How do you go about implementing an effective and bespoke RBA, whilst living up to the aim and philosophy of the FIC Amendment Act?
The leap from the theory to the implementation of a Risk Based Approach (RBA) requires a significant amount of preparation, courage, time, discipline and in-depth financial crime insight. The complexities associated with the development of a “fit for purpose” RBA that address most, if not all, the impediments mentioned in this article, are often underestimated by most Accountable Institutions (AIs). The RBA is certainly not a newcomer to our regulatory landscape. It has been around for the past 20+ years, yet the skill to apply it successfully to achieve an effective and sustainable control environment, based on proportionate risk, still seems to be under-developed and misunderstood in many organisations. It is evident by the increase in the frequency and extent of the administrative penalties being issued by our Regulators – with the most recent penalties being issued to China Construction Bank Corporation and VBS Bank to the total value of R77.5m for the year 2017, as reported by Fin24 on 29/05/2018.
The Problem we aim to solve...
Regulators, Investors and Executive Management continue to raise concerns over the failure to implement a sustainable, relevant (fit-for-purpose), well governed and cost-effective control environment. Most AIs seem to be stuck in an everlasting compliance implementation and/or remediation phase, with a financial return like that of a wishing-well. The technology revolution and disruptions currently making headway across the globe, with bleeding-edge innovation being on the receiving end of perpetual funding and attention from all, are not only transforming our market and industry landscape, but are also changing regulatory and customer expectations. Furthermore, it is opening a new world of opportunities to financial crime perpetrators which is unnerving and almost impossible for organisations to stay abreast of. Sophisticated financial crime modus operandi’s and increased regulatory scrutiny in this ever-changing transformed landscape, drives the need for more digitised solutions, consisting of fail-proof risk algorithms, end-to-end automated controls and processes, thereby eradicating control failures and curbing opportunities to commit financial crime.
In Part I of this series of articles Risk Based Approach: Is less the new more?, the conclusion was whether it is possible to implement a risk-based control environment, which can respond to new threats instantaneously, ensure consistent responses to all threats and congruent application of the required controls throughout the business, whilst dealing with all change management challenges associated with process or control changes in a seamless and cost-effective manner. The below indicates that all is not lost – it is indeed possible.
High-level synopsis of the impediments faced with when formulating a RBA
As mentioned in Parts I and II of this series of articles, there are various impediments AI’s face in an attempt to formulate a “fit for purpose”, risk-proportionate and agile RBA. The above problem statement coincides with the following key impediments, to mention but a few, which are key factors for a successful RBA:
Over and above the key internal impediments mentioned above, there are many other internal and external factors which impact and influence an organisations’ performance, which should be considered during the design of new or altering of existing organisational practices, of which some are depicted in the below graphic.
A successful RBA will hinge on the ability of AIs to balance regulatory obligations with the need for innovation, and to implement a fluid, cost effective and risk-proportionate control environment, allowing for greater levels of agility to respond to industry threats instantly. As covered in the preceding articles of this series, an RBA and in fact all components of an AI’s RMCP are continuous and evolving, which need to remain in-sync with the business. Hence the need for any regulatory compliance solution/controls to form part of an AI’s DNA, thereby being integrated with the business systems/processes, empowering unified business practices where business and compliance operate as one. As the business develop and grow on a daily basis, so does the compliance capability, assuring that these functions remain in-sync and unified. Stand-alone compliance requirements or logs are often over-looked and neglected during client engagements or other related business activities, resulting in non-compliance. It is imperative for compliance functions to join forces with the business in defining end-to-end business practices that not only meet regulatory requirements but focus on unlocking efficiencies and effective practices across the business, resulting in lucrative products and services, leaving customers delighted at the end of each engagement.
Compliance and customer experience, both crucial and complicated in nature, are made simple by Monivation - through the development of “The Digital Compliance Officer” – an Intelligence Augmentation (IA) solution consisting of various unique business and regulatory compliance virtual advisors, providing real-time, step-by-step business and regulatory guidance to sales, call-centre and operational staff - allowing for consistent application of all processes, resulting in comparable client experiences and avoiding non-compliance and future remedial efforts across the business.
The Monivation IA solution has a centralised RMCP, consisting of: the AI’s Financial Crime Risk Assessment (FCRA) results, RBA in relation to customer due diligence measures, the end-to-end control environment, policies, standards, operational processes, risk models, methodologies and frameworks. The RMCP gets configured and maintained centrally, and is both agile and fluid in its nature, as it forms part of the AI’s corporate DNA, allowing for changes to be applied instantaneously as new threats and risks are identified, business processes get updated, and financial crime methodologies evolve. Changes to the centralised RMCP (business rules) engine are instantly available to all users, with step-by-step guidance, resulting in a significant reduction of change management interventions ordinarily required.
The complicated concepts of RBA and RMCP are made easy through its seamless automation and integration in an effective manner, being adaptable to the circumstances at any point in time – and of course – implementing controls proportionate to the AI’s financial crime risk exposure at a particular point in time, keeping a documented audit trail during the entire process.
The FIC Amendment Act 2017 is not only the result of South Africa’s pursuit to be aligned to international financial crime regulations and expectations, but also to introduce regulation which is customer-centric, sustainable and fit for purpose, echoing South Africa’s commitment in the fight against money laundering, terrorist financing and related activities. It is important for South Africa to regain a positive regulatory demeanour, and the enactment of the FIC Amendment Act 2017 has put South Africa in good standing, partly contributing to the positive uptake in foreign investor confidence. Instead of forming a united front in the fight against financial crime, several AIs are slow to adopt the change the FIC Amendment Act intended to bring about. Their business environments tend to become lethargic due to it being over-controlled with unnecessary, expensive and rigid controls, hindering creativity and innovation, whilst crippling business opportunities and customer satisfaction – as if a “risk-based” environment is too risky – being rather “safe than sorry”, not reaping the benefits the Amendment Act introduced. AIs cannot control the demand for compliance, but they can optimise the effectiveness and efficiency of their reaction.
Our professional services-team has in-depth knowledge of the financial services industry’s regulatory landscape, while the regulatory compliance virtual advisors’ developers are ambassadors in cutting edge technology through Intelligence Augmentation (IA). The team provides practical and fit for purpose solutions that help clients to manage the cost of compliance and navigate the regulatory landscape. We are a team of specialists - individuals with a singular drive for exceptional delivery. For assistance in becoming regulatory compliant, either through the use of our consulting services and/or technology solution.
Article written by:
ESME' MODYCo-Founder & Chief Digital Officer