With the growing demands of huge data sets, an everchanging regulatory landscape, and constantly evolving typologies, the challenge of assessing, documenting, and managing financial crime risk has never been greater.
The International Compliance Association (ICA) is a professional membership and awarding body. ICA is the leading global provider of professional, certificated qualifications in anti-money laundering; governance, risk, and compliance; and financial crime prevention. ICA members are recognized globally for their commitment to best compliance practice and an enhanced professional reputation. To find out more, visit the ICA website.
Technological solutions promise to transform business risk assessments. However, companies cannot simply implement a new tech solution and think that’s the end of their risk worries.
So, what factors should you consider when incorporating new technologies into the risk assessment process?
Understand the technology
Risk assessment technology should be treated as what it is: a tool designed to support a well-established and effective risk assessment process and help professionals recognize and minimize the risks their company faces. Technology is not a cure-all fix to problems confronting the business, and it is not a “one-and-done” solution.
To get the most out of any technology, it is important to first and foremost understand what it is, what it does, and how it does it. Ensure all team members who are going to be using the software are properly trained in its use and able to recognize issues if and when they arise. A company could spend a lot of time and money implementing a solution, only for its potential to be wasted if the people using it struggle to understand it and fall back on easier but less effective workarounds.
Know the limits
Part of this is understanding what the technology can and—importantly—cannot do. Every system will have its own strengths and limitations.
Moreover, the adage “garbage in, garbage out” holds true: The effectiveness of any system will depend on the quality of the data fed into it. It is essential to ensure your data is accurate and up to date.
Tyrone Griffiths, industry expert and ICA tutor, explained that even with great tech solutions, if you are feeding them information from legacy software, there’s a chance your time-saving tech might still require the human touch to make sure it correctly pulls through the data you need for checks to run smoothly.
“Some systems don’t talk to other systems, so you’d have to update maybe two or three systems, which requires human intervention. In doing so, there’s a possibility you’re going to miss one of those systems,” he said.
This can mean it might be an absolute necessity to take the time to review and change current ways of working, which might be time consuming in the short term but will make your tech solution far more effective in the long term.
The human factor
Finally, technology should be viewed as a complement to, rather than a substitute for, human expertise. Companies must pair tech solutions with active risk mitigation by their professionals.
It’s hard to overstate the role of horizon scanning in high-quality risk management. Risk assessments are often viewed in hindsight: looking at what challenges affected the business area in the previous year and ensuring those gaps are closed for the future. But Griffiths emphasized businesses that become complacent—for example, assuming the threat is low as long as they are only handling perceived low-risk entities—can find themselves facing serious problems if they turn out to be wrong, such as was seen in the aftermath of the London Interbank Offered Rate (LIBOR) scandal.
“We can’t always look retrospectively. We have to start thinking from a horizon-scanning perspective and start predicting potential risks,” he added.
Indeed, criminality does not stand still. Covid-19 led to an excellent case study in how quickly criminals will take advantage of a change in situation and the need for businesses to respond just as fast, predicting what can go wrong before it does rather than waiting for regulators to tell them what to do after the threat has already been recognized. As Griffiths put it: “Businesses have to start thinking as though they were criminals—start really interrogating their systems and thinking, ‘OK, we offer this product. … How could a potential criminal exploit that product?’ It might not have happened already. But it’s probably going to happen in the future.”
Technology can support businesses in meeting such challenges, but leveraging the best results from software solutions requires a considered approach.
The International Compliance Association is a sister company to Compliance Week. Both organizations are under the umbrella of Wilmington plc.