Compliance 3.0 in Action: How Griffin’s MLRO is Redefining the Role of Compliance

Compliance 3.0 in Action: How Griffin’s MLRO is Redefining the Role of Compliance

Over the last few weeks we have explored the emergence of Compliance 3.0, unpacked the new “supply chain of banking”, and examined 4 reasons why companies like Grasshopper Bank, Axiom Bank, Tide and Ramp Network all chose to buy rather than build compliance effectiveness testing.

In this post we talk with Alex Nash, Griffin’s MLRO, about how he is reducing financial crime and encompassing Compliance 3.0 into his anti-financial crime program.

Hi Alex! To kick us off, can you tell us what problem Griffin is trying to solve with it’s Banking-as-a-Service platform?

Typically it takes anywhere from 7 to 12 months for a BaaS platform to onboard a new partner, and it can be extremely difficult for them to even get a bank account. At Griffin, we are offering to do it all for our customers - provide them with bank accounts, onboard their end customers and do the ongoing compliance monitoring. 

We learned very quickly that there is a 100% customer drop-out rate when there's too much friction or pain in the onboarding process, and so we knew we needed to significantly improve and simplify onboarding to make the process fast and easy for customers. That is the genesis behind Griffin and my role is to ensure we can achieve this, while at the same time monitoring and validating onboarding measures just as quickly.

Why is fighting financial crime so important to you personally?

I find it very rewarding to catch criminals who are doing harm. I like the challenge of piecing together how a crime was committed from the digital breadcrumbs left behind. Most people talk about fraud in terms of numbers and dollars, but they forget the real people behind those stats whose lives are hugely impacted by being defrauded.

What approaches does Griffin take towards financial crime compliance and risk management?

My main belief is that you need technology involved in the journey. A multi-faceted approach works best, where you use multiple data sources to verify and validate customer data. At the same time, AI is great, but you don’t want a system making the decisions for you. Humans have empathy but AI does not, and we always aim to have an element of empathy built in to what we are doing. 

I also believe that it is very rare for dip-sampling of accounts or transactions, in order to test controls, to identify any issues. Technology like Cable is essential for compliance professionals like myself, as they allow you to monitor 100% of customer activity in an automated way and can tell you when something is potentially wrong early on, which means issues can be dealt with faster. 

I personally think of technology as a way to enhance and enable human intelligence. For me, Cable enhances the compliance officers role, it doesn’t replace it.

What does “Compliant” mean to you?

Compliance should be an embedded culture, not just a check-the-box activity. 

Others are the innovators, and they bring new and exciting products and services to market. Compliance is here to help and to make it happen. If we do that properly, not only can we build a successful company but make a difference and improve the financial services industry as we go.

How has partnering with Cable advanced your risk & compliance objectives?

I had previously built an internal monitoring tool, and I saw Cable as an advanced version that could save massive time and budget. I also 100% share the vision! 

Without Cable, compliance professionals would have to track everything manually across documents and spreadsheets. What you would inevitably end up with is customization on a customer-by-customer basis, with no consistency or ability to compare risk levels. What Cable brings is streamlined, automated monitoring that surfaces information in a consistent, comparative way. 

Regulators like the Financial Conduct Authority like automation, but what they value most is consistency. To achieve consistency you need to understand the systems you use. Platforms like Cable seamlessly connect systems and data, providing a centralized and single view across a compliance stack, which makes it easy to consistently understand how controls are working, across 100% of customers. 

BaaS presents risk that are unique and sometimes unprecedented. How are we going to monitor these unique risks of a downstream partner? Short of going in and doing a dip-test of all of your clients every single month, there is no better solution than automated assurance. 

What advice, insights or cautionary tales would you give to your peers?

My number one piece of advice - don't listen to people! Go directly to the guidance documentation itself. It's all there in black and white, albeit open to your own interpretation and risk appetite.

A huge pitfall I see teams run into again and again is relying on the justification of "this is how we've always done things." Financial criminals are incredibly sophisticated nowadays - they know how things have been done historically and work hard to exploit any legacy gaps. 

With financial crime, standing still means falling behind, so we have to keep innovating.

What exciting projects or goals is Griffin currently focused on?

I am most excited about getting Transaction Assurance live in Cable! Having the oversight of our compliance with the requirements around transactions, including whether our transaction monitoring is effective, is really exciting.

Powered by Ghost