Financial Crime Risk Assessment − There is a smarter way!

15/04/24 | Khanh Nguyen

Financial Crime Risk Assessment − There is a smarter way!

It’s time to take financial crime risk assessment to the next level and overcome the limitations of the traditional approaches. Let’s unleash the potential of advanced technology to transform the efficiency and effectiveness of our financial crime prevention strategies. 

In today's digital age, relying on basic tools such as Microsoft Excel and Microsoft Word* to perform financial crime risk assessments in banking and other financial services has major drawbacks. These old-fashioned ways are widely recognised for their ease of use; however, they lack efficiency and effectiveness, the ability to manage all your data in one place, and better security. The main problems are:

👉 Not automated, not efficient: Excel and Word require a lot of manual work, which leads to more time spent and more opportunities for error. This manual nature makes it difficult to keep data consistent and slows down the aggregation of risk assessment data.

👉 Common mistakes in Excel spreadsheets: The widespread use is often challenged by the fact that Excel spreadsheets are prone to sneaky mistakes. These mistakes, resulting from manual data entry and complex formulas, can significantly affect the reliability of data analysis. Studies and reports, such as Raymond R. Panko’s research on spreadsheet errors, suggest that even experienced users are prone to error, with some studies finding error rates as high as 88% in complex spreadsheets. Coopers and Laybrand, later merged to PwC, reported an error rate of 91% for all spreadsheets with more than 150 rows in 1997; similar to KPMG in 1998. No changes since those times.

👉 Not enough security and control over who has access: The traditional approach with Excel provides minimal support for advanced security protocols such as role-based access controls. This inadequacy puts critical data at risk to potential unauthorised access and compromises data integrity.

👉 No single place for documents or keeping track of changes: Traditional Microsoft Office tools do not effectively support centralised document management, making it hard to make sure that all stakeholders are working with the latest versions of documents. This limitation often results in mix-ups and repeated information. Moreover, it’s nearly impossible to figure out who changed what and which person did the validation. This is especially true for spreadsheet software.

In response to these problems, some organisations have started to use team collaboration software like Microsoft SharePoint. Although these tools offer improvements in document management and version control, it falls short of addressing deeper issues inherent in risk assessment processes. Critical features such as strong security, smooth combining of multiple risk analyses, high-level aggregation, and easy-to-understand reports for different stakeholders are still lacking. And, finally, why should any user experience be missed out these days?

These issues underscore the pressing need for more advanced and all-in-one risk management solutions. These technologies promise not only to address the limitations of traditional tools, but also to significantly enhance the effectiveness and intelligence of the risk management framework.

Regulators across various industries, including finance and healthcare, are increasingly demanding IT systems that ensure data integrity, security, and sticking to strict rules. These systems, often provided as Software as a Service (SaaS), offer security, audit trails, and ways to control who has access that traditional tools lack. The shift towards these systems is driven by the need to keep important information safe, ensure data is handled correctly and comply with laws such as GDPR in the EU and HIPAA in the United States, which require serious steps for protecting data.

But what are some concrete use cases where closed-loop IT systems clearly outperform Excel, Word, or SharePoint?

💡Automating risk assessment: The use case emphasises the automation of the process itself, ingesting data from various sources to facilitate review and updating. It also enables a more flexible and quickly adaptable risk assessment, allowing for changes on the fly based on evolving risk landscapes.

💡Integrating data and keeping risk assessments up to date: Data from external systems (core banking, transaction monitoring, enterprise resource planning, customer relationship management, etc.) can be seamlessly integrated into the process. This can lead to more accurate risk assessments and efficiently managed updates that reflect the latest information without manual re-keying.

💡Using AI: This approach leverages generative AI to pull ideas from regulations, guidance, and consultation documents, providing a more in-depth understanding of the regulatory environment and helping to identify potential risk factors more effectively.

💡Keeping an eye on regulatory changes: The need to monitor regulatory changes is a critical component of risk and compliance management. The ability to quickly modify risk assessments as laws and policies change ensures that the organisation remains compliant and can proactively address emerging risks.

💡Assessing products for risk: By using proven risk assessment methodologies, organisations can effortlessly evaluate individual products or services for potential AFC risk, e.g. AML risks, applying these models for both annual reviews of existing offerings and evaluations of new products launches.

💡Rating the risk of different industries: A structured industry risk evaluation illustrates how different risk factors, such as cash intensity or anonymity level, can be assessed to determine the overall AML risk of operating within specific industries.

Closed-loop IT systems, particularly those offered as Software as a Service (SaaS), provide several advantages when it comes to the points mentioned above. Such systems automate otherwise manual processes, enabling data consistency and rapid aggregation of risk assessments across departments or entities, thereby improving operational efficiency. This streamlined approach saves time and ensures that data is up to date across the organisation, facilitating more coherent and reliable risk management strategies.

The structured nature of these systems minimises the risk of the hidden errors common in spreadsheets by enforcing data integrity checks and providing standardised input forms. The automation of data processing and validation further reduces the likelihood of errors, ensuring that decisions are based on accurate and reliable data. This shift from error-prone manual processes to automated, error-checked procedures marks a substantial improvement in the quality of risk data analysis.

The systems’ robust role-based access controls ensure that sensitive data is only accessible by authorised personnel, significantly improving data security and compliance with regulatory standards. The ability to fine-tune access rights and monitor data access logs protects against data breaches, addressing one of the critical vulnerabilities of traditional Microsoft Office tools.

Centralised data management eliminates the discrepancies and data redundancy often seen with traditional tools. Full version control and records of who did what, makes it easy to track changes, identify who made specific updates, and ensure that validations are properly documented and traceable. This level of control and traceability is crucial for maintaining data integrity and supporting compliance efforts, especially in environments subject to strict regulatory oversight.

Moving to SaaS platforms offers many organisations greater scalability and cost-effectiveness. Seamless, regular updates ensure that users always have access to the latest features and security enhancements, while suggestions and new ideas from a broad user community improve overall functionality.

There is no doubt at all. In our rapidly changing risk, threat and regulatory environment, technology will play a greater role in enabling smarter, faster and more evidence-based decisions to prevent financial crime.

* Microsoft Excel, Microsoft Word, Microsoft Office and Microsoft SharePoint are registered trademarks of Microsoft Corporation.

 

 

Take Action Now: Empower Your Financial Crime Prevention Strategy with Digital Innovation.

Join our webinar series, 'Mastering Enterprise-Wide Risk Assessment.' We will explore how best to assess risk across the organisation and share innovative strategies, tools, and best practices to transform your approach to risk management. Enhance your skills and protect your enterprise against emerging threats. Also try our other series 'Mastering Compliance Governance in Anti-Financial Crime' to stay ahead in the dynamic field of anti-financial crime.

These webinars will equip you with the knowledge and expertise needed to excel in today's challenging environment. Reserve your spot now and take the first step towards mastering enterprise-wide risk assessment and compliance governance to become a digital anti-financial crime fighter!

 

Back to Blog

Topics: Risk Model, Risk Assessment

Blog Author:Khanh Nguyen

Khanh Nguyen | Lead Business Consultant

Expert for Corporate-Compliance | Compliance Risk Assessments | KYC & Business Partner Compliance | Digitising & Automating Compliance Processes

Key Themes:

• Compliance Management Systems
• Prevention of Terrorist Financing and Sanctions Check
• KYC & Business Partner Compliance
• ESG & German Supply Chain Due Diligence Act
• Anti-Corruption

Industries:

• Banks & Insurance Companies
• Healthcare
• Energy
• Manufacturing