CEOs at banks and fintechs often equate financial crime with fraud. Fraud hits the bottom line and can kill a business in its infancy, so it’s no surprise that it’s top of mind.
Other elements of financial crime - trying to stop money laundering and terrorist financing, and identifying PEPs and sanctioned persons - are seen as tick box requirements. Everyone knows that you can’t get it 100% right, so you just hire some people and buy some technology, and then focus on the revenue-generating parts of the business, right?!
I think Alison Rose would say “wrong”.
In 2021, Natwest were fined £264.8m for anti-money laundering failures, despite having spent £700 million in the last five years on new technology. They plan to spend over £1 billion more to further strengthen financial crime controls in the next five years, and more than 8% of its entire workforce are focussed on financial crime.
I also think Christian Sewing would say “wrong”.
Deutsche Bank were fined, for various different financial crime failings, $130m in 2021, $150m in 2020 and $425m in 2017. Again, this was after spending almost $1 billion to improve its training and controls and expand its anti-financial crime team to more than 1,500 people.
Financial crime is a CEO issue, and these are the reasons why.
As a CEO of a fintech or bank, you have 3 main priorities:
- Making sure there is money in the bank,
- Setting the company’s overall direction, and
- Defining the culture.
Making Sure There Is Money in the Bank
Initially through fundraising, and later through a focus on unit economics, revenue generation and profitability, the number one priority for any CEO is making sure there is enough money in the bank to serve customers and pay employees.
A CEO’s lack of attention to financial crime can destroy a bank or fintech’s financial situation in these 4 ways.
As mentioned above, fraud is usually the area of financial crime that CEOs do think about. It hits the bottom line, and if customers are being defrauded, it can be a noisy and very public issue.
Fraud is a serious and growing issue. According to data from Aite-Novarica Group, fintechs have an average fraud rate of roughly 0.30%, which is 3x that of traditional debit cards. According to Juniper Research, merchant losses to online payment fraud are expected to hit $206 billion cumulatively between 2021 and 2025, and in 2020, identity fraud alone caused $56 billion in losses across all U.S. financial services firms. Ignore fraud, and you’ll very quickly have no money in the bank.
You might be tempted, as an early stage fintech CEO, to think you can hire a Head of Compliance and be done with financial crime. Unfortunately, a lot of financial crime work still scales with customer growth, so financial crime and compliance team growth needs to be baked into unit economic calculations.
Some examples of work that scales with customers are:
- PEP and sanctions hits that need review by a human. Simply onboarding more customers will generate more potential matches, and the only way to determine if your customer is a PEP or sanctioned person is through human review. Vendors like ComplyAdvantage, Alloy, and RDC help improve efficiency, but they cannot remove the requirement for human review.
- Investigating suspicious activity. The more customers you have, the more suspicious activity you are likely to see. A human needs to reviews suspicious activity to make a decision on whether to submit a Suspicious Activity Report. Vendors like Lucinity and Salv can improve your transaction monitoring false positive rates, and case management solutions like Hummingbird can improve efficiency of reviews, but human review is still required.
- Assurance and oversight reviews. The requirement to independently test whether controls are working is handled almost entirely manually, and dip sampling of accounts has to scale with the number of customers. Vendors like Cable can remove almost all of this manual work, but human analysis of results is required.
It is hard to find a bank or established fintech without at least 1 ongoing remediation project to fix a financial crime issue. Unfortunately, because of the antiquated way that assurance is carried out, such issues are usually discovered many months after they first occurred. Fully fixing these issues requires months of operational work, and usually involves new technology being bought to supplement inadequate systems.
Remediation projects can cost hundreds of thousands of dollars for fintechs with a few million customers, and if accompanied by a regulatory fine, the remediation process can cost triple or quadruple any fine given by regulators. Fortunately, new technology like Cable can help eliminate remediation projects, but this requires you to have forethought in setting up your financial crime program before issues occur.
Our analysis of fines given by U.S. and UK regulators found that nearly $2 billion worth were given in 2021. The largest fines were given to well established banks, such as Natwest, who were fined £265m, and Capital One, who were fined $390m.
Amongst challenger banks and fintechs, there can be a tendency to think that fines at these levels are only imposed on large banks. But although there is a legal onus on regulators to take a proportionate approach, that doesn’t mean that younger firms are immune to significant regulatory fines, especially as such firms grow and gain more regulatory attention. Indeed in 2021 alone, Bitmex were fined $100 million and N26 were fined €4.25 million. These are expected to be the first of many more fines to hit challenger banks and fintechs in the coming years.
We’ve written in more detail about the heavy cost of ignoring financial crime previously.
Setting the Company’s Overall Direction
As CEO, you’ll be integral to decisions such as whether your company gets a regulatory licence or instead works with a sponsor bank, what segment of customers you serve, and what products you build. These are some of the most fun decisions a CEO can make!
But all of them can be taken out of your hands through a lack of attention to financial crime issues.
Whether you are directly regulated or working with a sponsor bank, releasing new products will be dependent on you evidencing that you have sufficient financial crime controls in place, and importantly, demonstrating that you maintain those controls as customer numbers grow. If you fail to do this, the regulators or your sponsor bank can prohibit you from launching new products.
Alternatively, you might be forced to exit a certain business line if your controls are insufficient to manage your financial crime risks and compliance obligations. For example, in the U.S., Capital One had numerous financial crime regulatory breaches in its check cashing business unit and ultimately made the decision to exit the business line, in addition to being fined as mentioned above.
Enforced Slow Growth
Similarly, regulators and sponsor banks can put limits on the number of new customers you can onboard, or restrict certain types of activities or investments. In the U.S., serious AML deficiencies at banks may lead regulators to impose corrective actions or even downgrade banks’ safety and soundness ratings. This can divert banks’ attention to remediation projects and away from growth efforts, or limit their ability to engage in certain expansion activities.
If your financial crime controls are not being implemented and maintained, and you cannot evidence appropriate oversight and assurance, that hockey stick growth you are chasing may be impossible.
Prohibition on New Customers
And finally, if your financial crime controls are not deemed to be adequate, regulators and sponsor banks have the power to force you to turn off customer growth entirely.
Defining the Culture
How a CEO acts and communicates sets the culture for the entire company. A good culture takes effort, proactive measures, and years to build, but it can be destroyed in the blink of an eye. A poor culture is hard to change, and the reputational damage can last years.
Avoiding negative news about financial crime failings is more important than ever. For consumers to move their entire money management to a new product, they have to trust that their money will be safe. When customers google any bank or fintech name, and “fraud”, they can find endless articles about scams that are being run through those companies. It’s been well documented that fintechs are struggling with fraud, it’s unclear if HSBC will ever shake off its reputation as the Cartel Bank, and the tone set by management at Wells Fargo cost them $3 billion.
Regardless of how much effort you put into building a good culture, if as CEO you place too much emphasis on growth at all costs, wilfully ignore regulatory requirements, or ignore the compliance and financial crime experts that you have hired and who have the company’s best interests at heart, your culture will be set for you on a path toward very unpleasant outcomes.
As CEO, getting money in the bank, setting company direction, and defining the culture are your main jobs to be done, but ignoring financial crime can take all 3 of these out of your hands. That is why financial crime is a CEO issue.
The good news is that by properly committing to and making the right investments in financial crime compliance, your program can also be a growth enabler and help you succeed in all 3 of your priorities.
If you can evidence your financial crime compliance, hire the right people, and avoid high fraud losses, remediation projects, and fines, then your regulators and sponsor banks will sit back and smile at your hockey stick growth.
It’s your choice.