Does the rise of crime within FS require a holistic response to risk?
Compliance departments have mushroomed in scale and cost in recent years. In many ways, that’s hardly surprising, given the explosion of digital technology and the growing raft of rules and regulations within the industry. Firms have felt they had no choice but to pour money and headcount at the problem in order to monitor transactions effectively.
Yet, increasingly, those investments are delivering diminishing returns. We’re all too often seeing ill-targeted responses saddled by excessive bureaucracy, with scant mitigation of risk factors – and a major pull on businesses budget and resources.
The crux of the problem is that businesses have tended to ring-fence financial crime as an issue to be treated tactically – whereas the exact opposite should be the case. What’s needed is a strategic approach that
embraces the entire organisation and is smart, innovative and nimble enough to anticipate and mitigate risk.
For many organisations, that spells a profound change in corporate culture, starting with the question: ‘what’s the change I want to make and the behaviour I need to engender?’ It’s all about creating a can-do approach, with the risk function no longer seen as the rear-view mirror trying to increase size of the brakes, but as forward thinking, agile and dynamic enoughto reduce risk and deal with disruption.
The key to embedding that lasting cultural shift? Motivating people in an exciting, positive way. In other words, not focusing purely on remediation and avoiding punitive outcomes, but also on the long term benefits for the company – and on the part these actions play socially and economically in safeguarding the UK from both specific targeted threats such as identity theft and credit card fraud, as well as the broader systemic issues of money laundering and bribery and corruption.
People throughout the organisation need to feel a sense of ownership as well as accountability, via customised training programmes across all levels and areas.
And the same is true of interactions with customers, when it comes to gathering information to meet due diligence requirements. Again, the question should be: ‘how do I motivate the customer to share their documents, seeing it as a natural step, because the right level of trust has been created?’
Equally vital is a coherent sense of everything being seamlessly connected, in terms of data and reporting across the organisation. Again, everything starts with an assessment of the outcome you are trying to bring about and whether that needs a different set of metrics in place.
As part of that, reporting lines need to be clear and transparent. And the right balance needs to be in place between the capabilities of the three lines of defence in your business. The best examples are where businesses have a very capable first line of defence, which understand the risks and manage them effectively, backed up by an expert second line.
Digital innovations are enabling businesses to be far faster out of the blocks in their response to risk. Automated tools are helping them navigate the regulatory universe and data analysis and voice recognition are taking on many of the low vital everyday management information tasks – allowing compliance teams to focus on more strategic solutions.
But, again, the key is to ensure the technology is used effectively across the business, owned by different departments rather than the compliance team alone. The whole business needs to understand and be part of the solution. Everyone needs to know what good looks like.
Lead by example. If people throughout an organisation are to truly understand the importance of risk management, the board and senior management need to exemplify that in a highly visible, hands-on way. SMCR has been extended to engender precisely that mentality. Get that right – and employees across the organisation will live and breathe the culture in their day to day roles, alert to threats and ready to flag up risk at the earliest opportunity.
If you’d like to find out more, contact Matt Malone.
© 2020 KPMG LLP, a UK limited liability partnership, and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.