Adapting to a New Era: Architecting a Modern FinCrime Tech Stack
I recently hosted a webinar with two compliance experts; Sheetal Parikh, Deputy Counsel, VP of Compliance at Treasury Prime and Jason Boova, BSA Officer at Grasshopper Bank. During the webinar, titled ‘Adapting to a New Era: Architecting a Modern FinCrime Tech Stack' (you can watch the webinar on demand here), we explored the transformational decade in banking and why the new landscape demands the banking industry move to Compliance 3.0. Here are some of the key takeaways from our conversation.
New supply chain of banking brings more risk
As I touched upon in my last post, the early-2010s marked a pivotal shift in the consumer experience with the advent of challenger banks and fintechs. During our webinar, Sheetal added another critical lens to the evolution of banking: “With the emergence of open banking and rapid acceleration of embedded finance, we have what the OCC would call the supply chain of banking. There's now Fintech, or an embedded Finance company in the middle, and that presents a new level of compliance risk.”
Regulators, such as the OCC, FDIC, Federal Reserve and Department of Justice, acknowledge the complexity this creates. This shift places a greater responsibility on banks involved in these channels to ensure oversight and accountability for their partner programs.
Jason explained how banks are responding. “We see some banks, community banks and smaller banks in particular, that will engage consultants to say, how do we even do this, how do we do banking as a service?”
Yet banks don’t have the luxury of standing still and doing nothing. Of course this new landscape represents a new set of challenges, but the banks who don’t innovate and evolve, face an existential threat. “Some of these community banks. If they don't explore innovation or channels like digital banking, may have a harder time staying relevant in the climate we're in,” Sheetal explained.
Treat your partner programs like ‘digital-age’ branches
One key challenge banks face is diverse data sources from multiple partners. For instance, each partner may store onboarding data separately in different onboarding vendor systems, and transaction monitoring data somewhere else entirely.
In the new bank supply chain, the challenge lies in getting insights across all partners to demonstrate proper compliance controls; this must be powered by visible, centralized and actionable data.
Grasshopper Bank refers to their partners as "branches", which provides a clear analogy to work with. In the Compliance 1.0 world, even if it took some time, data from each branch ended up in the centralized systems. In today's Compliance 3.0 world, that must still be the goal.
Jason shared his views on how Cable is making this possible for Grasshopper Bank, “Cable allows us to gain a transparent view of our partners through a comprehensive dashboard, where we can treat these partners as ‘digital-age’, physical branches. This perspective enables us to analyze partner activities in real-time. For example, we can quickly ascertain the onboarding status of Partner XYZ, identify any exceptions, and perform necessary tests. This contrasts with the traditional approach of waiting 45 to 60 days to detect issues retrospectively”.
The ability to take immediate action based on real-time data allows banks to address issues promptly, rather than waiting months for a retrospective analysis and corrective actions. Real-time and holistic data equips banks to direct partners to resolve issues or provide insights, ensuring a more collaborative and proactive approach to managing partner programs. It’s all about meeting the new standards of regulatory compliance, Sheetal emphasized during the webinar, “regulators are now really interested in how banks leverage data for decision-making”.
Compliance 3.0: Are the controls actually working?
At Cable, we and our customers are seeing a notable shift in banks' growing appetite for data. Initially banks were content with minimal samples of data, but now there’s a clear trend towards a desire for the full "branch level" data. This shift reflects the urgent response needed to evolve to Compliance 3.0, where data utilization and partner program efficacy are essential to demonstrating to the regulator that compliance controls are actually working.
I think Sheetal captures this perfectly. “You have all these different vendors that are doing very distinct things. How do you tie it all together? How do you say to a regulator, we have complete control over this program. And this data. Obviously, we partner with companies like Cable that give banks visibility into whether all the controls are working.”
In the next blog of our Compliance 3.0 series I will provide a structured overview and analysis of how to make the decision; should you build or buy effectiveness testing?