The global disruption brought on by COVID-19 has exposed new cracks in banks’ security foundations. As the initial shock subsides, and financial institutions shift their focus from business continuity back to growth again, they must firm up their defenses to better protect themselves against new vulnerabilities.
An altered risk landscape
For financial institutions, 2020 has significantly changed the risk landscape.
Governments and private institutions have had to divert resources to fight the pandemic, impeding their ability to meet anti-money laundering (AML) and counter-terrorist-financing obligations.
Market volatility, increased trading volumes, and the need for testing, cures, and vaccines have heightened the risks of insider trading and coronavirus scams.
A global pivot to full-time remote work has spurred new challenges for regulatory compliance, data management, and business continuity. As a result, banks have seen an increase in ransomware, malware, and phishing attacks on corporate systems as they rushed to add unmanaged personal devices and surge capacity to company networks without adequate security protocols.
And the speed, volume, and variety of applicants to government relief programs around the world have placed undue pressure on banks’ know-your-customer (KYC) and AML procedures. For example, US-based Sonabank experienced a 33% increase in overall loan volumes in just four months as a result of the Paycheck Protection Program.
Banks are under tremendous pressure to identify financial crime and fraud, and they’re experiencing more frustration than ever with high levels of false positives and KYC backlogs. Financial crime is up. But, despite the volume, fighting it can sometimes feel like looking for a needle in a haystack.
Navigating towards growth again
Understandably, banks are eager to shift away from business continuity and back to growth. Recent conversations we’ve had with banking leaders suggest that they are untroubled by the idea of redirecting budget from other areas, including pandemic preparedness, towards digitization. These conversations also suggest that they understand the urgent need to invest in advanced technologies to drive growth.
This is for two reasons. First, more digitally mature banks generally fared better over lockdown. And second, banks’ future revenue streams will increasingly be based on hyper personalization of financial products and services enabled by digital technologies – a trend that Genpact’s recent study, Banking in the Age of Instinct calls out for additional investment.
In particular, the journey to the cloud, artificial intelligence-based analytics, and business-process automation have all taken on increased importance in this respect.
Migration to the cloud is certainly top of mind for financial services companies. Steven D’Alfonso, research director, compliance, fraud and risk analytics strategies at IDC, says that “Reassessing the business model is a top priority for banks right now.” Early on in the pandemic, IDC had predicted that annual cloud-based digital transformation investments would amount to $3 billion plus by 2023. “Since then,” says D’Alfonso, “we’ve been conducting bi-weekly surveys on IT investments, which suggest that this figure will increase dramatically. There’s been a massive shift to investment in cloud technologies since the start of the pandemic.”
Similarly, banks have seen that adopting AI-based analytics to connect to new internal and external data sources provides deeper insights and drives greater resilience. These technologies will also enhance anti-fraud and AML outcomes, for example, by enabling better prioritization and triaging of financial crime alerts.
And more than half of the banks we talk to have made automating business processes a top priority – not as a way to reduce staff, but as a lever to create business differentiation by boosting efficiency and optimizing resources. These investments will move banks from the new normal to the growth path – and this includes auto intelligent financial crime risk management (FCRM), which is characterized by high automation.
The evolving role of regulators
Banks need to up their FCRM game to do more than just protect their bottom lines.
Early on in the response to COVID-19, regulators granted exam reprieves, ran off-site inspections, and extended remediation deadlines. But this has largely come to an end. Regulators seem to be in a different phase now, and they are starting to impose more fines again.
They have also moved from encouraging innovation in the FCRM space, to expecting it. And they’re increasingly harnessing the power of digital to develop new methods of forensic analysis and surveillance. For example:
- In the US, the Financial Crimes Enforcement Network uses AI system that links and evaluates reports of large cash transactions to identify potential money laundering.
- The Australian Transaction Reports and Analysis Centre is working with RMIT University researchers and artificial-intelligence scientists to develop machine-learning tools to study transaction flows, pick up anomalies, and raise alarms.
Meanwhile, from November 2020, successful applicants to a pilot program launched by The UK Financial Conduct Authority have access to a digital sandbox. In the sandbox, they can use advanced technologies to address pandemic-related issues, including small-business lending fraud prevention and risk mitigation for vulnerable customers.
New ways to find funding
How will banks fund these digital transformation projects, which will enable innovation in FCRM? The good news is that the current situation provides banks with a greater opportunity than before to free up resources and capital for reinvestment in digital transformation.
After all, adoption of digital self-service among consumers has skyrocketed. The virtualization of work, which is here to stay, allows banks to realize savings on fixed costs, such as real estate. And business travel has slowed – first as a result of shutdowns, and now as videoconferencing has become the new normal – which has led to a reduction in banks’ travel costs.
Banks can reinvest these net new savings and productivity gains in critical areas – including further digital transformation – to help them increase their resilience and grow.
Acting on lessons learned
A dash to digitally powered, highly individualized experiences must take into account banks’ lessons learned.
As such, some of the investment that banks are pouring into cloud, AI-based analytics, and automation should specifically be directed to developing FCRM solutions that address new threats.
The lift-and-shift approach banks took to graft existing FCRM procedures onto their response to the pandemic – an entirely new situation – was barely sufficient for disaster-recovery mode.
To succeed in the long term, banks will have to come up with a stronger game plan. This must include FCRM advances such as digital identification, intelligent-transaction monitoring, and cloud-based compliance solutions to provide scalability, resilience, and agility.
Preparing for the new reality
To prepare for the new reality that COVID-19 has ushered in, banks will need to direct some of their investment towards solutions in FCRM. And they will need to get ready for regulators to pursue their investigations with their own digital tools.
There is no doubt that the threat landscape has changed, and banks are uncertain about what the coming months will bring. But the need to transform and grow will not change. In fact, the pandemic has only accelerated the drive to achieve these goals and made transformation and growth a strategic imperative.
In their push to move past COVID-19, banks must not forget the lessons they’ve learned so far. The future of banking is digital, and that must include FCRM.