In financial fraud, the breaches come when bank standards are lax.
Australian bank Westpac Banking Corp. may stand as Exhibit A here.
According to a report in ZDNet, Westpac said that “a mix of technology and human error” and “deficient financial crime processes” were behind the financial institution’s (FI’s) lack of compliance with anti-money laundering (AML) regulations.
Regulators in Australia have said the noncompliance has been “systemic” across several occasions, ZDNet reported. As many as 23 million occasions, in fact.
“While the compliance failures were serious, the problems were faults of omission,” CEO Peter King said this month, according to ZDNet. “There was no evidence of intentional wrongdoing.”
The bank stands accused of failing to assess money laundering and terrorism financing risks; regulators said record-keeping was faulty and the company failed to monitor customer due diligence on transactions that may have been tied to child exploitation and endangerment.
As he said, “at the end of the day, as Gordon Gekko said, ‘greed is good.’”
And that guiding principle is what leads fraudsters and bad actors to probe systemic vulnerabilities in banks’ compliance processes.
Westpac said it identified three drivers of compliance failures, ZDNet reported. There was an insufficient understanding of risk; there were “unclear” end-to-end accountabilities for compliance; and there were insufficient resources in place.
For Westpac, Taylor told Webster, the vulnerabilities had been tied to what Taylor termed “a single point of failure in the sense that they tried to circumvent SWIFT” by putting cheaper systems in place.
That tactic — cutting corners and pennies — shows a glaring disconnect in risk management, according to Taylor.
He said banks pay a lot of attention to financial risk, spanning liquidity risk, credit risk and overall exposure to different markets.
“But when it comes to non-financial risk, such as compliance risks or operational risks — that’s a cost,” he said. “It’s expensive to do, and as a result, these risks take away from banks’ profitability.”
All too often, banks have been allocating capital spending to innovation, to making payments and financial services faster, cheaper and ever more digital in a banking landscape that grows more competitive by the day.
Skimp on the compliance efforts and the repercussions can be significant down the line. Taylor noted that Westpac will be on the hook for hundreds of millions of dollars in fines, and the reputational damage will be severe and long lasting.
Crime, At Scale
It’s more urgent than ever that FIs — especially larger ones — take stock of the human and technological risks that lurk within their operations. The great digital leap is giving the bad guys more opportunity than ever to get away with various financial crimes.
“The digital age is here, whether we want it or not,” said Taylor, and it changes the way in which people are doing business, and the ways in which individuals and organizations bank and make payments. It also revolutionized the ways criminals can transfer funds — making it accelerated and scalable.
“As a result, banks really do need to take this part of the business seriously,” he said. “This is not a cost center.”
He added that “a culture of compliance must be instilled in organizations, to protect the firm, their customers and their reputations.”
The pandemic has spurred a number of pivots by fraudsters to exploit the great shift to digital banking. As Taylor told Webster, “the bad guys love a good crisis” and have stepped up phishing attacks. They’ve also found cryptos a good place to hide.
Of these digital coins, he said, “as a means of transferring cash money [anonymously], that’s going to cause a world of pain for a lot of different people. It’s something the regulators are going to have to clamp down on, and it’s something the banks are going to have to manage very, very carefully.”
Yet if banks view compliance with a proactive and ethical mindset — no matter what transactions are being examined, or where — the ripple effects can be positive ones, he said.
Against that backdrop, he said, organizations need to set a strong tone — from the top down — when it comes to risk management. That means identifying appropriate “risk appetite statements” and having the right control infrastructure in place.
The corporate culture itself is a critical component of compliance success, said Taylor. He pointed to Wells Fargo as an example of what can happen when individuals or departments within an FI shrug at regulations and ethical customer service.
“It’s difficult to legislate the individual,” he said — especially those individuals who may be looking to make a quick dollar, cut corners or simply have bad intent.
“It’s not that the bad guys are smarter than us,” he said. “They just don’t follow the rules.”
There’s also a bit of catch-up banks need to play when it comes to technology deployed to address risk and compliance.
For the big banks, he said, up until the last few years, everything was pretty much analog, and systems were primarily rules-based. Those legacy systems and processes still have their place within the bank’s back-office functions.
Fast-forward to the present day, said Taylor, “and all of this is still required. I’m not saying you can just throw it all out, but there have been certain advances in technology over the past few years that can now augment — quite considerably — what’s already going on.”
He noted that finding out who the bank’s customer is on the other side of the transaction has always been a challenge, but biometrics and machine learning technologies have been helpful tools in that endeavor. He said, too, that platforms such as NICE Actimize’s CDD-X integrate structured and unstructured data to get a holistic view of risk.
Advanced technologies, he said, can aid in finding what he termed “the invisible gaps” about would-be customers and beneficial ownership structures, without slowing down the onboarding process. The result: streamlined account openings and transactions, and stickier relationships between FIs and clients.
“If you do compliance right,” Taylor told Webster, “it can actually be a competitive advantage.”