Siddhant Sahai says a greater focus on inter-bank relationship monitoring and timely sharing of information are needed to truly address financial crime risks.
Siddhant Sahai, Asia Pacific Director for Anti-financial Crime Testing & Quality Assurance at Deutsche Bank, sat down with Regulation Asia to discuss financial crime risks and priorities, highlighting the need for greater collaboration and technology interventions to address the threat.
The below interview was published as part of a research report exploring how FIs are leveraging technology to enhance financial crime risk management. The full report is available for download here.
Regulation Asia: How have you seen the financial crime landscape change in the last 18 months as the world has increasingly gone digital?
Sahai: In the last 18 months, the rapid adoption of technology by banks to go digital in everything that we do has challenged the traditional way in which we look at financial crime. In particular, the use of data analytics and other technologies in financial crime risk management has been on the rise and this will likely expand further in 2022.
For example, trade-based money laundering (TBML) is prone to fraud and money laundering and naturally a key area of concern for regulators, particularly given the increase in global trade volumes. The ability to use technologies such as blockchain to address some of the challenges with trade-related transactions changes the game.
Then there are areas like KYC, which has progressed to e-KYC with increasing use of digital IDs. In a remote working environment, banks must evolve their processes to ensure there are no fake IDs, there is no element of fraud, and that they are collecting the necessary information from clients and performing the right level of due diligence.
Regulation Asia: Is fraud an area that you are concerned with?
Sahai: Fraud is omnipresent. It may be a risk type within financial crime or within operational risk at some banks, but the fact is that it cuts across everything. We’re increasingly seeing the fraud function converge with areas like cyber risk and AML as there are overlaps.
In each of our reviews – whether it’s transaction monitoring, sanctions screening, or bribery and corruption – the fact is that fraud risk is present across all these areas. So, we spend a lot of time testing against various fraud scenarios to make sure we provide assurance on areas where frauds could occur, and that anti-fraud controls can be put in place.
Regulation Asia: What are the key challenges the industry faces when it comes to customer due diligence?
Sahai: In today’s competitive environment with neo-banks, fintechs, etc. you must perform KYC faster to serve clients and remain competitive. At the same time, you often need some confirmation from the first line or more time to reach a certain depth of detail in your customer due diligence. This conflict can make it difficult to always obtain a full view of a client.
When it comes to due diligence, especially when it comes to the wealth management/high net-worth segment, one of the biggest problems is in identifying beneficial ownership. Some of the corporate structures in place are specifically designed to hide the ownership. And frankly speaking, action around this globally across the industry needs to improve substantially.
Even in places where you are able to obtain data from a registry, often that information is limited or of low quality. Some jurisdictions are also planning to impose stricter restrictions on the data that can be accessed, in the name of privacy, which is contrary to the whole idea of transparency.
We need to have beneficial ownership registries that are open and transparent. But I think this will take some time to resolve, because jurisdictions are varying in their approaches and there is strong resistance in some countries.
Regulation Asia: What do you see as the main business and technology priority areas for banks when it comes to addressing financial crime risks. How will this evolve in the years to come?
Sahai: Naturally the first priorities for banks will be to comply with regulatory requirements. This is why you see many banks using technology or updating their systems in areas such as transaction monitoring, sanctions screening, KYC compliance – areas where the appetite for risk is zero. For example, you can’t have a sanctions impact, otherwise your bank will be in the news and the organisation’s reputation and business can be badly affected.
Besides the regulatory requirements, these are also high cost areas for banks. For example, transaction monitoring comes with a lot of false positives which are a huge manpower cost to remediate. So for example, there is a lot of investment in technology projects around the use of machine learning to try to reduce false positives.
That said, this doesn’t necessarily mean you’re always able to prevent financial crime, even as one is adhering to laws, and applicable regulatory requirements. Areas like cyber, trade, external fraud, anti-bribery, virtual assets – these are areas where I expect the focus to be in the years to come to truly address financial crime risks.
Regulation Asia: What would you like to see from the industry to – as you put it – truly address financial crime risks?
Sahai: I feel there is not enough focus on inter-bank relationship monitoring. Even if you detect certain risks and you offboard a customer, they could go to another bank or non-banking institution and find other ways around the system.
As we know, bad actors can be very creative and are only getting more innovative. Through the pandemic we’ve seen an increase in wildlife trafficking, drug trafficking, fake charities, investment scams – this is all happening through online mechanisms. And as more people adopt digital technology the risks increase.
We need to ensure that the collaboration between governments, FIUs, banks – and countries between themselves – have open, transparent and timely sharing of information in order to genuinely be able to prevent crime. This is an area where I think technology systems designed specifically for collaboration need to come in.
Regulation Asia: Where do you see the industry heading from a technology perspective? Where are banks investing?
Sahai: Most banks start off using Robotics Process Automation (RPA), such as for KYC. This is the lowest hanging fruit. The more complex would be technologies like network and graph analytics, where you start identifying patterns between customers and transactions and making use of scenarios for analysis.
Somewhere in the middle is the use of AI and machine learning – this is where I see most banks investing, particularly for transaction monitoring and screening, to reduce the number of false positives that have to be manually remediated. Banks want to use machines to handle low value alerts, so that humans with more specialist expertise are free to handle high value alerts.
Ultimately this helps banks get faster and better focus on the quality of intelligence, which can lead to more worthwhile investigations and higher quality SARs [suspicious activity reports] – which is a key factor for regulators and law enforcement to be able to criminally prosecute bad actors.
A point worth mentioning is that a lot of these technology interventions rely on the bank’s quality of data, and the flow of data from disparate systems – because if your data is not correct, then your monitoring will be flawed. Data management continues to be a top risk for any bank, that’s why you see these massive projects around data across the industry.
That said, I think there is a broad recognition by the industry that data and technology, including the interface and controls between systems, are absolutely critical to get right, because this feeds into a bank’s downstream activities. These kinds of changes are already underway, and in this regard the industry seems to be heading in the right direction.
This interview was published as part of a research report exploring how FIs are leveraging technology to enhance financial crime risk management. The full report is available for download here.
Special thanks to Siddhant Sahai for participating in the research. The interview was conducted by Regulation Asia co-founder Bradley Maclean.