartered to establish a set of risk metrics upon which to work through revised pricing.
In the visual one can see the actual user interface on the right, providing a heatmap with clear risk scores updated automatically at regular intervals. These metrics are visible within Standard Chartered, and will also be made visible to their respondents.
FM: I think this is an important point here. We did not fundamentally pursue financial crime risk pricing in order to increase revenue. Rather, we see this as an opportunity to have a correct risk appetite approach in relation to financial crime. The intention is to reduce the likelihood of Standard Chartered receiving and processing high risk payments, or payments on behalf of high risk customers. This interface will ensure that all parties are operating from the same set of facts.
SR: Key to this, though, is a move away from manual and bespoke assessment of financial crime risk. Today, payments and trade operate at machine speed. Financial crime risk functions operate at human speed. For risk pricing to work, the risk processes also need to operate at machine speed.
FM: We also see financial crime risk pricing as a tool to change the commercial calculations within correspondent banking. By deploying data analysis at scale for preliminary and ongoing risk analysis, we can lower respondent acquisition and maintenance costs to a point that more commercial relationships are commercially feasible.
So that means pushing back against the contraction in correspondent banking that we have seen in the past decade or so. What do you view as some other impacts on correspondent banking?
SR: We actually see this as a great opportunity to move the market towards a risk reward pricing concept for international payments, rather than a traditional volume-based approach. This has multiple benefits, including reducing financial crime risk across the system. Also importantly, it creates a fairer market for banks seeking to enforce strong standards, and ultimately for the corporate and retail clients they serve.
If we think about a path towards frictionless payments in a cross-border context, we absolutely must have a market-based mechanism in place for ensuring trust, confidence and high standards. If the past 20 years has taught us anything, it is that we cannot sit back and rely on regulators, exclusively, to play that role.
FM: I suppose I would just add that we see the potential here to reduce marginal cost of payments, particularly for strongly performing respondents, by deploying a bonus-malus arrangement. We see this as impacting both the strategic and operational relationships between banks.
And the cost of implementing risk pricing pales in comparison to the benefits, generally less than the cost of one FTE.
In closing. Many thanks to everyone for your attention to the subject. Standard Chartered and Elucidate have worked together to implement financial crime risk pricing, but we look forward to the engagement of all you in seeing it gain traction in the market and, ultimately, serve as the basis for positive transformation within the banks and within society as a whole.